Windows Embedded System Security

windows embedded system security

Traditional wisdom in IT departments has it that ‘IT Systems’ running Windows should be constantly updated with security patches and feature updates to avoid vulnerability to viruses, malware, ransomware and cryptoware etc…

This might be a good idea for ‘IT Systems’ where applications change regularly but it is hardly practical for ‘Embedded systems’ where the requirements are totally different. Embedded PC systems are set up for a specific function and tuned and checked to avoid memory leaks and random prompts which can disable a system that runs 24/7.

Typical embedded systems have a lower complement of processing power, RAM and disk space, which can result in difficulty with actually processing the constant updates. Many use small SSDs and this will get badly worn by the constant downloading and installation of updates.

The use of Microsoft’s SCCM

Some IT departments attempt to use Microsoft’s SCCM (System Center Configuration Manager) to apply updates to Windows embedded systems, as they would in a desktop system, which can result in total failure due to the lack of resources available in the embedded systems.

Fortunately, there is another approach to the problem of system protection which can be achieved by “locking down” the Windows embedded system.

What about Windows 10 IoT Enterprise LTSB?

“Windows 10 IoT Enterprise LTSB” is the latest version of the Microsoft embedded windows series. It incorporates an app locker that can be used to prevent any viruses, malware, ransomware and cryptoware etc., including zero day attacks, from being able to run on the system. This means that security patches are not required and the endless succession of updates can be avoided.

Far greater control over the lockdown process can be made by using a specific security product such as McAfee, which allows easier configuration of the whitelist of processes allowed to run. This is typically used in conjunction with McAfee Virus Scanner which is used to scan the system prior to lockdown.

These methods allow for a stable embedded Windows system that doesn’t need constant updating but remains secure against attacks.

BVM have experience of installing this type of system and will be happy to share experiences and advise as appropriate.

At BVM “we like to make life easier“.

Find out today how we can help your business succeed.

get in touch button

Want to read more from the BVM team? Simply subscribe and receive the latest news in your inbox!

BVM Design and Manufacturing Services: The manufacturer behind the solutions you know

When a standard embedded design won’t suffice for what you need, you can always turn to BVM for help and use our custom design and manufacturing services.