Yeah smart and polite and professional that guy

I agree, very nice guy and makes for a good "interviewee". Polite and entertaining. =]

Reminds me of my cyber security unit teacher back in the uni, almost the same age, same down to earth friendly vibe, and definitely a professional. makes me seriously consider if i should pursue a career in cyber security.

lol he's a total sock puppet.

guess after 4 years time to buy another pc guess an i 7 with max ram and ssd not pass Bs

I never asked to be brought up in this comment section, thank you...

@Chris *you're

?

cough jayztwocents cough

why would you put RGB onto a PCB with 1 chip? It is that small for serval reasons but most of all to not take up space. IF you wanted to you could buy the TPM module and RGB lights like the ones that flex then use the RGB lighting to go over the TPM module as most if not all of them plug into the motherboard and have very little space between them and the thing the motherboard is on.

@@yumri4 every hardware has to be RGB even comodos why would any one want without RGB. RGB is must, even food has to be in RGB only

@@yumri4 , UM... it was a joke (did you watch the end of the video?). Plus, obviously a TPM module is far too small to put an LED on, nor would there be sufficient space left in a typical ATX case to hold all the photons it would emit.

it would run faster

Linus: "and water cooled!"

You need administrative privileges to get the recovery key. With administrative privileges you can also just dump the decrypted drive. Bitlocker can only do so much, Microsoft should consider that most people don't have any idea of what "yes" on a uac prompt means. Only rootkits are impossible to defend against by the OS itself, that's why secure boot is also a requirement. Without rootkits Windows Defender will always be able to scan the system, if there's malware that's able to exploit some privilege escalation vulnerability, to try to get the bitlocker keys, defender will likely kill it before it runs.

Ever heard of Memory Integrity (HVCI)? Surprise surprise it is only available in processor 8th gen and up using specialised hardware embedded in the CPU. From here you're are intelligent enough about why the 8th gen and up requirement for win11. It not only turns all these security features ON by default but makes it mandatory requirement of the OS. PS: You can simulate software based memory integrity but it really affects system performance by upto 40% depending on memory size and CPU raw power. Definitely not recommended.

@@user-hk3ej4hk7m Look current print spooler exploit. There have been ways to bypass UAC in the past and get an elevated powershell prompt. Not saying more security is bad, just forcing it as a requirement on those of us who know how insecure Windows will always be is a sick joke.

@@rapiddu6482 Thanks both of you for replying. Gave me some things to read up on. techcommunity.microsoft.com/t5/windows-it-pro-blog/comprehensive-protection-for-your-credentials-with-credential/ba-p/765314 (hopefully YT doesn't delete this link) While I agree this is awesome tech; finally plugging the mimikatz hole; I don't see why they are going to make this a hard requirement. What if I don't want the hyperv roles enabled on my system? I've had issues in the past running other hypervisors (Virtualbox / Vmware workstation) while it's enabled. Hope it ends up being enforced on OEM systems, but optional for those of us who are confident in our computing habits.

@@SinisterPuppy and in the end none of it matters when your average luser downloads exe and lets it run as admin anyway

I'm from the future and Windows 11 requires them to install. There are ways around it but it's not very secure.

That didn’t age well lol

This is not true. You can enter BIOS and turn off secure boot again, or to update the allowed keys. The biggest issue would be if your video driver key is not signed or not permitted then you will not have video, but you can use serial potentially.

Bruh fake news much? Sounds like the hackers are hella pissed off their lives are getting 10x harder

If it doesn't recognize a OS and the drive its on. That is because its a OS running on what is called Legacy Bios. Windows 10 at least has a command prompt command that can convert a OS and drive from running on Legacy Bios to UEFI or GPT without harming the OS or drive. Disable secure boot and it should come back up.

There is no panic or rush to upgrade, win 10 will have support for a long time so you dont need to rush out to buy anything. As always wait for other people to test the OS find the bugs and let Microsoft patch them before you make any jump & by then it will be easy to buy a TPM thing.

@@liaminwales WIN10 ends in 2025

depending on if you MB BIOS support the TPM or not.

Your MB

@@jonshadow4052 not only is that a lot of time, but windows 10 wont stop functioning, it just wont be supported with regular updates. OPs motherboard is older than 10 years (15 by 2025) very much in the range to replace/upgrade. Also TPM modules arent hard to get, you can find them between 25-100 bucks. if upgrading a system is too much, a TPM module is not a big deal.

Windows is an option... Linux Mint is a better one

@@markdawson25 Linux is still garbage, and will continue to be compared to Windows or Mac OS no matter how long you Linux fanboys peddle that crap.

bs when you have a 4 year old hp pc i 7 ssd and wont pass bs

13:00 Exactly my thoughts! They'll just say that "MSpass" (see above) is only available to those with TPM 2.0 and SecureBoot.

To be honest it is the lock in for Home users to have a MS account that is a big worry aswell as they seem to be trying to create a walled garden like Apple so you are forced to use the MS Store and be unable to install from anywhere else - Even so much as welcoming Steam and Epic to join the MS Store - LOL that would be the end of their business models if the do that, because MS could sell the same software/games and undercut them because the will already be forcing a levy on them !

That function (internally named CredWriteA and CreadReadA) was added in WIndows XP. You know that little window that pops up when you connect to a \\shared\folder ? Any Windows app can use it. The database is encrypted with your Windows login password. You are correct with the "wait for version 3" because at least originally there was only one database per user, shared across all apps.

@@ssaini5028 I'm too vain for that... I got to have the new shyt 😁 just unwilling to pay inflated GPU prices 🤑 so I'll wait it out and upgrade later.

@@kmcbayne22 You gain nothing from win 11, it's for alder lake and zen 5, aka when big.little comes to town.

Hahhahaahahaha Brilliant comment - best ever !

Use Linux and sign your kernel with your own keys. OEMs are required to provide an option to use custom keys for secure boot. From Linux you can save LUKS keys on the tpm and set it up so that it decrypts the drive automatically.

@@user-hk3ej4hk7m What happens if you get a motherboard failure, can you just move the system to an identical system or is your drive locked to that dead motherboard ?

@@mrtuk4282 Of course you can do that, you only need to keep a backup of the encryption keys somewhere safe. Bitlocker as well gives you the option to store the keys in your microsoft account. It's just part data hygiene

@@user-hk3ej4hk7m well with Home users forced to have a MS account then that makes them all safe then ! But if the m/b fails will putting new m/b allow you to boot up into windows so you can access your ms acc ? Backing up encryption keys sounds interesting for hackers using malware !

but u need secure boot for windows 11, so what am i gonna do? not activate secure boot?

I turn on Windows 10 WHQL Support and Secure Boot. The PC won't boot at all and enter bios (it's UEFI). Windows 11 fucking sucks. I'm on R3 2200G + 1050 Ti. BTW, I recommend PopOS or DeepinOS if you like Mac theme. I'm so fucking moving to Linux.

@@ISCARI0T Secureboot is enabled in the bios. Once your settings are in place, you will boot from a DVD/USB and install windows. If you "have TPM" but no secureboot in your current OS install, you will not be able to just "upgrade" from 10-11 (as it is now). Need to do a clean install from scratch.

@@MrCg006 it says secure boot is disabled in my systeminfo, so i cant install windows 11 if i dont turn it on but if i turn it on i wont be able to boot up to the current windows version and get to use all my data and stuff? did i get that right

@@ISCARI0T yep, Microsoft really used his big brain this time

That's WAAAAAY too simple. Needs to be more complex for more exposure to more people. Remember, bad press is good press. Then they can raise the prices because of the complexity of the situation. Not saying they are doing that but I wouldn't put it past them to do it.

hope they make w11 for everyone

You can turn off updates permanently or until you want it turned on. Turn off the service.

There are other requirements like VBS and HVCI. That's why 6th and 7th series of Intel is not supported. For now.

Typical YT comment section knowledge flexing. It was never presented as unbeatable, but its importance had to be stressed for a chance of ppl actually caring about it.

As somebody that studies cybersecurity, Microsoft TPM feature is more of a power grab then a security function. Yes it will protect from various types of malware, but Microsoft will have more control over your pc and you could lock your self out. Average users don't have to worry as much about security. Databases and servers are more vulnerable to attacks. Users on the other hand should just keep things up to date and use common sense.

@@coolwin7710 - (Sorry, some of this was written for other readers, not you.) Agreed. If it wasn't for Microsoft baking in so much telemetry, trying to lock down the platform (including WHQL requirements for them to make money, not to fully guarantee that the driver is authentic or safe, while ignoring older drivers modified to work on newer OSes or beta drivers that do not have a signature, which you should know the origin of the driver, of course, if running it like that; which I run a self-modified WHQL Nvidia driver which does not pass the driver signature enforcement found in the OS, with my mods cutting out numerous elements like telemetry), etc. Then again, I strip out a lot from my custom Win 10 ent rom, which you have to dance that line between removing the bloat and making it insecure (please, if you are the type to make your own roms, know or read to understand what each component does; I started years ago using Windows tools, now DISM; learn DISM first to understand what and why of the components and how to remove them that way before moving to something like NTLite, which is a GUI front end). As for TPM, to date, I've only used it primarily when using bitlocker for encryption of my drive. Until I know how exactly Microsoft is using TPM, I have some concerns. Is it like the built in Yubikey? Are they using it to lock licenses to registered keys stored in the TPM? Are they creating an encryption key for system files to prevent modification unless present with a password from the user and the TPM while locally present on an elevated credential screen? Until I know why they want it, this really seems like an annoyance and a reason not to upgrade from Windows 10 until I get new systems that need it (like for the scheduler, etc.). (just spitballing different potential uses for the TPM; I do not know what the implementation here is for). But I hear you. How I handle my server is different from my client systems, though.

@@biquiba - So I am not allowed to tell people that the stated reason for using it is illusory at times? I cannot discuss historic events that cut across current narratives the Microsoft is benevolent and that this is "for your safety," which although there may be some safety involved, this comes off more as a power grab, from WHQL certification to all sorts of other things. And let me guess, you love sending all that telemetry back to Microsoft to tell them how you use your computer, too. And that is just so they can better serve you, not to make money. *rolls eyes*

l0l press f2

Nope! You were told right. Guess who controls "digital signatures" and decides what operating systems are "safe" to boot? Interesting that Windows in the most hacked operating system in existence yet it's "digitally signed" as "secure". Yeah right!

as a computer user.....i have no idea how to do that and i am not comfortable doing it. if there was an easy way to make it happen sure. if they wish to require is then they should have a program to do it for me. i know car guys tell me it is easy to change a head gasket....i am not going to try.

Microsoft has Not pulled any requirements, they just took down the checker app

It will release in somewhere near 2022 or even 2023 with very stable business version and the older hardware has big security issues like meltdown that are not publicly talked about . For example if you have laptop with Intel gen 5 processors then you might have a really big security problems cause the cpu doesn't actually support security micro code or specialized hardware built into it . That's the difference between Mac os security and windows . Cause they have simple hardware with limiting time OS update then they built new one . But the other hand Microsoft support of million hardware with billions of combinations to support from business/enterprise and home users at the same time! This is why you will see the obvious BSOD( blue screen of death) a lot in many windows computers and not in Mac or Linux distros! Microsoft understand that it is very hard to support many old hardwares without affecting the os speed or keep it secure ! So they drop support of older hardware to keep the security and performance balanced with new fast and secure hardware !

@@alikarbasian8576 #1) Meltdown doesn't affect my wife's CPU and #2) Specter (and Meltdown) isn't a bad enough exploit to pile up our landfills with millions of perfectly functioning computers. Both Meltdown and Specter are read-only attacks that require you to install compromised software than can easily be mitigated using other methods (microcode updates via OS or BIOS, antivirus software, antimalware software). I would be fine with Windows nagging you to update to secure boot/TPM and requiring it from OEMs, but I'm not in favor of this as a requirement to install. These non-Win11 compliant PCs are going to be an even bigger threat than Specter/Meltdown when bot armies compromise them as MS stops security updates for Win10. I love building myself new computers and I like shiny new technology, but this is a case of the fix having far more negative consequences than the original problem.

@@iguanac6466 Microsoft will fall back and it is the obvious truth but even windows 7 got security update even in 2021 . Microsoft has multiple problems to supporting multiple OS . The thing is Microsoft has right to do it for under gen 4 or 3 Intel CPUs . They are old tech and has big security concerns with more ransomware and boot up attack viruses and malwares . This is covid time and you have right but in normal conditions people should stop using 10 years old cpus ! They were many injection codes that can't be patched or even can't publicly expose . So I think 10 years is a good/fair way to support hardwares or even softwares .

negative, each machine already has a unique identifier independent of TPM. How do you think MS locks win installs to a specific set of hardware?

@Chris Not the OS itself... And ur wrong there too: MacOS and iOS are based on open source linux so...... Anyways, in my OP, I was talking about being able to go to any website, download something, install it and go... Something that can't be done on stock iOS, and the direction that MS wants to go: app store controls everything that you install on your machine. They have mentioned this before....

@Aussie Doomer I have the new 24" m1 imac and its... ARM... Very limited on what I can run. Rosetta helps but only a little. Meh.

Cause the mother board ask the firmware (UEFI) to load the os into the guarded memory then the UEFI ask the OS to introduce and loaded up the hardware Drivers like sound cards or graphic cards or ... If they had been digitally sign ( it's a code that Hardware creator vender should got certificates for it's functionality by OS manufacturer like Microsoft (it's called WHQL)) then windows load it into the memory and tell the UEFI that I know this guy and he has valid ID then UEFi ask the security code for the OS and the OS uses the secure boot protocol and its code to load the windows . And the cool thing is the fast boot is a functionality that let the OS uses the fastest way to load OS files and use the private memory/SSD/IO to load very fast . And if you don't have a valid Driver that not digitally signed the OS will said the UEFI that I Have a driver but actually I don't really guarantee it's identity but I will and can work with it . Then UEFI will reject the driver and the OS will not boot correctly or even it will suspend from booting up . And you may wonder why driver is so important ? Cause they have a root OS access for the specific hardware or software and many hackers uses the fake drivers to load up some nasty malware or ransomware viruses hidden into the codes . You can check your WHQL version and information in dxdiag command in windows search/run.

@Chris I'm on the latest bios and amd chipset drivers.

Exact same thing

Good call.

Well, TPM has nothing to do with boot, so we can keep it out. Secure boot will just check if the os is trusted in the pre-boot step. You boot as always from multiple drive or multiple partitions with a boot manager. And of course you can use the CSM module to boot in legacy os, I think you'll be fine.

TPM 2.0 is not every TPM version

Most laptops have TPM