The new PC Health Check app is here (almost)

Topic

New Reply

WINDOWS 11 By Will Fastie Hallelujah! Sorry. That might be a little over the top. Rejoicing may be too early. And maybe unjustified. On August 27, Mic
[See the full post at: The new PC Health Check app is here (almost)]

3 users thanked author for this post.

lmacri, Seff, abbodi86

Reply | Quote

Replies

Are there any particular disadvantages to running the app? Does it, for example, install anything on your machine? I’m just concerned given Microsoft’s track record when reportedly forcing Windows 10 upgrades on people that once you’ve allowed anything to do with Windows 11 on your machine they could use that to follow up with “reminders” later.

Reply | Quote

Seff wrote:

Are there any particular disadvantages to running the app?

Not that I can see.

Seff wrote:

Does it, for example, install anything on your machine?

It installs itself but nothing else as far as I know.

Seff wrote:

… they could use that to follow up with “reminders” later.

I think the reminders are going to pop up anyway, with or without the app. What I hope is that such reminders will not pop up if the machine isn’t compatible. That would really be annoying.

Reply | Quote

“ReadySunValley” is an alternate app for checking your computers compatibility with Win 11. It’s from github and is now available free on the Windows Store.  You can see and compile the code from github yourself if you care to.

In the attached screenshot of my desktop machine you’ll notice my CPU is the Intel Core i7-7820X CPU @ 3.60GHz 3.60 GHz.  The  Intel Core i7-7820HQ and the 7820X are the only  two seventh generation on the list Microsoft recently added.

Just luck I could squeak under the wire on this machine.

 

Desktop Asus TUF X299 Mark 1, CPU: Intel Core i7-7820X Skylake-X 8-Core 3.6 GHz, RAM: 32GB, GPU: Nvidia GTX 1050 Ti 4GB. Display: Four 27" 1080p screens 2 over 2 quad.

1 user thanked author for this post.

Will Fastie

Reply | Quote

Did you also use the PC Health Check app? If so, did it give the 7820X a green light?

Reply | Quote

Along with the update on processors, Microsoft wrote a lot about security. Pushback about TPM has been almost as loud as pushback about processors, so I think Microsoft was trying to do a better job explaining this than it did back on June 24.

My conclusion in Windows 11 announced (2021-06-28), that Microsoft would not back off on its system requirements for Windows 11, remains accurate.

I agree that Microsoft has no backed on its TPM and CPU requirements for Windows 11, but I still think it will after Windows 11 is released and real customers, not just geeks, find out that their relatively new – and older but still fully functional – computers won’t run it.  THAT’S when the pushback will get real.

There is a raft of issues that make this inevitable, IMHO.

1. Microsoft has already stated publically that it will waive these requirements for OEMs that ask.   This destroys any argument that Windows 11 cannot run on “lessor” hardware.
2. Despite those who sniff at machines more than 27 minutes old, there are an awful lot of computers in daily use all over the world that run Windows 10 just fine and many of these are in the hands of people and businesses that cannot afford to replace their machines.   Anyone who thinks otherwise needs to look at the market for refurbished and used computers and/or have a chat with a few small business owners (and even some not-so-small ones).
3. Lastly, when the environmentalists get wind that Microsoft’s diktat has the potential to send millions of computers to the landfill, it will start getting flack from a whole new direction.

This is not to say that Microsoft should not be trying to get OEMs to make more secure compters but it needs to take a longer view than the support end date of Windows 10.

 

Reply | Quote

MHCLV941 wrote:

Microsoft has already stated publically that it will waive these requirements for OEMs that ask. This destroys any argument that Windows 11 cannot run on “lessor” hardware.

The beta has been running just fine on older hardware as well. There’s no reason the features that require TPM or recent generations of CPU can’t continue to be optional.

There have been reports that when installed from the .iso, the Windows 11 installer will skip the compatibility check, though there have also been some claims that if one were to do this, MS may use the update system to send another Trojan horse that would break the update process on unapproved hardware configurations, just as they did with Kaby and newer architectures with Windows 7.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

Reply | Quote

The article mentions Intel 8th-generation cpus, but makes no mention of AMD processors. Do you know anything about AMD compatibility for Windows 11?

1 user thanked author for this post.

Will Fastie

Reply | Quote

https://docs.microsoft.com/en-us/windows-hardware/design/minimum/supported/windows-11-supported-amd-processors

Reply | Quote

Oops, none of our Intel-based home computers are on the Windows 11 supported list. Our HTPC (Core i5-4590) doesn’t even make the Windows 10 supported list, although our two laptops do.

Having said that, a recent experience is worth noting. I’ve been refurbishing an old Lenovo M58p SFF PC (with a Core2 Quad Q9400 cpu) and an HP G60 laptop (with Intel TF4200 cpu). They both had Windows 7 Home Premium installed. After cleanup, tuneup, and System Imaging them I successfully installed Windows 10. A few hours test-driving each machine indicates all is well, even though neither of them appears on Intel’s Win 10 Supported list.

Digressing here, some old Win 7 computers like those mentioned above are worth updating if you can tune them up sufficiently. On a 10 or 12 year-old laptop it’s mainly limited to blowing the dust out and installing more RAM. The Lenovo M58p SFF was a more interesting project. It had a trusty old Core2Duo E8400 @ 3.00GHz (65-watt) cpu. The M58p chassis design packs a lot in a small space including a substantial captive heatsink that slides/swivels away for access to the processor chip. Was able to find a quad-core Q9400 @ 2.66GHz (95-watt) for $12 on eBay. Although Lenovo’s service manual indicates a different heatsink part number for a 95-watt cpu, I liked the look of the existing 65-watt heatsink. So, out with the E8400 and in with the Q9400. Monitoring temperatures with HWMonitor utility the Q9400 idles around 36°C.-38°C. and hovers around 56°C.-58°C. with several browser tabs open and video playing on Youtube. Editing/saving a 4GB 1080p video pushed the temp. to around 64°C. which I find to be perfectly acceptable in a small form factor machine. This sturdy old business-oriented PC feels quick and snappy running Windows 10. Should mention the old HDD was replaced with an old SSD we had lying around, plus a $6.95 graphics card again from eBay (Radeon HD3450, an approved part in Lenovo’s service manual). Thus, full HD video is smooth and some light gaming is possible, too. So, for about $20 investment and a free Win 10 upgrade we have a solid little PC as a backup or to provide a retiree with an inexpensive option. Moral of the story: don’t give up on older Win 7 computers if inexpensive upgrades can revitalize them!

1 user thanked author for this post.

MHCLV941

Reply | Quote

I’ve put Windows 10 on some machines, too.   I think the oldest was about a dozen Dell Latitude D630 laptops (circa 2007). Despite the “it’s too old” crowd’s whining, with 4 GB of RAM and, especially with an SSD, that little old machine is perfectly good for office work, email and web surfing.

 

Reply | Quote

Outstanding!

Reply | Quote

I’m not as knowledgeable about AMD processors, which is why I didn’t include better details. AMD CPUs must more or less match the Intel processors for compatibility so I’m sure there is a line in the processor sand for them, too, but I just don’t know where exactly it is.

Reply | Quote

Alex5723 wrote:

https://docs.microsoft.com/en-us/windows-hardware/design/minimum/supported/windows-11-supported-amd-processors

Thanks for the link.   While I was in the neighborhood, I checked the Intel Windows 10 list of supported processors.   I venture that there are an awful lot of users who are happily running Windows 10 21H1 on CPUs that Windows 10 “does not support”.

Frankly, this whole Windows 11 CPU/TPM diktat sounds more and more like Microsoft throwing a bone to the OEMs to keep them in business, not anything that is essential to Windows 11 running.

Microsoft is perfectly welcome to recommend the hardware it does for Windows 11 and if one has the money and the security requirements, getting new machines may be a really good idea, but requiring it, when it’s not really necessary for the OS to run, is rodent excrement.

Reply | Quote

Microsoft won’t stop you installing Windows 11 on older PCs
Windows 11 will run on older CPUs

https://www.theverge.com/22644194/microsoft-windows-11-minimum-system-requirements-processors-changes

Microsoft is threatening to withhold Windows 11 updates if your CPU is old
The loophole has a loophole

https://www.theverge.com/2021/8/28/22646035/microsoft-windows-11-iso-workaround-no-update-guarantee

might not even get driver or security upgrades.

https://www.engadget.com/microsoft-windows-11-updates-withheld-older-cpus-194632054.html

As to why not Windows 11 on older processors:

The real reason for Windows 11
It’s all about security, and it’s going to be a costly upgrade — because most of us will need to buy new PCs to make it work.

https://www.computerworld.com/article/3623772/the-real-reason-for-windows-11.html

Performance just might stink with all the security on (Sub-Heading):

Why Windows 11 is leaving so many PCs behind (it’s not just TPM)

https://www.pcworld.com/article/3623713/why-windows-11-is-leaving-so-many-pcs-behind.html

Skylake isn’t Kaby Lake isn’t Coffee Lake after all (Another Sub-Heading in the above article)

I know, these references raise more questions than they answer. But that’s the answer to folks who keep insisting there is some sort of collusion between Microsoft and hardware manufacturers to sell new PCs.

-- rc primak

1 user thanked author for this post.

MHCLV941

Reply | Quote

This explains why Microsoft wants new hardware for Windows 11, but it does not excuse it for taking the risk assessment away from all the PC owners in the world.  Security is a lot more critical to a bank, stock brokerage, medical records and the like than it is to a small call center whose PCs do nothing more than present scripts to the agents.   And a lot more affordable – who do you think buys the refurbished and off-lease computers??

Microsoft has also said that it will waive the hardware requirements for OEMs that request it.  This says that all those security things can be turned off in Windows 11.

Microsoft may be “hard over” on this but it’s not the only opinion that counts. The economic – and security – impact of millions of computers running an out-of-support copy Windows 10 (after October 2025) is not trivial.   I would be very surprised if this diktat did not end up in multiple courts on just about every continent.

 

Reply | Quote

I’m not buying it. The idea that it’s all about security, that is.

As has been pointed out on this site, Windows 10 has the security features in question too… it’s just that they’re not mandatory. Windows 10, though, gives the owner of the hardware the choice in deciding whether these features are useful to them. Simply adding a TPM doesn’t magically make security better, like some kind of a plus-five talisman in a role playing game. The way Microsoft pitches it, as a means of enabling passwordless sign-in, would actually result in less security, but more convenience.

rc primak wrote:

Performance just might stink with all the security on

Quite possibly! So turn it off, then. If that’s not an acceptable solution for a given hardware owner, then it is time to seek out new hardware to be able to use that feature. It could also be that the feature isn’t of interest to the hardware owner. Just because it is a “security” feature, it does not mean that enabling it will benefit any given user. As usual, one size does not fit all.

I think the true motive may lie in Microsoft’s desire for control over other people’s PCs. Windows 10 took away control over updates and a bunch of other stuff, but there are ways you can get much of it back by installing aftermarket programs, changing registry settings, or other things that require administrator access.

By contrast, you can’t usually do those kinds of things on smartphones.

There are, though, ways to “root” an Android phone (I have no experience at all jailbreaking iOS devices). When you do, you can run apps that are able to override the system settings. You can remove those protected apps (like Facebook) that ordinarily can’t be removed on most systems. You get the kind of control that you would have on a PC.

One downside of that is that sometimes this root access can be detected by apps, and they may refuse to run. Many banking apps won’t work if they sense the device is rooted. Root access does not mean the device is compromised by malware, but it does open doors for malware that weren’t there before (though the malware would have to be written to seek and use the root access, which means it would not work on the unrooted phones).

That is not to say that when a phone is rooted, all processes are running with root privileges (like a Windows XP “administrator” account, which was the usual type). Each app that requests root privileges has to ask for them and have them approved by the user, just like UAC in Windows.

If you don’t approve the privilege escalation, the app should not be able to do any more than it would on an unrooted phone. If there is an exploit in the superuser program installed when the device was rooted, it is possible that root access could be wrongly granted, and the security (effectiveness in limiting root access to approved processes) of those superuser programs is a big unknown.

PCs, for the most part, are rooted from the factory. While you may use a limited account to reduce the threat of malware, there is still at least one administrator account on the PC (not necessarily the one by that name), and you are able to use that to make modifications to the system when you want to. That means you have the ability to thwart Microsoft’s efforts to control your PC, and MS probably doesn’t like that idea very much.

One of the features of the TPM is device attestation, which (among other things) can be used to detect whether a locked-down, unrooted device has been tampered with (as is the case when gaining root access). The device, or any software on that device, could then refuse to perform certain tasks, or it could refuse to complete the boot at all.

We know MS has been salivating over an iOS-style walled garden OS, where it is the sole source of all software on the system, and where the maker of the OS is in complete control of the device. Device attestation is one feature they would likely need to bring that situation into existence, and that’s a feature of the TPM.

Is a locked-down device like that more secure than one that is not (with root access)? Certainly. But that’s never been the way it is done with typical PCs. Why people tolerate this with their phones, I do not know (I’ve certainly never had an unrooted mobile device for very long), but it’s the norm to have these locked-down devices on the mobile side. On the PC side, not so much, and I would not want to see it come to pass that you can only do, for example, online banking on a PC if MS has complete control of the PC. You might find that in order to watch a HD video on Netflix or to run Microsoft Office, your PC has to be unrooted, which also means Microsoft has complete control of the device, and there would be no turning off update services, changing registry settings, or using things like WUB (Windows Update Blocker) to get back that control that MS took away.

I would say this idea is more plausible than MS demanding everyone have a set of security features that are already available in Windows 10 and that may not even apply to the user in question. Of course, that would be the excuse, but control would be the real reason.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

1 user thanked author for this post.

MHCLV941

Reply | Quote

Ascaris wrote:

The way Microsoft pitches it, as a means of enabling passwordless sign-in, would actually result in less security, but more convenience.

Please explain how passwordless sign-in results in less security.

Ascaris wrote:

We know MS has been salivating over an iOS-style walled garden OS, where it is the sole source of all software on the system, and where the maker of the OS is in complete control of the device.

How do “we” know this?

1 user thanked author for this post.

rc primak

Reply | Quote

[Ascaris]

Passwordless login with Windows Hello would suggest the use of biometrics, and biometrics are no replacement for strong passwords. They can be faked (fingerprint sensors have been fooled with gummy bears with a fingerprint impression, for example), and if your “login” data is ever stolen, you can never change it. Using the same password for all logins is bad news, but using the same password for all logins for the rest of your life is even worse.

That biometric reference data has to be stored on the PC, and it can’t be encrypted by a key derived from itself, obviously. A fingerprint is not reduced to a hash or string that can be used as an encryption key. It has to be compared to a reference image, with the security software having to decide “yes” or “no” on whether it is a match. These have to be stored somewhere where the OS can get to it before it unlocks the encrypted volume. The TPM itself is not equipped to hold such data, but the biometric data store can be encrypted with a key that is held in the TPM. The TPM is a safer place to store secrets than in plain text, but it’s not safer than an encryption key that is not stored at all on the device. The key for the encrypted volume, like the key for the biometric data store, is there in the TPM, and that data is only as safe as the TPM’s security. It’s relatively safe in a TPM, but it’s still more vulnerable than on a PC where that encryption key is not stored at all, because it is a hash of a strong password that does not exist on the computer until someone types it in.

If you use biometrics (and/or the TPM) in conjunction with a password, you’ve got two-factor authentication, and you’re more secure. If that’s what was being discussed, it would deliver on the promise for more security. Using biometrics instead of a password doesn’t. It’s a lower level of security in trade for a greater level of convenience, so it doesn’t work to say MS is requiring all of this stuff for greater security. It certainly is a trade-off that many people would be willing to accept, but it’s not something that immediately screams that every person must have a TPM.

As for the second question… It’s obvious, given Microsoft’s actions. We can say for sure that MS wants to take control of people’s PCs and prevent their owners from having the same level of control they had with every prior Windows version, because they have done exactly that. If they want to prevent people from taking that control back, a logical thing to conclude given the circumstances, they’re going to need device attestation or some other similar thing to bring about the kind of locked-down “experience” that one would find in an Android device (or presumably an Apple iOS one). That would be a reason why every user has to have a TPM. In terms of security, a TPM is not something that would benefit every user, as the benefits of TPM are specific to given situations, and not everyone has a use case that makes a TPM useful.

MS has already made moves toward requiring the Windows (now Microsoft) store for some things (even in the Ballmer era, this was how the 8.1 update was distributed, not via Windows Update). It’s not hard to figure out the reason for wanting such a store, as Apple being the single source of all software on iOS has made them a pile of money, and it’s worked well for Google too on Android.

Windows “S”, then “Windows in S mode” was an initial attempt at the more restricted version of this, and it certainly gives some insight into the thought process. The Windows community has done well without a central MS store for decades, so there’s no reason to think somehow it’s necessary now, unless of course your company is the one collecting the ~30% commission on all the sales.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

• This reply was modified 3 years, 8 months ago by Ascaris. Reason: Clarification on biometric data store encryption

1 user thanked author for this post.

MHCLV941

Reply | Quote

Well said!!

2 users thanked author for this post.

Ascaris, b

Reply | Quote

TechTango wrote:

7820X

Oops. Thanks for pointing that out – I missed it. One caution, though. Note the huge footnote associated with the 7820HQ. I wonder if it applies to the X as well.

Reply | Quote

rc primak wrote:

I know, these references raise more questions than they answer.

I’ll take the heat on this if I’m wrong, but I’m sticking to my guns. Microsoft will not back down on the Windows 11 hardware requirements. I can’t see any downside for Microsoft on this, and the wailing of the press doesn’t count.

As far as Microsoft colluding with hardware vendors, it is the stuff of shocking headlines but is backed up by absolutely no evidence whatsoever. That makes it a conspiracy theory. Besides, if Microsoft was playing that game all it would need to do is make Windows 11 burn more cycles; we tend to accept that as the price of progress. No hardware collusion necessary.

Anyway, I’m not buying it. As my primary reason, I cite Apple silicon. There’s a recent story about Apple making overtures in the enterprise space; I think it smells opportunity. I consider it a clear and present danger to Microsoft.

1 user thanked author for this post.

rc primak

Reply | Quote

Will Fastie wrote:

As far as Microsoft colluding with hardware vendors

I did not mean to suggest some sort of underhanded deal between the OEMs and Microsoft.

However, Microsoft only makes money on Windows when it sells a license, and OEMs are the biggest source of those dollars.  It is not rocket science for any company to – ALL BY ITSELF – want to be nice to the bulk of its paying customers.  When you get pulled over, you’re polite to the police officer, aren’t you?  That’s not a bribe, that’s not being an idiot!  🙂

That said, can you name any technical reason why Window 11 has to have a more-or-less new CPU and TPM?   I’m not arguing the desirability of these things; I am questioning the technical necessity of them.   Windows 10 runs just fine on computers that barely ran Vista Basic.

1 user thanked author for this post.

rc primak

Reply | Quote

rc primak wrote:

Microsoft won’t stop you installing Windows 11 on older PCs

It will.

PCs non-compliant with Windows 11 are now being kicked from the Insider Program

Your PC does not meet the minimum hardware requirements for Windows 11. Your device is not eligible to join the Windows Insider Program on Windows 11. Please install Windows 10

1 user thanked author for this post.

rc primak

Reply | Quote

MHCLV941 wrote:

That said, can you name any technical reason why Window 11 has to have a more-or-less new CPU and TPM?

Can you name any technical reason why Windows 11 will be 64-bit only?

Back in the ’90s I was writing Visual Basic apps. Through VB5, 16-bit code only was generated. In VB5, 32-bit code generation was available but 16-bit components could be used. Microsoft announced that in VB6, only 32-bit components would work. There was a very good technical reason to make the switch – dramatic improvement in performance – but the transition was hugely disruptive and costly.

I had dozens of components, all of them 16-bit and most of which I had purchased over time. All of them needed to be replaced in a very short period of time, which I could not afford because I could not persuade all my clients to pay for upgrades. But I didn’t have any choice – that transition was vitally important if I was to continue to build competent and competitive solutions.

Here’s the point. I was the developer in that scenario and my customers were the end users. They couldn’t see the technical advantage – their 16-bit versions were merrily chugging along. It took quite some time to convince them all and recover my costs for the conversion.

Windows 10 is chugging merrily along. As an end user, I don’t yet see the full benefit I will derive from Windows 11. As a geek, I see the potential benefits and therefore realize these hardware requirements are good in the long run.

Reply | Quote

MHCLV941 wrote:

I would be very surprised if this diktat did not end up in multiple courts on just about every continent.

On what grounds?

MHCLV941 wrote:

The economic – and security – impact of millions of computers running an out-of-support copy Windows 10 (after October 2025) is not trivial.

I was due for a new PC anyway; Onyx (my current box) is six years old. In 2025, almost all non-compliant PCs will be about five years or older and their owners will be looking for replacements. We’re not dealing with an off-the-cliff scenario here.

1 user thanked author for this post.

rc primak

Reply | Quote

Will Fastie wrote:

In 2025, almost all non-compliant PCs will be about five years or older and their owners will be looking for replacements. We’re not dealing with an off-the-cliff scenario here.

We’re dealing with “insecure” Windows 7 PCs since January 14, 2020 and many stopped updating (I did) Windows 7 the day Windows 10 was out. So, there will be Windows 10 PCs running for years after 2025.

1 user thanked author for this post.

rc primak

Reply | Quote

While it’s impossible to protect one’s computer against every potential threat there are still plenty of safety options for most of us who have a Windows 7 machine in good working order, such as:

Anti-virus/anti-malware, free or paid. (We use Avast free version.)

Run mostly in a restricted mode as a standard or guest user. (Sometimes this is a pain in the neck, but still safer than running as Admin.)

Use a safety and/or privacy oriented internet browser (Avast’s safe browser, Brave , etc.).

Use a password manager instead of allowing your browser to save passwords.

Never click on a link in an email to go to your bank or other sensitive website. Always access the site directly.

Never do any financial stuff including shopping on a public/open website.

Never respond to an email from a Nigerian prince or his widow, or his banker (unless it’s me).

Reply | Quote

Alex5723 wrote:

So, there will be Windows 10 PCs running for years after 2025.

Sure, no doubt.

Reply | Quote

Will Fastie wrote:

MHCLV941 wrote:

I would be very surprised if this diktat did not end up in multiple courts on just about every continent.

On what grounds?

MHCLV941 wrote:

The economic – and security – impact of millions of computers running an out-of-support copy Windows 10 (after October 2025) is not trivial.

I was due for a new PC anyway; Onyx (my current box) is six years old. In 2025, almost all non-compliant PCs will be about five years or older and their owners will be looking for replacements. We’re not dealing with an off-the-cliff scenario here.

Grounds (for openers but lawyers are very creative so I’m sure this is not an exhaustive list):

• Environmental impact of suddenly rendering millions of computers electronic waste.  No, the old machines will not suddenly stop working in October 2025 but long-standing and widespread guidance says don’t run a computer with an unsupported operating system.  And with its current attitude about “security”, I would not put it past Microsoft to install a kill switch in a Windows 10 update to make sure they can no longer pose a security risk, perhaps disabling the networking software on the machine.
• Economic impact of rendering millions of computers insecure by losing operating system support with no affordable path to resolution save replacing many of their computers.  Yes, there is 4 years’ warning, but that assumes that companies still operate on a 3-year replacement cycle.  I’m sure some do, but when a 6, 7, 8, 9 or 10-year-old computer running Windows 10 works just fine, replacing it because it’s “old” is economically stupid.
• Then there’s the EU, for whom taking Microsoft (and other USA tech companies) to task is an industry of its own.

Are these really absurd?  Maybe, maybe not.  However, when environmentalists drive their electric cars to protests over building solar farms and wind turbine fields or about lithium mining (which is necessary to make the batteries in their electric cars), you can’t make that assumption.   Would such a suit prevail?  Maybe, maybe not, but they would not be dismissed out of hand.

For that matter, normal people (neither you nor I are “normal” in this context) do not replace computers simply because they are “old”.  They replace their machines when they break irreparably or when they stop doing what their owners want them to do.   Indeed, the swing to the “cloud” makes this even more so, because it does not take much of a computer to run a web browser or play music or videos from Amazon, Netflix or Hulu.

Once again, I don’t dispute that Microsoft is (or is trying to?) address security issues with the changes in Windows 11 or requiring what it does for new computers to be sold with Windows 11 (though it shoots itself in the foot with its pronouncement that those requirements could be waived if an OEM asks).

This is not the 16-bit/32-bit divide.  Back in that day, machine performance DID improve so fast that a 3-year replacement cycle made sense from a user productivity perspective.  However, Microsoft has not made a case why an older machine could not run Windows 11 with those security bells and whistles disabled, very much like nearly all Windows 10 machines do.  Within the last week, I read an article that explained how to enable a number of Windows 11-like security features (at the cost of a substantial performance hit).

Reply | Quote

Microsoft makes a product or products that you use on your computer. They can cease offering these products anytime they want with due notice (4 years is a LOT of notice). You choose to use their product, but you can also choose to use a different product. Some alternate products are very good and some, like Linux, are available for free. Chrome OS is another one

Automobiles are for most of us in this country an essential means of transport. GM stopped making Pontiacs and Oldsmobiles. Thousands of drivers didn’t sue GM. If they did, they wouldn’t win, and neither will disgruntled Windows users win against Microsoft’s choice of discontinuing their product. The only thing constant is change.

Recently, I had occasion to spend an afternoon using a couple of older PCs which ran Windows 98SE and Windows 2000. While I enjoyed the renewed acquaintance with both OSes that I loved back in the day, I readily acknowledge they’re no match for a modern OS. If nothing else, the security challenges we face today, along with advancements in productivity software and games, force us to keep moving forward or be left behind. I still use a Windows 7 machine for certain apps and games, I’m also excited to see what Windows 11 brings, aren’t you?

1 user thanked author for this post.

rc primak

Reply | Quote

Alex5723 wrote:

Will Fastie wrote:

In 2025, almost all non-compliant PCs will be about five years or older and their owners will be looking for replacements. We’re not dealing with an off-the-cliff scenario here.

We’re dealing with “insecure” Windows 7 PCs since January 14, 2020 and many stopped updating (I did) Windows 7 the day Windows 10 was out. So, there will be Windows 10 PCs running for years after 2025.

Without a doubt and Microsoft’s diktat regarding existing hardware will ensure there will be millions more of them than there would otherwise be.   How this is a net win for the world at large is hard to see.

Reply | Quote

I downloaded the new preview of the PC Health Check App and was very disappointed when all it told me that my organization manages my system.

I assume that is because I have used the GPEdit settings to delay quality and feature updates and set a preferred current release level.

I had hoped that it would at least tell me that my old I-7 6700 was the anchor that was holding me back.

I used the WhyNot11 project on GitHub and it and it seems to think the old CPU is now just questionable and my nVidia GeForce 1050 is now the stumbling block since it does not support WDDM 2.

I did figure out how to enable the software TPM support in my BIOS.  I have a header for the hardware TPM device, but I haven’t even tried to find one.

I also tried the ReadySunValley Github project and got similar results for my system.

 

Reply | Quote

Ascaris wrote:

The beta has been running just fine on older hardware as well. There’s no reason the features that require TPM or recent generations of CPU can’t continue to be optional.

Yet more proof that Microsoft’s hardware diktat that existing machines for Windows 11 is arbitraty and without any technical basis.

Requiring new machines to meet these requirements is a completely separate matter.  If meeting them is required for “Made for Windows 11” or some such certification, great.   But OEMs should remain free to make and customers to buy “lessor” machines if they so choose.  Indeed, Microsoft has said it can waive them for OEMs if requested.

Why would they want to do so?  Very simply, money.  Corporate grade PCs that 4, 5, 6, 7 years old or older are still reliable and more than capable of meeting the requirements of many companies and users and they can be had for half or less than the cost of new machines.  Why else would there be such a vibrant market for off-lease, refurbished and just plain used computers?

1 user thanked author for this post.

Ascaris

Reply | Quote

And that hardware requirement for the TPM would be nothing new. Microsoft has required that (and Secure Boot capability) since Windows 8, though evidently it wasn’t enforced. Intel PTT (and the AMD equivalent, whose name I don’t recall at the moment) is already a feature that exists on any CPU new enough to be sold in a new PC… the OEM simply has to enable it in the UEFI while the OEM is customizing the firmware image, so it is close to a zero-cost upgrade. I have no problem with that requirement in new machines.

The hardware virtualization features are also built into each CPU newer than Kaby Lake (7th gen), and by now I doubt any OEMs are selling new Kaby systems, so that too is a moot point when it comes to OEMs.

The issue is, as you pointed out, that MS would require such things on older hardware. There’s close to zero cost to OEMs to include such features in their new PCs, since CPUs new enough to be sold in new machines have the features anyway, but it is not zero cost to consumers who have machines that are more than capable by modern standards, but that do not have the bits required by Windows 11. Requiring these hardware owners to throw out their perfectly good PCs to get features that may not even be of use to them, just because MS arbitrarily said they must have them, is just unnecessary. If the person or company decides they need the features, they can elect to buy new PCs to get them, but otherwise, there is no point in requiring things that make no difference to the hardware owner.

That is, of course, unless it is not the owner of the PC who is meant to benefit from the requirement.

 

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

1 user thanked author for this post.

MHCLV941

Reply | Quote

EXACTLY!!!!!

Reply | Quote

b wrote:

Ascaris wrote:

The way Microsoft pitches it, as a means of enabling passwordless sign-in, would actually result in less security, but more convenience.

Please explain how passwordless sign-in results in less security.

Ascaris wrote:

We know MS has been salivating over an iOS-style walled garden OS, where it is the sole source of all software on the system, and where the maker of the OS is in complete control of the device.

How do “we” know this?

Security is supposed to be “something you know, something you have”.  Possession of the machine (regardless of who actually has it: owner or thief) meets the second part, but what about the “know” part?  If not a literal password, but something else that still meets the “something you know” part of the equation?

The walled garden?  Microsoft has already started down that road.  What do you think the “Microsoft Store” is if not the first step?

 

1 user thanked author for this post.

Ascaris

Reply | Quote

MHCLV941 wrote:

Security is supposed to be “something you know, something you have”.  Possession of the machine (regardless of who actually has it: owner or thief) meets the second part, but what about the “know” part?  If not a literal password, but something else that still meets the “something you know” part of the equation?

Microsoft Authenticator app, which for me in practice means face or fingerprint:

Advancing Windows 10 as a passwordless platform

Enable passwordless sign-in with the Microsoft Authenticator app

I haven’t entered a password for years to access Windows or Microsoft, and it’s more secure not less.

 

MHCLV941 wrote:

The walled garden?  Microsoft has already started down that road.  What do you think the “Microsoft Store” is if not the first step?

Microsoft Store has provided access to apps for ten years. That’s an incredibly slow first step down your imagined road!

1 user thanked author for this post.

rc primak

Reply | Quote

MHCLV941 wrote:

Store: It’s not how long Microsoft has had a store; it’s how long it has been required for some installations. I would not dispute the MS store has been around as long as you say it has, but it could be completely ignored until a couple of years ago. Now there are programs that one either cannot get directly from the publisher or can only get directly with some difficulty.

Indeed. That’s the very thing many of us were afraid of when we first heard of the Windows (now Microsoft) store, and it has started. It may have taken a long time for this to come about, but that doesn’t mean it wasn’t the intent all along.

There’s no doubt that Microsoft intended to have a presence in the phone market, but they don’t at the present time. You can’t point to the lack of new MS phones and say that it means MS never wanted to get into the phone market. Outcome and intent are not the same! MS tried to get into the mobile market as a serious third choice starting with the introduction of Windows 8, and after several years of trying, they admitted it was a failure.

With the MS Store, they tried, and after several years, the jury is still out whether it will ultimately be a success or a failure. It’s not a definite success like the App Store or Google Play, but it’s not yet a failure either. The lack of an instant “verdict” on the MS Store does not, in any way, suggest that MS didn’t intend for it to be successful in the way that the Apple App store has been (complete with the walled garden).

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

1 user thanked author for this post.

MHCLV941

Reply | Quote

b wrote:

How do “we” know this?

We don’t, but it’s reasonable speculation. The best evidence of Microsoft’s interest in a closed (or at least more closed) ecosystem is Windows S. That didn’t turn out so well, but that doesn’t mean the company won’t keep trying.

1 user thanked author for this post.

Ascaris

Reply | Quote

Do you believe the intent with Windows 10 S was to force it onto everyone, or just to offer it as an option to compete with Chromebooks in schools? What about it hasn’t turned out so well?

https://www.microsoft.com/en-us/windows/s-mode

It’s not even reasonable speculation to say that Microsoft wants to be “in complete control of device”, and we certainly don’t know anything like that.

1 user thanked author for this post.

rc primak

Reply | Quote

b wrote:

It’s not even reasonable speculation to say that Microsoft wants to be “in complete control of device”, and we certainly don’t know anything like that.

It’s not speculation at all. It’s a reasonable conclusion given what we have observed.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

1 user thanked author for this post.

MHCLV941

Reply | Quote

b wrote:

What about it hasn’t turned out so well?

There were more complaints than compliments about it, with pretty much uniform panning in the press. It was also a slap in the face to legions of independent Windows developers who Microsoft used to court and who would find the requirement to deal with the store onerous. Result: it was not widely used and many simply turned on the upgrade to Pro.

1 user thanked author for this post.

rc primak

Reply | Quote

You know for a fact that S Mode is not being used extensively in schools?

Test Windows 10 in S mode on existing Windows 10 education devices

If S Mode to compete with Chromebooks in schools is the best evidence we have of Microsoft wanting a closed system, it’s not reasonable to even speculate that their aim is a walled garden OS for everyone.

Reply | Quote

b wrote:

It’s not even reasonable speculation

Look at it from Microsoft’s point of view. I have long praised the company for its commitment to backwards compatibility. But at some point, technical legacy becomes baggage. If you were Microsoft, wouldn’t you like to trim down as much dead weight as you could?

Reply | Quote

Please quote complete sentences or the discussion becomes pointless.

Reply | Quote

b wrote:

MHCLV941 wrote:

Security is supposed to be “something you know, something you have”.  Possession of the machine (regardless of who actually has it: owner or thief) meets the second part, but what about the “know” part?  If not a literal password, but something else that still meets the “something you know” part of the equation?

Microsoft Authenticator app, which for me in practice means face or fingerprint:

Advancing Windows 10 as a passwordless platform

Enable passwordless sign-in with the Microsoft Authenticator app

I haven’t entered a password for years to access Windows or Microsoft, and it’s more secure not less.

 

MHCLV941 wrote:

The walled garden?  Microsoft has already started down that road.  What do you think the “Microsoft Store” is if not the first step?

Microsoft Store has provided access to apps for ten years. That’s an incredibly slow first step down your imagined road!

Sign on – I’ll be looking into this.  Thank you.  That said, I can find nothing about how to allow RDP connection using any password-less authentication method.  If this is so, password-less login is not viable.  If you know of one that works with RDP, please share.  Not to be picky, but one that depends on Azure AD is not useful to me.

Store: It’s not how long Microsoft has had a store; it’s how long it has been required for some installations.   I would not dispute the MS store has been around as long as you say it has, but it could be completely ignored until a couple of years ago.  Now there are programs that one either cannot get directly from the publisher or can only get directly with some difficulty.  iTunes is one that comes immediately to mind.  Even that would not be so objectionable if one were not nagged to death to log into the store.

That notwithstanding, I’ve never thought of Microsoft as being impatient or lacking long-range planning skills.

1 user thanked author for this post.

Ascaris

Reply | Quote