According to the Microsoft Support website: "Core isolation is a security feature of Microsoft Windows that protects important core processes of Windows from malicious software by isolating them in memory. It does this by running those core processes in a virtualized environment. Memory integrity is one feature of core isolation which regularly verifies the integrity of the code running those core processes in an attempt to prevent any attacks from altering them. We recommend that you leave this setting on, if your system supports it." Cool. Turns out this was added way back in 2017 in Windows 10 build 17093. I ran the Windows Security app on my system and noticed a few things. First, at the bottom it says "Your device meets the requirements for standard hardware security" but this can read "...for enhanced hardware security." In order to be considered enhanced, your system needs to support: Memory Integrity Core Isolation TPM 2.0 Secure boot DEP - Data Execution Prevention UEFI MAT - Unified Extensible Firmware Interface Memory Memory Attributes Table Some of these technologies are quite old and have been in Windows for a while. It's the collection of all them together, working as a team, that enhances your systems security. Virtualization-based Security (VBS) isolates a secure region of memory from the rest of the OS. I started digging to understand what was interesting or unique about my system that was preventing me from turning these new features on. Additionally I wanted to make sure I was ready for Windows 11 whenever it arrives and adds more security features and requirements. Go to the Windows Security app and click Device Security. I clicked on Core Isolation to turn on VBS and noticed that the on/off switch was grayed out and I could scan for driver incompatibilities. I want to ensure that drivers I have loaded into the kernel are secure. Windows 10 has a feature called Device Guard and drivers need to be written in certain ways to ensure they have a clear separation between data and code, and can't load data files as executable, or use dynamic code in the kernel. Again, NONE of this is new and goes back as far as 2015 or earlier. What do I have installed? Well, friends, a ton of crap, it turns out! LOL. All off these drivers are either super old or are using insecure coding techniques that are preventing my system from turning on the Core Isolation Memory Integrity feature. I can start searching for each of these and I see a few interesting culprits. Remember, these are all either old or poorly written drivers that are loaded into the kernel on my desktop machine, chillin'. That Western Digital one? Notice that it evens says "_prewin8.sys" so I hope someone from WDC reads this blog and feels just a little bit bad about it. This is from an external USB hard drive. I certainly don't need whatever extra feature that driver lights up. My USB Hard drive is just fine without it. The STT*.sys and S3x*.sys drivers are all from various Arduino COM Port utilities and DFU-util firmware flashers. Remember those unsigned warnings you thought nothing of years ago? Well, those drivers are still with you...I mean, me. It's easy to look for "Windows Driver Package" and line up some of these drivers with actual installers and remove from Add/Remove Programs. However, since I do a lot of IoT stuff and install random INFs manually...many of these drivers won't show up in ARP (Add/Remove Programs). I could use Autoruns.exe and click the Drivers tab, but not every one shows up there, and even if you uncheck a driver here it won't be removed from the Windows Security Scan. It needs to be uninstalled and deleted. For visible drivers, I can open Device Manager and look at the Driver details for each one. If the .sys file matches, I can right click uninstall and check the delete checkbox to remove the driver entirely. This NDI Webcam Input (NDI Virtual Input) driver knowledge base literally tells you to turn off Secure Boot and turn off Memory Integrity to install their unsigned driver. No thanks. From an admin command line you can get a list of drivers. This one gets a list in PowerShell and puts it in your clipboard.get-windowsdriver -online | clip.exe While this one works anywhere and gets a simple list:wmic sysdriver get name TL;DR - Find the oem.inf from the Incompatible Drivers list and remove it at the Command Line. But when you have the list from the Incompatible Drivers scan as seen in the screenshot above, just click each driver and you'll see the "oemXX.inf" file that describes the driver. Note your numbers will vary.pnputil /delete-driver <example.inf> /uninstall Then you can use pnputil that comes with Windows to delete the driver package from your system's driver store. Here is me doing that: Do be conscious of each driver and what it does and consider what functionality - if any - you'll be losing if you remove them. If this blog post or specifically, you following the directions of this blog post, renders your machine unusable or unbootable, I'm sorry but you gotta do your research and back up your system. You should be able to turn it off and reinstall, but still, be careful. Now I'm all set: And my system says "meets the requirements for enhanced hardware security." Sweet. Hope this helps you and sets you up for future success. I did a LOT of searching to figure this out and spent many hours to break this down for y'all. Sponsor: This week's sponsor is...me! This blog and my podcast has been a labor of love for over 18 years. Your sponsorship pays my hosting bills for both AND allows me to buy gadgets to review AND the occasional taco. Join me!(C) 2021 Scott Hanselman. All rights reserved.     

It was Frederick Wilfrid Lancaster who first came up with the concept of the paperless office in 1978, and finally now, almost 40 years later, it seems like it could be a viable possibility for businesses all over the world. With the advanced technological developments of recent years, and the incredible gadgets we now have...

Improving the user experience of web applications has always been a priority of mine. I always come back to the same though I’ve had for 20 years: “users expect a web app to work — let’s make the app a joy to use.” Over the years we’ve employed JavaScript to improve the UX, but over […] The post CSS Smooth Scroll appeared first on David Walsh Blog.

Prestashop EasyPost Shipping is a flexible shipping solution that allows you to integrate FedEx, DHL, UPS, USPS, and other major shipping carriers with your store. Streamline the creation of shipment labels and enable customers to track their packages right from their accounts. Provides access to more than 100 shipping carriers. Generate shipping labels in the [...]

It’s vacation time! Students are taking a break from exams and studying, while workers are planning their summertime vacations. This is also the season when we start to see lots of Summer offers and promotions from different brands, which means designers have a lot of banners, flyers and other promotional materials to create. We decided […] The post 40 Free Summer Graphic Design Resources appeared first on Line25.

Today, we're bringing you a collection of science and technology PowerPoint templates for making more compelling arguments in your tech and science related presentations. Every science presentation needs charts and graphs to engage and entertain the audience. Same goes for tech-related presentations. A presentation at a tech conference or startup meeting won't be complete without […]

It’s just a few weeks away until Valentine’s Day. That day that brings out the romance in all of us. It’s a day for romantic dinners, flickering candles, expensive wine,... The post Freebie: Valentine & Love Postage Stamp Icon Set appeared first on Speckyboy Design Magazine.

Twitter has announced two new features for its v2 API; access to Likes and blocks data. This latest update to v2, originally launched last August, will give third-party apps access to more data and is meant to bring the API closer to parity with v1.1.

Eager to create your first website? Are you sure that you need one? If your answer is yes, don’t spontaneously go with WebCheap Supplier Ltd. with a full hosting for 0.99 bucks a month, but [...]

I hate to admit it, but five or six years ago my interest in web design started to wane. Of course, owning a business meant I had to keep working, but staying motivated and offering my best thinking to clients became a daily struggle. Looking at the web didn't improve my motivation. Web design had stagnated, predictability had replaced creativity, and ideas seemed less important than data. The reasons why I'd enjoyed working on the web no longer seemed relevant.