Welcome to another installment of Ask ZDNet, where we answer your technology questions.
In the mailbag this week: Can I install Windows 11 on my not-very-old Surface PC even if Microsoft says it's incompatible? Why should I consider a VPN? And why can't I say no to driver updates from Windows?
If you've got a question about any of the topics ZDNet covers, one of our team of editors and contributors probably has an answer. If they don't, we'll find an outside expert who can steer you in the right direction.
Questions can cover just about any topic that's remotely related to work and technology, including PCs and Macs, mobile devices, security and privacy, social media, home office gear, consumer electronics, business etiquette, financial advice... well, you get the idea.
Send your questions to firstname.lastname@example.org. Due to the volume of submissions, we can't guarantee a personal reply, but we do promise to read every letter and respond right here to the ones that we think our readers will care about.
How can I install Windows 11 on my "incompatible" PC?
I have a perfectly good Surface Pro 5 PC with an Intel Core i7-7660U CPU, running Windows 10. It's only a few years old. When I check Windows Update, I see a message that says it's not compatible with Windows 11. Will this machine eventually support Windows 11? Is there any way around this?
Microsoft officially released the Surface Pro 5 in June 2017 and continued selling it as a current model until its successor was released in October 2018. That means your Surface Pro is probably about four years old and should have plenty of useful life remaining. Alas, its 7th Generation Intel Core CPU isn't on the list of Windows 11 compatible CPUs, which means upgrades via Windows Update are not supported and probably never will be.
There are, however, two workarounds, as I document in ZDNet's Windows 11 FAQ.
If you're willing to perform a clean install of Windows 11, you can boot from installation media and run Windows Setup. That option skips the CPU compatibility check completely.
To upgrade your system, you need to modify the registry, as documented in this Microsoft support document. (The usual warnings apply when working with the registry. Make a complete backup before proceeding.) Open Registry Editor and navigate to the following key:
Create a new DWORD value, AllowUpgradesWithUnsupportedTPMOrCPU, and set it to 1.
You can now perform the upgrade by downloading an ISO file, mounting it as a virtual drive, and running Setup from Windows 10. You'll see a stern warning about compatibility issues, but after you click OK on that dialog box your upgrade should proceed without any serious issues.
Will using a VPN help protect me from malware or ransomware?
I keep reading that using a virtual private network (VPN) is an important security precaution. But I've also heard that it won't protect me from malware or ransomware. If that's true, then what's the point of using a VPN?
Security and privacy are closely related, but they're not the same thing. Understanding the difference is key to understanding what a VPN does and doesn't do.
The basic concept behind a VPN is simple: Software running on your PC encrypts every bit of network traffic before it reaches your PC's network adapter, then sends that encrypted data to a remote server that's operated by the VPN service. That remote server, in turn, sends the data to the public internet. The encrypted "tunnel" between your device and the VPN server is what makes the network both virtual and private. Many corporate networks will only allow remote connections over a VPN. Still, you can also buy consumer-grade VPN software for connecting to untrusted networks, such as those found in airports and coffee shops.
The benefit of this type of network is twofold. First, it prevents anyone on your local network from spying on your internet traffic. That's especially important if you're using a Wi-Fi network that's not under your control.
Second, it allows you to disguise your location, which prevents some types of tracking and also makes it possible to bypass geographic restrictions on some services. If you're in Europe and want to watch a movie that's restricted to the U.S., you might be able to fool the streaming service by connecting to a VPN in the U.S.
VPNs are resource-intensive and can take a huge toll on your network bandwidth, which is why you should only employ them when you need them.
When I'm in an airport or hotel, I prefer to tether my mobile phone to my laptop (or bring a device with a built-in cellular connection) so that I can avoid the risks that come with that untrusted network. But if the cellular signal is weak or unavailable and I have no other choice than to connect to that public Wi-Fi, I use the paid FastVPN service from NameCheap. My colleague Jason Perlow uses ExpressVPN. "It's compatible with OpenVPN, an open source VPN protocol," he says, "which means I can use it with all the devices I own -- iOS, Android, Windows, even on my network firewall."
But regardless of which option you choose, nothing in that virtual private network looks for threats to your PC. For that sort of protection, you need security software that's specifically designed to sniff out malicious software and dangerous connections.
Why am I getting new drivers through Windows Update?
When I checked for new updates at Windows Update, one of the updates was a new driver for my fancy gaming mouse. I always thought driver updates were optional, but this one doesn't give me a choice. I have to install it along with all the updates for Windows. What's happening?
Some driver updates are indeed optional, but if you're offered a driver through Windows Update without the option to refuse it, the developer of the driver is the one who made that decision. When the developer submitted that driver to Microsoft, they checked the box that reads Automatic, which means they wanted it delivered to all applicable systems. And before the driver made it to Microsoft's update servers, it also had to go through formal "flighting tests" with PCs in the Windows Insider Program.
(If you're curious about Microsoft's rules for driver developers, see the article "Understanding Windows Update rules for driver distribution" at the Partner Center for Windows Hardware.)
Typically, drivers delivered in this fashion fix hardware issues that have been identified (using telemetry data) as causing problems for a significant group of customers. Delivering those fixes through Windows Update is a much more reliable way of resolving those issues than depending on customers to download and update drivers manually.
In the rare case that a driver delivered as an automatic update causes problems, you can and should take it up with the manufacturer of that hardware.
Send your questions to email@example.com. Due to the volume of submissions, we can't guarantee a personal reply, but we do promise to read every letter and respond right here to the ones that we think our readers will care about. Be sure to include a working email address in case we have follow-up questions. We promise not to use it for any other purpose.