As Windows 11 22H2 draws near, Windows 10 hangs on

If you’re an IT professional, you are likely still focused on Windows 10. Your network is mostly running it, Windows 11 is still in testing and you aren’t really sure when you’ll deploy the year-old OS. If this sounds like you, congratulations — you sound like the majority of respondents to my unofficial and unscientific survey on what businesses are planning to do with Windows 11.

Slightly more than 89% reported that Windows 10 remains the key desktop operating system used in their network. The rest are using Windows 7 — with or without Extended security updates — (3.92%); Windows 11 (3.43%), Windows 8.1 (.49%), macOS (.49%) or Linux (.49%). The few remaining respondents use a mix of Windows 10 and 11 and macOS.

Notably, more than half (51.23%) of the respondents don’t know when will roll out Windows 11. In the past, IT pros saw the release of a Windows service pack as the marker for pushing out a new operating system in earnest. Now that Microsoft has moved to a once-a-year feature release schedule, the expected release this week of Windows 11 22H2 is the closest thing we have to that service pack marker.

But IT admins aren’t acting like this is a normal service pack.  

In fact, when I asked whether IT professionals were currently using Windows 11, only 17% said they are; 57.81% are testing is and 25% said they’re evaluating other platforms.

Then I asked the IT community what they’re most looking forward to with the deployment of Windows 11.

Windows 11 word cloud Susan Bradley

Windows 11 word cloud.

As you can see from the resulting Word Cloud, “Nothing” was the most popular answer. (Cringe!)

But Windows 11 does offer better security than Windows 10. And if you have the budget and hardware to properly deploy it, here’s another reason 22H2 should be welcome: it includes Smart App Control. This adds protection from malware (including new and emerging threats) by blocking applications that are malicious or untrusted. There’s a catch, though — you have to enable it on a newly installed Windows 11 machine; it can’t be enabled on an existing deployed system. And if you later disable the setting, it can’t be reenabled.

Smart App Control works by comparing the apps launching on your system with Microsoft’s master list of apps in its database. If the application is in the listing, it’s allowed to run. If it is unknown, Smart App Control will then check to see whether it has a valid digital signature. If the application is unsigned ot the signature is invalid, Smart App Control will block it.

Microsoft wants to ensure that only trusted applications are installed on systems; that’s why it requires the system to be built fresh. While the feature might be useful for some firms it won’t be viable for my small business. I still have several key line-of-business applications that install without a digital signature. (I always note that these apps are not digitally signed and bypass the signature process. Clearly, these would be blocked if I tried to install them with Smart App Control in place.)

I’m also concerned that Smart App Control doesn’t address other Windows 10 and 11 security risks. Many attackers use what’s called “living off the land” to use and abuse DLLs and files already installed in the operating system. LOLBAS is a known technique for attacking a host without bringing much in the way of new code that will be flagged by antivirus or other EDR tools.

But security isn’t top of mind with Windows users (as evidenced by the Word Cloud.) In fact, when asked what they would do to fix Windows 11, the overriding concerns involved menu position, the number of additional clicks needed to perform tasks, and widgets. (One person even suggested Microsoft move to a once-a-year feature release cadence — a clear indication Microsoft needs to do better with communication.

Finally, quite a few people pointed to the beefed up hardware requirements for Windows 11, meaning they must purchase new systems before they can roll out Windows 11. I face the same hard decision. While I can get around the hardware requirements for testing purposes, I don’t want to go around these hardware blocks.

Many see Windows 11 as equivalent to Windows Vista — an OS release to live through and wait until whatever comes next. Personally, I see this as a sign of Windows’ maturity. We’re not buying it for features like its fancy new menu. We buy it because it runs our business software. Windows 11 is still the most compatible operating system for businesses firmly entrenched in the Microsoft ecosystem. That’s not going to change anytime soon.

Copyright © 2022 IDG Communications, Inc.

Leave a Reply