Windows 10 R.I.P.
Blog
Tags:

Windows 10 is dead – but does that mean your hardware is ready for the junk yard?

Next week is the day: regular support for Windows 10 will officially end. Anyone who has not signed an expensive support contract will simply no longer receive security updates. This means that Windows 10 will now become a risk for any organization that still uses it.

Microsoft is raising the bar for Windows 11. Only 8th generation or newer Intel processors (from late 2018 onwards) will be supported. In addition, a Trusted Platform Module 2.0 (TPM) is mandatory.

On paper, this looks good: it seems logical: better security, better performance. In practice, it feels very simplistic. Because... who throws away all their hardware after seven years? Many companies – and individuals – easily use their PCs and laptops for ten years. Because it's easy to do so.

Although the TPM 2.0 chip was introduced in 2018, it only became standard much later. As a result, even relatively young systems are left out. That means: excellent hardware that could last for years, but is no longer officially supported. Thanks, Microsoft!

Of course, there are tricks and workarounds to install Windows 11 on systems that don't meet the requirements. But that's like walking on thin ice. There's no guarantee that you'll still be able to boot up after the next big update – or that you'll even be able to access your data.

So the question is: is all that hardware really end-of-life? 

And more importantly: how much of a security gain does Windows 11 offer compared to a fully patched Windows 10?

Microsoft has already made the choice for us, but organizations now have to weigh up the pros and cons. Do you rush out and buy new hardware, with all the associated costs? Or do you look into alternatives that will last longer?

One thing is clear: doing nothing is no longer an option.

Excuse or deception: Microsoft calls it security, but it's really about power

Microsoft presents the switch to Windows 11 as a matter of security. But if you look closely, you'll see that security is often nothing more than a convenient excuse. Here's what's really happening: step by step, you're being made increasingly dependent on the Microsoft ecosystem.

Take account management, for example. Whereas you used to be able to use a local account, you are now required to create a Microsoft account. This is sold as “more secure,” but in practice, it means that your entire digital life is now under their control.

Documents, settings, passwords—everything is stored on Microsoft's servers. Even your BitLocker key is automatically stored there. This is convenient when you install a new PC, but it's extremely dangerous if you ever lose access to your account. Not only will you lose your account, but you'll also lose your data. That's because the data is encrypted and the key is held by Microsoft.

This isn't just happening at Microsoft. Big tech across the board has only one goal: to gain more control over you and your digital resources. Apple does it, Google does it, and Microsoft is following suit. Enforcing the use of a Microsoft account is a logical, but worrying, step in this direction.

The Trusted Platform Module (TPM) plays a crucial role in this. Officially, it is there to make your system more secure. In reality, it is 100% about control. Without TPM, you would have to enter your key yourself every time you start up. Perhaps inconvenient... but you would be the one holding the key. That is exactly what Microsoft wants to prevent. By linking the key to the TPM and your Microsoft account, they have the power—not you.

Security is not the reason. It's about who controls your digital life. Unfortunately, it's less and less you. Security as a reason is an excuse... and it's misleading. And... not at all more secure.

The myth of the secure TPM

A Trusted Platform Module (TPM) (great name!) is often presented as the ultimate in hardware security. In practice, it is not as foolproof as it sounds. The TPM sends decryption information to the BitLocker component of Windows according to a set protocol: Windows provides hardware properties, the TPM provides a key. That sounds neat, but it also introduces a physical touchpoint that attackers can exploit once they have physical access.

TPM chips are just hardware with physical connections and documentation: manufacturers even publish the specifications and pinouts. With the right knowledge and specialized measuring equipment—such as analyzers and good laboratory tools—it is technically possible to intercept or copy signals. This is not theory, these are real doomsday scenarios; researchers have been demonstrating for years that physical or side-channel attacks are effective against hardware components that are presented as “secure.”

The big difference with a manually entered key is that (a) you don't have a fixed key connected to the device and (b) physical manipulation becomes much more visible. If someone plugs an analyzer into your PC and you notice something suspicious, you simply don't type in a key. That human detection mechanism is an extra layer of security that TPM authorization doesn't have.

In short: a TPM certainly raises the threshold for simple attacks, but it does not make a system invulnerable. Relying on hardware isolation as your only defense is risky; if you really want to maintain control over your data, you also need to think about physical security, key management, and (where necessary) manual authentication. And besides thinking... take action!

The inconvenient truth about Windows 11

For years, Microsoft has been repeating the same story: every new version of Windows is more secure than the previous one. It's a nice line from the marketing department, but unfortunately it's not true. The reality is quite different.

Take the recent CrowdStrike drama, for example. That incident brought entire organizations worldwide to a standstill. What few people know is that the root of the problem was a Windows vulnerability that has existed since the days of Windows XP, at least since 2009, but probably even earlier. Microsoft was aware of this, of course, but has openly stated that it will not fix it. What? That means that another CrowdStrike scenario could happen again tomorrow. Perhaps through an antivirus provider, perhaps through a security tool such as Symantec, or even through Microsoft's own Defender. The foundation has not been repaired and will not be repaired.

There's something else to consider: the enormous number of services that Windows runs by default. You never use many of them, but they are constantly ‘open’. And every extra process is a potential leak. Instead of reducing the attack surface, Windows 11 has more services than less. More code, more complexity, more chance of errors.

In that sense, Windows 11 is not fundamentally any more secure than XP ever was. Of course, improvements have been added: better encryption, stricter account control, modern hardware requirements. But as long as old vulnerabilities remain and unnecessary functionality is enabled by default, the system remains vulnerable at a fundamental level.

The big difference with XP? The marketing. While Windows XP is now seen as “old-fashioned” and “insecure,” Windows 11 is sold as the secure future. But under the hood, less has changed than you might expect. And that's something organizations shouldn't be blind to.

Take back control: step out of the Microsoft ecosystem.

It will come as no surprise that I have been fed up with Microsoft's antics for years. At Sciante, we therefore made the decision years ago to completely abandon the Microsoft ecosystem. No more endless licenses, no imposed hardware requirements, no lock-in that forces us to make choices we would not make ourselves.

The switch to Linux on our servers and Apple for our workstations has not only given us freedom, but also something that every IT department immediately feels: breathing space. Less management, less hassle, less firefighting. In concrete terms, we save more than 75% on management efforts – and that is noticeable every day.

For us, there is no going back. And as you can understand, we don't want to. We have regained control over our data and our IT, which is wonderful.

Would you like that too? Do you want to get rid of dependency and switch to an environment that is cheaper, simpler, and more user-friendly?

Make an appointment with me. Free of charge. No sales pitch (we'll leave that to Microsoft ;) Just advice, cost savings, and other eye-openers (as is always the case in these conversations).

Book your appointment now

Click Me