As Windows 11 22H2 approaches, Windows 10 crashes

If you’re an IT pro, you’re probably still focused on Windows 10. Your network mostly runs it, Windows 11 is still in testing, and you’re not really sure when you’ll implement the year-old OS. If that sounds like you, congratulations – you look like most of the respondents to my unofficial, unscientific survey of what companies are planning to do with Windows 11.

Just over 89% reported that Windows 10 remains the key desktop operating system used on their network. The rest use Windows 7, with or without extended security updates (3.92%); Windows 11 (3.43%), Windows 8.1 (0.49%), macOS (0.49%) or Linux (0.49%). The few remaining respondents use a mix of Windows 10 and 11 and macOS.

Specifically, more than half (51.23%) of respondents do not know when they will launch Windows 11. In the past, IT professionals saw the release of a Windows service pack as an indicator to seriously launch a new operating system. Now that Microsoft has moved to a once-a-year feature release schedule, this week’s expected release of Windows 11 22H2 is the closest thing to that service pack marker.

But IT administrators don’t behave as if it were a normal package of services.

In fact, when I asked if IT professionals were currently using Windows 11, only 17% said yes; 57.81% are testing and 25% said they are evaluating other platforms.

So I asked the IT community what they expected most from the Windows 11 implementation.

Windows 11 word cloud Susanna Bradley

Windows 11 word cloud.

As you can see from the resulting Word Cloud, “Nothing” was the most popular answer. (embarrassing!)

But Windows 11 does they offer better security than Windows 10. And if you have the budget and hardware to implement it properly, here’s another reason why 22H2 should be welcome: it includes Smart App Control. This adds protection from malware (including new and emerging threats) by blocking malicious or untrustworthy applications. There is a problem, though: you have to enable it on a newly installed Windows 11 machine; it cannot be enabled on an existing distributed system and if you later disable the setting, it cannot be re-enabled.

Smart App Control works by comparing the apps launched on your system with Microsoft’s master list of apps in its database. If the application is listed, it can be run. If it is unknown, Smart App Control will check if it has a valid digital signature. If the application is unsigned or the signature is invalid, Smart App Control will block it.

Microsoft wants to make sure that only trusted applications are installed on systems; that’s why it requires the system to be built from scratch. While the feature may be useful for some businesses, it won’t be viable for my small business. I still have several key line-of-business applications that are installed without a digital signature. (I always note that these apps are not digitally signed and bypass the signing process. Clearly, these would be blocked if I tried to install them with Smart App Control in place.)

I am also concerned that Smart App Control does not address other security risks of Windows 10 and 11. Many attackers use what is called “living off the ground” to use and abuse DLLs and files already installed in the operating system. known technique for attacking a host without bringing much in the way of new code that will be reported by antivirus or other EDR tools.

But security doesn’t come first with Windows users (as evidenced by Word Cloud). In fact, when asked what they would do to fix Windows 11, the main concerns were about the location of the menu, the number of additional clicks needed to run tasks and widgets. (One person even suggested that Microsoft move to a once-a-year feature release cadence – a clear indication that Microsoft needs to do better with communication.

Finally, many people have pointed out the tightened hardware requirements for Windows 11, which means they have to purchase new systems before they can deploy Windows 11. I face the same difficult decision. While I can bypass the hardware requirements for testing purposes, I don’t want to bypass these hardware blocks.

Many see Windows 11 as equivalent to Windows Vista, a version of the operating system to live and wait until it comes next. Personally, I see this as a sign of Windows maturity. We’re not buying it for features like its new fancy menu. We buy it because it runs our business software. Windows 11 is still the most compatible operating system for companies firmly rooted in the Microsoft ecosystem. This won’t change anytime soon.

Copyright © 2022 IDG Communications, Inc.