I was really excited for Windows 11 for about an hour. As screenshots of the new OS leaked out, I was ready to see how Microsoft built on the mostly great foundation it has with Windows 10. I was ready for rounded edges and new icons and even a new take on the Start menu. That enthusiasm lasted until Microsoft published Windows 11’s useless PC Health Check tool that told pretty much everyone that their PCs weren’t compatible without explaining why. Surely Microsoft’s bizarrely short list of compatible CPUs wasn’t actually complete, right?
It’s been a messy two months since that initial announcement day confusion. Microsoft has tried to clarify what you’ll actually need to run Windows 11, but only made the true minimum requirements more confusing. It’s failed to justify why its requirements are so stringent. And Windows 11 is now set to launch on October 5—a date that seems comically rushed, considering how many people still don’t know if they’ll be able to use it.
How do you screw up the launch of your biggest product this thoroughly before it’s even out?
Windows 11 testers seem to be doing just fine with unsupported hardware
Given the surprisingly stringent supported CPU list and uninformative PC Health Check tool, it was inevitable that people would sign up for the Windows 11 Insider program and install the OS on unapproved hardware. And what do you know: It’s seemingly been going just fine. If you do a few registry edits to bypass the system requirement checks while installing Windows 11 Insider, you can use a far older CPU—even as old as a 2008 Intel Core 2 Duo!
Microsoft did warn users ahead of time that unsupported hardware would eventually be kicked out of the Insider tests, so it’s not like they’re pulling the rug out from under testers. But the fact that those testers have been able to use the OS without significant problems proves that the “minimum requirements” aren’t about performance at all. So what are they about? Security? Maybe, but Microsoft’s done a poor job of explaining that.
The big problem: The supported CPU list just isn’t trustworthy
As Linus points out in the video above, Microsoft’s official CPU compatibility lists don’t hold up to much scrutiny. The oldest officially supported Intel CPU for Windows 7 was launched in 2015… five years after Windows 7 came out in 2009. Likewise, Windows 10 doesn’t officially support CPUs like the Haswell i7-4790K, yet I have a PC with one in my house right now that runs Windows 10 perfectly fine.
With Windows 11 Microsoft has been making a lot of noise about security to justify its TPM 2.0 requirement, but it hasn’t adequately explained why, say, Intel’s 7th gen Core CPUs are too insecure to include while the 8th gen CPUs are. It was also pretty suspicious when the single mobile 7th gen CPU Microsoft decided to add to the list happened to be installed in the $3,500 Surface Studio 2 it currently sells.
A recent Windows 11 blog post says that Microsoft used “more than 8.2 trillion signals from Microsoft’s threat intelligence, reverse engineering on attacks as well as input from leading experts like the NSA, UK National Cyber Security Center and Canadian Centre for Cyber Security to design a security baseline in Windows 11 that addresses increasing threats that software alone cannot tackle.” Sorry, but invoking a big number and the NSA doesn’t actually convince me that one CPU vs another is going to make my PC virus-proof.
Later the post cites that all Windows 11 CPUs should support HVCI, or hypervisor-protected code integrity, and Virtualization Based Security (VBS), which is mandated within the US Department of Defense (ooh, fancy!). Now we’re getting into some security features that may actually differ between CPU generations. If you remember the Spectre and Meltdown CPU vulnerabilities discovered back in 2018, you may also remember that some of the fixes could significantly slow down performance on older CPUs. VHS and HVCI, which Microsoft wants enabled on most Windows 11 PCs by default, may run far better on newer CPUs. But no one’s actually coming out and explaining that.
As Ars Technica’s Andrew Cunningham writes, the Windows 11 compatibility list mostly includes CPUs that support something called “Mode Based Execution Control”—all you really need to know is that MBEC is what allows newer processors to handle those security features without slowing down. That actually makes sense, yet Microsoft doesn’t spell it out anywhere, and good luck finding any technical details from Intel or AMD explaining the security features of their processors across generations.
All of this is impenetrable to the average user, which I’m sure is why Microsoft took the “trust us, this will make your PC more secure” route. But without real clarity around those security capabilities, it’s hard to trust that they really are crucial. My laptop probably does not need to meet the Department of Defense’s standards for security. And as Cunningham points out, there are actually CPUs not on the list that support MBEC, and some CPUs on the list that don’t.
Then there’s this doozy of a statistic from Microsoft: “Devices that do not meet the minimum system requirements had 52% more kernel mode crashes. Devices that do meet the minimum system requirements had a 99.8% crash free experience.” But isn’t that still… 99.7%? Without more context, a number that Microsoft wants to be scary—52% more crashes!—doesn’t actually seem convincing at all.
So the security requirements are opaque and the few numbers Microsoft has publicized about stability are vague. No wonder the cynical assumption is that Microsoft is just trying to push people to buy new PCs instead of letting people install Windows 11 on their perfectly good four-year-old machine. I don’t think that’s Microsoft’s plan at all, but I do think it would be just fine with hardware vendors—partially so that they don’t have to keep supporting their old hardware.
Is this really just about drivers?
Jumping back to Linus’s video above, watch for a few minutes and he’ll talk about Windows 11’s new driver model, which promises to be more reliable than the old. If Windows 11 mandates a new driver model (or strongly recommends it, and at some point phases out the old model), that means motherboard vendors and USB device makers and so on need to update their drivers for the new OS.
That sure sounds like a pain in the ass if you’re talking about hardware that’s five or more years old, huh? Surely Asus and Gigabyte and MSI don’t want to make new drivers for hundreds of motherboard models. My motherboard, released in 2017, got its last BIOS update in 2018.
But this isn’t really a smoking gun: Asus, for example, has put out a brand new BIOS specifically for Windows 11 for its 2017 Z270 ROG Strix motherboards. That four-year-old motherboard—which happens to support 7th gen Intel Core CPUs that aren’t on Microsoft’s compatibility list—shows that older systems could quite possibly get the support they need.
Again, though, Microsoft has been extremely vague about how stringent the new driver requirements are, how many older drivers would need to be updated to be compatible, and whether driver instability is actually a real problem. It’s another reason why its minimum requirements are unconvincing, and easy conspiracy theory fodder for those who assume they’re nothing but a scheme to sell new PCs.
You can install Windows 11 on an unsupported PC… but you might not get updates?
Along with that blog post citing vague data about Windows 11’s reliability, security, and compatibility standards, it seemed, for a brief moment, like Microsoft might finally be clearing up the confusion over who can and can’t install this new Windows. But no: they actually made it more confusing, then doubled back to spread the mess around.
Microsoft told The Verge that its minimum requirements aren’t really the minimum requirements, after all; they’re just the requirements to get an automatic Windows 10 to Windows 11 upgrade. If you want to slap a Windows 11 ISO on a flash drive and install it yourself, forget that TPM 2.0 and that CPU made in just the last three years. Install away!
Except, sike. Microsoft clarified to The Verge this Saturday that if you go this route, “unsupported PCs won’t be entitled to receive Windows Updates, and that even security and driver updates may be withheld.” In other words: Sure, you can install Windows 11 against our advice, but how well it works isn’t our problem.
It’s a bad look. And it feels like Microsoft has willfully disregarded reality to arrive at this moment, by designing an OS around ambiguous security requirements that its most vocal users can’t match. A month out from launch, the people most eager to jump into Windows 11 on day one have spent weeks unsure if they’ll be able to run it without a good answer as to why.
Security is important, but it was never going to be realistic to limit Windows 11 to such new PCs. People will install it and use it regardless. If Microsoft really cares about security, blocking those systems from getting security updates will just mean a whole bunch more vulnerable PCs out in the world, primed to spread phishing schemes and DDOS attacks and so on. They will be Microsoft’s problem whether the company likes it or not.
With a month left, Microsoft could extend its compatibility list to a few more years of hardware that people are going to be using anyway, and actually explain clearly which security features each generation supports and how their performance may suffer compared to newer tech. That transparency would go a long way towards mending what’s so far been a messy and disappointing rollout.