Microsoft is gearing up to improve the security features of Windows 11 and upgrade the default file system with a more robust and efficient solution. Developers at the tech giant are independently working on two new features – recoding kernel in Rust and using ReFS instead of NTSF as the default file system.
Microsoft is working towards enhancing the security features of Windows 11 by integrating Rust into the kernel. As explained by Wired, Rust is a memory-safe language known for its protection against injection attacks, similar to languages like Java. It is designed to prevent programs from accidentally accessing unintended data from a computer’s memory.
At the BlueHat IL 2023 conference, David Weston, Vice President of Enterprise and OS Security at Microsoft, confirmed the company’s plan to utilize Rust in the kernel for Windows 11. According to the executive, Windows and Rust integration is closer than ever.
Microsoft plans to ship a version of Windows 11 preview with some of the kernel code rewritten in Rust. At the moment, the primary goal is to ensure compatibility and performance. This includes converting some internal C++ data types into Rust equivalents.
“There will be an Insider preview [updae] shortly, so you will have Windows booting with rust in the kernel in probably the next several weeks or months,” he said.
So far, Microsoft has made significant progress, such as using standard Rust APIs like Vec and Result, which are easier to write and understand than their C++ counterparts.
At the same time, the performance of the ported code has been excellent, with no noticeable difference in Office apps as measured by PCMark 10.
The integration of Rust has also driven changes upstream in the language itself, with more try_ methods for Vec that don’t panic on OOM. While many “unsafe” code calls to extern functions still exist, the number of unsafe blocks and functions decreases as more code is ported.
“Rust can’t and won’t be the only solution to increasing memory safety in Windows. This is an excellent paper evaluating various CPU-based memory tagging approaches and their ROI against vulnerabilities,” David Weston said.
The integration of Rust into the Windows 11 kernel aims to make the operating system more secure and easier to maintain while also unlocking benefits from tooling and performance improvements.
ReFS as the default file system
Another change, already spotted in Windows 11 preview build, aims to replace NTFS with ReFS as the default file system on new installations.
Microsoft created Resilient File System (ReFS) to replace New Technology File System (NTFS), but it wasn’t possible to install consumer editions of Windows 11 on ReFS. For those unaware, ReFS is better than NTFS in many ways, including meeting unexpected storage needs and handling large volumes or storage pools.
It also has improved corruption resiliency, and Windows 11 may soon switch from the NTFS to Resilient File System ReFS on new installations to improve the overall experience.