H/W vs S/W vs cloud
Changes that mean signing certificates for Windows can only be sold in hardware form
I can see the sense in that, something physical is usually more secure than something ephemeral like software...
or from an as-yet undefined cloud-based "service”
which feels to me like it almost has vulnerability built in from the get-go.
So...with one approach that's more secure, and one that could be a bit s**t, I suppose that on average we're about where we were to begin with.