Stability and Security Improving With Windows 21H2, Coming Soon

Why you need this article

On Windows 10, drivers are required when you want to interact with specific hardware, such as your graphics card and network adapter. Usually, drivers are automatically installed when you connect your devices or check for updates using the Windows Update service.

Occasionally Windows 10 drivers can cause some serious problems, including security issues. In Windows 10, all drivers (including third-party drivers) are stored together in the DriverStore (see below), which is located under the System32 folder on the system, and it is problematic for the operating system’s overall health.

Microsoft has been utilizing the DriverStore folder for drivers since Windows Vista and it currently only includes 'Trusted' or 'Certified' Microsoft and 3rd party drivers. When a driver package is copied to the DriverStore folder, all of the associated files are copied. This includes the INF file and all files that are referenced by the INF file.

Once a driver package has passed integrity and syntax checks, it is copied to the DriverStore folder. Afterwards, the operating system uses the driver package to automatically install new devices without requiring user interaction. With the driver stored in the System32 folder, the chances of corruption and critical failures is dramatically higher.

What’s changing

Microsoft is releasing an update (Windows 10 Sun Valley) soon that will move 3rd party drivers outside the System32 folder which could be tremendously helpful at improving stability. After the update installs, your 3rd party drivers will be permanently stored in a new and isolated 'OEMDrivers' folder located outside the System32 folder:

Windows will still verify the digital signature of third-party drivers before copying the package to the new 'OEMDRIVERS' folder.

Just like Windows 10X, the OEMDRIVERS folder allows the OS to be isolated, or sandboxed, away from the rest of the third-party drivers, and the primary benefit is security. Thankfully, the OEMDrivers folder is more than just a security improvement, it’s also a bonus layer of performance, especially if you frequently update your third-party drivers. It’s not yet clear if isolating third-party drivers will also reduce Blue Screen of Death errors and system crashes on Windows 10 but the Virtual Machine this is installed on has seemed more stable since the update.

Why it’s a big deal

The impact this has on performance and stability cannot be understated; however, the current process to get it to work includes performing an 'In-Place Upgrade' of Windows 10 to update to the 21H2 build. The feature must be enabled before the first bootup of a new version of Windows 10, a process that has to be done manually with the insider build, but presumably will occur automatically when Windows 10 21H2 hits the public later this year. After the feature is enabled and the latest version is installed, the operating system will automatically move external drivers to the new OEMDRIVERS folder.

By moving third-party files outside of System32, it could allow Microsoft to further tighten the folder's security, and thus the operating system itself. By isolating these third-party drivers, Microsoft is clearly hoping to eliminate, or at least reduce, the types of conflicts that have arisen in the past. Isolating or sandboxing certain files and other elements is a key way toward avoiding conflicts and protecting the operating system. Such a move should enhance not only the reliability, but the security of Windows as well.

Where is this all coming from

The changes started in Windows 10X

Windows 10X resembles Windows 10 in some ways but has been built entirely on code from a universal Windows codebase called Windows Core OS. (Windows 10 also uses code from Windows Core OS but adds unique code of its own.)

Windows 10X won’t replace Windows 10, and it eliminates many Windows 10 features including File Explorer, although it will have a greatly simplified version of that file manager. Its interface is simpler and more stripped down than Windows 10, and it will run only on hardware designed for it, not on hardware that currently runs Windows 10.

The reasons Microsoft gives for developing Windows 10X keep shifting. When Microsoft first announced Windows 10X in 2019, the company said it would run only on dual-screen and foldable PCs, and the operating system would be designed specifically to make the most of that unique hardware.

Some other fun changes

Windows 10X which is NOT a build/OS available to PC but only used for certain (mostly mobile) devices. Thankfully, Microsoft has curated a number of useful changes and ported them into Windows 10 21H2. For instance, a lot of the icons and some of the interface menus have changed to have a nice, fresh look. Here are examples of a few of those changes:

Microsoft originally said that Windows 10X would run Win32 desktop apps like Word, Excel, and other Office apps, but only inside special containers that isolate the apps from the core OS. More recently, however, Microsoft watchers have reported that there will be no Win32 support at all when Windows 10X first ships, though it’s likely to be added back in later. It remains to be seen how the Win32 containers will impact performance or whether all Win32 apps will be able to run this way.

Windows 10X will run Universal Windows Platform (UWP) apps — lightweight apps that you download from the Microsoft Store — right out of the gate. It’s not clear yet whether it will be able to run all of those or only a subset. Interestingly, even UWP apps run inside containers in Windows 10X, but a different type of container. These “Native” containers tap native Windows 10X features, take less of a hit on system resources, and deliver greater security and privacy controls than containers for Win32 apps.

In addition to running UWP apps, Windows 10X will run web apps. Given how few useful UWP apps are available, it’s likely that you’ll mainly run web apps on it, in the same way that Chrome OS runs web apps. Keep in mind that Microsoft 365 and Office 365 subscriptions include useful web app versions, so even if you can’t run the Office desktop apps, you’ll be able to still use Microsoft 365 / Office 365 via web apps.

Conclusion

Granted this doesn't seem like a big change (thankfully it's not) but it will definitely provide greater stability and security without user intervention or upkeep. Being able to install new hardware and not worry about them potentially corrupting your OS is a tremendous benefit and hugely exciting.