Win10 Creators Update will let you block apps from outside the Store

Topic

New Reply

This one’s starting to echo around the blogosphere. Windows 10 Creators Update brings several old settings – they used to be in the System applet – up
[See the full post at: Win10 Creators Update will let you block apps from outside the Store]

1 user thanked author for this post.

WildBill

Reply | Quote

Replies

Of course, it’s not a concern at this point – but when it will, it will be too late. It will be similar to Wal-Mart scorched earth tactics. Once adoption rate reaches critical mass – they’ll start doing what they have already planned. Who knows, I might be on Linux already, when it happens.

The lower Windows 10 adoption, the better off we are.

Reply | Quote

@ anonymous#97518

Seems, with Win 10 Cloud and Win32apps installable only via Windows Store, M$ wanna slowly and successfully cook live frogs(= Win 10 users) by putting them into a pot of nice and cool water b4 slowly turning up the heat/fire.
In comparison, if M$ were to heat up the water first b4 putting in the live frogs, they would refuse to go in or would immediately jump out of the hot water.

Imagine, one day, Win 10 gamers have to buy all their games thru Windows Store only = games will become more expensive bc M$ will be taking about a 30% cut from the developers for every sale of games and Win32 apps.

M$ apologists will claim that this likely move by M$ is for security reasons, ie to prevent cptr dummies from installing infected Win32 apps/programs, … …. like what Apple and Google have been doing with their free mobile iOS and Android OS.*sarcasm*

Reply | Quote

Valve already started SteamOS as an answer to Windows RT 8.1. It’s been put on hold a bit (although some AAA games appeared on Linux), but if MS will go to far with Windows 10, I can imagine Valve, EA, Ubisoft, Blizzard and others promoting Linux hand in hand – and there are a lot of people using Windows just for games, web browsing and basic office suite tasks – these are already bundled with Ubuntu or easy to download, it’s just games that are holding people back. With this barrier moved out of the way – well…

Reply | Quote

SteamOS seems to be failing.

M$ is not stupid. They will only turn on the heat on the pot of swimming frogs or pull the trigger when the adoption rate of Win 10 has reached above 50% or so.
But if Win 10 adoption performs poorly like Win 8/8.1, then M$ won’t be pulling the trigger.

Reply | Quote

Yes, it is. But before Windows 10 I used to say 8.1 was the worst Windows ever :). I suspect that the second take might be more successful

Reply | Quote

I’m on Ubuntu already.  Why wait?

Reply | Quote

Games :).

Reply | Quote

FWIW, I also use Ubuntu as my primary working OS. That started when Win 8.0 came out, and its evil twin, Win RT.

-- rc primak

Reply | Quote

Gunter Born has an article about it but it really doesent tell you much more than Paul Thurott does. Not sure what they are driving at with this one may be with an eye to the Win10 cloud edition that surfaced a few weeks ago. Which is sure to be unpopular with folks that want basically a PC to do PC stuff and not tied to Redmond’s whims etc. http://borncity.com/win/

1 user thanked author for this post.

Microfix

Reply | Quote

Seems to me that this is only an expansion and raising of the level for something which has been in the works for some time now. The first two options aren’t going anywhere anytime soon, except for the rumored Windows Cloud.

Windows Cloud might be offered for free on some low-capability and mobile devices, but for most of us, it’s still going to be Home and Pro or Enterprise. Business as usual. Nothing to see here, move along…

-- rc primak

1 user thanked author for this post.

WildBill

Reply | Quote

But it’s not completely about different Windows editions and their price and/or hardware requirements. It’s about MS planning to control software distribution across the whole PC platform. A platform which main advantage has always been freedom. If they try to close it, people will switch to Linux. We don’t need desktop consoles. We need desktop computers.

Reply | Quote

Unless you can read Nadella’s mind better than the rest of us can, how do you know what Microsoft has planned for the future?

-- rc primak

1 user thanked author for this post.

WildBill

Reply | Quote

Plan: Allow three settings, then chip away at users’ confidence by publishing that the “insecure” settings will lead people to infection and strife, while only Store Apps are trustworthy.

I guess it’s important to follow Apple’s lead, because a 10% market share is better than a 90% market share. Let someone else do the hard work of creating systems to do honest work with.

Thing is, Apple already HAS that market, and Microsoft’s doing nothing technically laudable to attract people to “better” Apps or user experience.

Put a fork in Microsoft…

-Noel

1 user thanked author for this post.

Microfix

Reply | Quote

As I posted above, how do you know what Microsoft has planned for the future? Perhaps you are an Insider with special knowledge? If so, feel free to share with us.  If not, I am not fond of paranoid speculations (alternative facts).

-- rc primak

Reply | Quote

I get that right now, the hubbub is paranoia…but then again, how many times in the past has something suspicious shown up, only for Microsoft to eventually flip the toggle switch and enable it? And then when that happens, who’s to say they won’t remove the toggle switch and force it, just like (again, many times in the past) they’ve done the same thing?

You know, that old saying about tigers changing their stripes and all. IJS

I think a better question at this point is really “is anyone surprised by this?”. I’m not, not in the least.

Reply | Quote

Actually, there might be many ways to read that.

Microsoft wants to address security concerns for small businesses and home users. A lot of them might not need something else than Windows Store Apps in the future and they might prefer the security of only downloading apps that are pre-approved in theory. Windows doesn’t fare very well in user’s mind for easy casual computing and security when you compare it to IOS that don’t run any security software and didn’t produces any major security event. Chromebooks : same idea.

Another thing Microsoft said a few years ago with 8 but not that transparently was they wanted control out of IT. So by giving small businesses a way to both lock the users out of “dangerous” unknowns on the Internet while letting the users free to download whatever they want from the approved safe walled garden, they achieve this goal and get a cut at the same time. They make more money because users are not stopped by IT from spending on whatever they want, too. I must say, data leaking considerations apart, I wouldn’t mind letting my users download what they need from a pre-approved store if it is safe enough in practice and if the underlying app support structure is done in a way that apps can’t break each other or the OS, a bit like in IOS. There are many advantages to this model.

Microsoft probably sees that Apple’s model works pretty well for security on IOS and it makes sense to reproduces that for many usage scenarios. However there are many problems with this approach as IOS has been successful in part due to free or very low costs apps. That doesn’t fit with the traditional model of expensives AAA games and gamers might not be the best market to be locked. Maybe casual users who like to surf the web and play small games would be served decently with this model. This IOS style brings simplification to the user experience if done properly.

However, Microsoft needs to get better at some things for this to work. One of the big problem I see with MS is their tendency to often give priority to bloat new features rather than security, so the need to lock so much things because the out of the box experience is terrible. They also offer so many ways for users to break their OS directly or accept many add-ons/programs offered anywhere that can install deeply in the OS or in the apps they use. That is all bad for many people. I remember when Firefox was getting so many add-on’s installed automatically on it by software without even any indication that was happening. This is bad. It seems to get better in some ways regarding security, bloat still applying though.

The same problem is for privacy and right now the controls are not that great for that compared to IOS where you can turn more things globally off and more easily plus they respect your choice and don’t sneakily resets your preferences or beg you to not change your default browser so you can give Edge a chance.

The last problem is for efficiency of the user interface and what they do is often one step forward and two steps back. I won’t give examples because here opinions might vary a lot but I personnally found many things I dislike for a few things I like.

Another thing that bothers me with the new IOS copycat approach and I don’t know under which category it falls is the fact that there is no global off setting for background apps like in IOS with the ability to make exceptions with some apps. So you need to manually disable each apps you don’t want running in the background each time you install a new one. I don’t like background apps and I don’t understand why I should leave an App I consult once a month running after I am done, especially if this app has access to many of my private data. I find that pretty invasive. I want a default off setting for all access with maybe an ability to let me decide if I want to give exceptional permission when the app asks me or preconfigure a set of authorizations that are locked in.

For my users, I mostly have to tweak Windows for security and privacy. They get a small set of tweaked softwares and then it is locked and auto-updated. Efficiency I do too because I already did the settings for me and I like that I never get calls from them regarding the general use of their computer, but it is not as concerning as having Windows feature upgrades able to reset security settings. Of course if Onedrive (non business) gets reinstalled and users starts to save on that non encrypted cloud through the encrypted connection because it gets very confusing where your files are saved in the dialog box, I will have a problem too.

One last thing that I find problematic with this idea is the fact that many people uses their PCs for gray areas or illegal downloading of movies, music or software. I am not condoning this behavior, but I am not sure these many users will accept the new model that could arguably prevents them from doing such activities.

This aspect is just one example of what Windows is to many people. Windows have always been that powerful OS that can be deeply modified to your needs and those needs are not going away anytime soon. IOS has succeded because it was either a complement to that, a nice addition to cover some of the needs in a more efficient way and with less issues than with the PC, or maybe because it was the only thing needed for some users, but in either case, I don’t see the new locked down Windows successfully winning users over in these two areas.

So Microsoft might do well with a walled garden version accompanied with a more like before power user customizable to your needs version. Seriously, the way LTSB has been presented is awful and not sustainable for many so it is not surprising they want every business on CBB, but is it really doable in practice or we will end up with lots of unpatched non supported PCs running older software and hardware, reducing the global security of everyone?

1 user thanked author for this post.

Noel Carboni

Reply | Quote

Please bear in mind Mac OS has like 5% (yes, that’s FIVE) market share. If MS wants to go down with Windows from 80% to 5%, they’re probably on a good way…

Reply | Quote

Yes, I understand. I was talking about IOS not MacOs as a paradigm. In theory, there is nothing preventing Ms to offer the same apps from within a paradigm similar to IOS in the long run.

Enterprises already have the tools to do do what they need to do to control the environment. Small businesses and home users are the ones that often might be better not to manage their own computer as experience has shown lots of them are pretty bad at it. I understand there will always be a need for a desktop that is not locking you for many people, but that doesn’t mean that there is no need for a more secure simpler OS for lots of users, as long as the apps they love run on it.

I don’t think discussions about MacOs shares are relevant to this idea since we are talking about Windows being itself and being able to run its apps. The problem right now is this idea doesn’t exists yet because serious apps are not walled garden apps but when/if that happens, then it might be a good idea for some users to choose a set of 10 walled garden desktops for their small company to prevent the problems that have plagued unmanaged business computers.

Reply | Quote

I would say that comparing iOS to Windows on the desktop is irrelevant, since they’re on very dissimilar platforms.

The reason that there are no “apps” on MacOS is because apps are for phones and tablets.  There’s nothing magical about an “app” compared to a regular PC program that sets it apart… it’s just a self-contained, generally reduced-feature program with a sparse UI that lends itself to touch use, and whose CPU, memory, and storage needs are in tune with the limited resources available on mobile devices.  None of those restrictions apply to a Mac any more than they do to a Windows PC, so there’s no special need to ever hamstring any desktop PC (Macs included) by pretending that the corners that are cut to make an “app,” as compared to a full-featured desktop program, have any place on a desktop PC at all.

Apple’s resurgence as a company in the 2000s is wholly based on the emergence of iPhones and iPads, so they’re definitely attuned to the whole “app” paradigm, but they’ve made no move to put “apps” on Macs.  CEO Tim Cook has gone on record stating that there will be no convergence between Macs and iDevices, since that would necessarily involve compromises that would harm the user experience on both platforms.

He’s not wrong about that.

The whole idea of apps on desktops was, as I see it, about trying to get app devs to start writing apps for the Windows store even though few people had Windows phones.  It was an effort to solve the chicken-or-egg dilemma: the idea was that MS could point to the large number of app-enabled desktop Windows users and tell app devs that there was already a big market for their phone apps, so why not get started on writing some apps today?

Microsoft realizes that with Android and iOS having huge app libraries, they stand little chance of breaking into the mobile market without one, even if the OS itself is far better than anything else out there.  Apps on the desktop was never about improving things for desktop users; it’s “Cloud first, mobile first,” after all.   This was about MS using what they have (total dominance of desktops) to get something else they want.  Apparently, they’re willing to destroy the entire desktop Windows platform if it means getting a toe-hold on the mobile market.

None of the supposed benefits of the UWP system on desktop requires a switch to “apps.”  n app is just a certain kind of program… the benefits Microsoft claims (better security, sandboxing, easy removal without leaving remnants) are characteristics of the operating system, not of the apps themselves.  MS could have constrained the (Win32) Windows installer and included more robust journaling of changes that would allow every program to uninstall cleanly and to run in its own sandbox, while using the old installer routines with legacy programs.  That would give all of the benefits MS claims for UWP on the desktop without the negatives, and would still allow backward compatibility with older programs that use the older installer.

Similarly, if MS wants to create a walled garden, they can do that without apps.  An OS that can be constrained to only get its apps from one source can just as easily be constrained to getting Win32 code that way.  Conversely, apps can be installed from sources other than the official app store if the OS allows it.  It’s the OS that dictates whether this is possible, not whether it’s an “app” or not.

The only real way that the concept of the “app” on the desktop enhances Microsoft’s ability to create a walled garden is one of marketing.  People are used to apps coming from a centralized app store, so if MS decided to end sideloading one day (for security reasons, they’ll claim), it would be easier for people to swallow than to end what has always been the main way of getting Win32 software in favor of a new-fangled central repository.  MS could start with the app store alongside Win32, with both able to get software from any source the user wishes, as they have.  Once the app store reached a certain critical mass, they could begin the erection of walls that will enclose the garden.  Sideloading would be made more difficult, bit by bit, until eventually MS would just end it, which they would only do if nearly everyone was using the Windows Store anyway and avoiding sideloading (which they would learn from the telemetry you can’t turn off).

At the same time, they would begin to limit Win32 more and more, given that Win32 is an exclusively sideloaded platform by tradition.  Just as they would only cut off app sideloading once a certain critical point was reached, they’d wait for the right time to end Win32 also (citing security as the reason).

None of that is about serving the needs of the desktop PC user, and none of it is about apps being somehow more suitable for a walled garden than programs.  It’s about MS using apps and the fact that people have come to expect certain things from mobile app stores to get away with things they’d never accept otherwise.

It’s true that a walled garden of curated apps is all a lot of users will ever need, but those people have already moved on to iPads, iPhones, or Android devices.  Those of us remaining on PCs tend to be the kind of user who is not well-served by the walled garden.  Trying to force those users into the iOS app-store model is not going to work.  MS may dream of the kind of control Apple has over its iOS users, but that’s not the world they inhabit.  They’d do well to remember that desktop PCs are not phones, and the things people put up with on phones will not work on desktop PCs.  Comparing iOS to desktop Windows is an exercise in futility and frustration.

 

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

4 users thanked author for this post.

dononline, AlexEiffel, Noel Carboni, satrow

Reply | Quote

Very nicely summed up!

Reply | Quote

I agree to a lot of what you are saying. I didn’t mean to say apps and walled garden are the same. Apps is what MS chose to do its walled garden for various reasons and probably like you say as part of its cloud first strategy. The idea of continuum is not a bad idea per se if it could be done properly (I just don’t believe you can have the same UI and interaction on a mobile vs desktop but in theory you could have a universal app that presents a different GUI and not resort to adaptative compromises).

I would’nt go so far as to say that desktop users who only needed the walled garden approach moved to mobile only and the only people left on desktop don’t need it. That is precisely my point. Suppose you can make the real Office into an App with no downside compared to the desktop version. The distinction between what an App is right now and what a desktop app is right now is not relevant. For a lot of usages, it wouldn’t matter if the App was well-made and maybe adapt properly whether you are on mobile or desktop. That is an entirely different question. I think it might be very difficult to make a real universal app and compromises will often if not always suck, but I think that a lot of PC users would benefit from a walled garden approach to desktop or desktop look-alike apps just because they would not always shoot themselves in the foot. Of course there are other considerations like the way file management sucks on IOS because each app is so contained to its own things, which is an advantage in some ways but a real problem for some productivity scenario.

There is still a lot of users that uses a desktop but find it difficult. A lot of people come to me for help because they messed up their computer and they still need the desktop apps they have on Windows. Those are not people like us tinkerers and power users. They don’t enjoy tweaking their computers. They find computers a hassle they don’t really understand well but that they need.

The question of whether you can make an app be enough desktop-like apart, I don’t find Microsoft is stupid to try to make their OS more simple in terms of security and management for the normal user. They might not do it well, that is an entire other story.

When people talk about IOS only having this market share, I think they miss the point. Microsoft tried to enter the mobile market as you said and at the same time make the PC have the same advantages that people see in the mobile world in terms of simplicity and security. Are they succeeding? They are far from that right now, making managing the desktop harder that it has ever been from a traditional point of view. I am just saying this is where they are probably heading to reach a market that they are loosing more and more and if they don’t do something and Fuschia or whatever other OS can do it better, then their numbers might slip a lot more.

That doesn’t mean there is no market for open desktop users, far from it, but there is definitely a market for simpler computing for everyday users without having to resort to a subpar mobile app experience. Chromebooks might be evidence of that, although I never used them so I don’t know how better the apps are compared to the traditional mobile ones.

Where someone is dropping the ball is the open desktop market, but maybe it is because nobody finds it an attractive enough market anymore. MacOs could be great for that as it is built on a solid Unix BSD. They could in theory offer a more secure, simpler open OS if they supported a lot of software better. As for Linux, they seem more preoccupied at developping the next gnome version than polishing the one they just did the week before so the need for stable desktop open OS is more difficult to meet. Just take a look at Didoimedo reviews of Linux to see that despite Linux is such a great OS for servers, it seems to lack the leadership to provide what ordinary folks desktop users need, which is stability and large scale compatibility. Linux should be the best at providing good LTS versions, they have no business incentives to add bloat all the time to sell more, but a lot of distros don’t provide good LTS.

Reply | Quote

AlexEiffel wrote:

As for Linux, they seem more preoccupied at developping the next gnome version than polishing the one they just did the week before so the need for stable desktop open OS is more difficult to meet.

That is one of the things holding Linux back, but it’s a tough nut to crack.  It’s always more fun to develop new features than to debug and polish what you already have.  Given that a lot of open source coding is done by volunteers, it’s not really possible for a central manager of a project to “crack the whip” and make people work on bugs.  There will always be a new version of the program in question that is being developed, and that usually happens in parallel with debugging the code that has already been released.  If a coder stops submitting bugfix patches for the released Gnome version and starts submitting code instead to the pre-alpha version of the next Gnome, who is going to tell him NO, you have to go work on the older version?  Certainly not the manager of the new version (if the programmer in question is any good), as he will be glad to have the help.

In any loosely-organized coding project, the tendency will always be for the crew to want to be involved in the new and exciting stuff rather than the drudge work of debugging.  A leader of an open-source project might be able to overcome some of that tendency if he has enough gravitas (think Linus Torvalds with the kernel) and enough focus on the big picture, but it would still be harder to accomplish than it would be with people who are drawing a paycheck (relatively) directly from the higher-ups who tell them what to work on.

A lot of open-source projects have significant code contributions from professional programmers who are being paid to do so (Lennart Poettering, for example, works for Red Hat, but his code is in a ton of Linux distros unrelated to Red Hat– to the chagrin of many).  That doesn’t mean, though, that these paid Linux programmers are necessarily taking their marching orders from the directors of the projects to which they are contributing.  If XCorp thinks that a certain deficiency in the Linux kernel is harming their ability to use Linux in some way, they might pay a programmer to go in and contribute code that addresses that problem, even if that particular issue is only a minor concern compared to other issues the director of the project (who, in the case of the Linux kernel, would be Linus Torvalds) wishes to address.

I don’t know if there is a good solution to this.  The deficiencies of the closed-source, proprietary, heavily restricted model followed by MS could not be clearer, but the very thing that prevents MS from using their embrace, extend, extinguish strategy against open-source software also results in the fragmentation we see in the Linux world today.  It’s great to be able to have so many choices, but it also spreads the scarce resource (developers) very thin.  Imagine if all of the people working on all the different desktop environments all joined forces and worked on one… they could address all of the deficiencies of the Linux DEs compared to Windows quickly, but whose vision would they follow?  The projects are separate for a reason!

GNOME and Unity want to go down the same “one OS to rule them all” path that Microsoft embarked upon with Windows 8 and continued with 10, and a lot of us don’t want to follow.  Linux Mint and its Cinnamon DE are meant to take the good bits of GNOME 3 and Ubuntu, throw out the wacky tablet/phone stuff, and restore the primacy of the desktop PC and its traditional graphical UI. Mint would be wholly inappropriate for a touchscreen device, but that’s OK; it’s not meant for them.

Going down that road meant forking GNOME and Ubuntu, which splits scarce resources even further, but I’m glad they did, because I use Cinnamon and Mint, and the reason I like them is because Mint’s reason for being is right in line with what I want from an OS.

Even so, Mint can’t match Windows every which way.  I am sure Cinnamon would address the things that keep it from being on the same level as Windows in terms of UI, but they don’t have the resources.  Cinnamon isn’t one of the projects that follows the example you cited; its updates are evolutionary more than revolutionary, but they still have a significant workload developing it from a GNOME 3 code base that is constantly changing.  The more GNOME changes, the more work it is to back out those changes and return to a traditional interface more like what GNOME used to be.

I realize this message is already really long (as most of mine are), so I will try to be brief with the comments about the walled garden (I’m really bad at being brief, however).  Some users may well benefit from a locked-down, heavily restricted environment like iOS, but it matters why they’re still using Windows.  If it is because they’re in a corporate environment and their jobs involve using Windows, then the IT department should have already created the walled-garden for their employees to work within.

Building the walls into the OS itself restricts the IT guys from being able to do the administration they may need, and it puts the OS publisher in the role of the gatekeeper instead of someone working for the company in question.  One size doesn’t fit all, and the restrictions that Apple has built into iOS (for example) may render it unusable for many enterprise customers who do want their stuff locked down, but not in the way Apple demands.

If you’re talking about home users, that’s different.  It’s the casual users that can choose what to use that have mostly abandoned PCs in favor of mobiles.   It’s always possible to give people enough rope to hang themselves with anything technical that isn’t locked down to the point of frustration, and computers are sufficiently complex that it is difficult, if not impossible, to lock them down enough to prevent novices from harming themselves without also massively reducing the usability of the product to people who know a little bit more.  So who should Microsoft direct Windows toward?  Complete neophytes that know absolutely nothing about computers, or people that actually understand a little bit about the device they’re using?

Apple has already gone after the first group with the Mac, and you can see where that’s taken their market share.  Microsoft has managed to gather 90% of the desktop OS market with Windows, while the Mac has only about 5%.  What sense would it make for Microsoft to decide to stop doing what got them 90% of the customers and instead start doing what got 95% of the customers to go elsewhere?

Even then, the Mac is not locked down like iOS.  As the maker of the most limited, restricted OS in common use, Apple most assuredly has pondered making the Mac that way, or perhaps in making a version of the Mac that is more restricted than the usual version.  I think if there was any demand for that, Apple would have done it.  It’s just that trying to sell a computer with a market strategy of “buy our PC! It does less than the competition!” is going to be difficult.  People want to buy the more powerful thing, even if the features that make it more powerful will never be used and will only increase the potential for the user to really screw things up.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

1 user thanked author for this post.

AlexEiffel

Reply | Quote

Very interesting! Not a problem it is not brief.

I think we are on the same page regarding Linux even if I don’t know much about it compared to you.

Regarding why the Mac didn’t succeed, I think there was a different context at critical times in the past where being more open was clearly better, computers were simpler, security was much less of a concern, etc. After Windows built its legacy, it was and is still much harder for Mac to compete because lots of things that have been built on PCs over the years don’t work on the Mac, so I don’t think we can apply the same rules today now that maybe a lot more people would realize the benefits of the walled garden approach or are already realizing them on their mobile device, including power users like me. Put every software you love perfectly compatible with the Mac today and I am not sure that not more people would switch. There is clearly a demand for something else than what Windows has become right now and if the switch didn’t imply so many painful sacrifices, I think it would be easier.

Maybe also some people have difficulty with the idea that they should probably be using a walled garden approach and deludes themselves thinking they are too good for that. I stopped counting how many people told me over the years they never got viruses because they are careful only to find out later the PC they brought me was completely filled with c***. People don’t like to be told they probsbly shouldn’t use a PC that lets them shoot themselves in the foot because they like to think that using a computer is something they should be able to do as much as any expert because they know a thing or two about it and they might find people who are telling them otherwise condescending. I think that the more you know about compiters the more humble you become and the less confident you are that you can control everything about them.

Reply | Quote

@ AlexE

You seem to wrongly think that the way Enterprises/companies manage their employees’ “cptrs” should be the way how all Windows cptrs should be run.
You are like saying that the way trucking companies manage their employees’ “trucks” should be the way how all cars/vehicles should be run, eg fixing mandatory GPS tracking locators and radio communications on all cars/vehicles. Or like saying a home kitchen should be setup and run like a restaurant kitchen.

Bear in mind that Enterprises/companies have to buy ordinary consumer-grade Win 7/8.1/10 Pro cptrs b4 they could be converted to Win 7/8.1/10 Ent cptrs and be administered by an IT Pro.

The basic unit of a society/country begins with a family home of voters and not with a company loaded with $$$$. Family homes/employees outnumber companies/CEOs/IT admins by a huge margin, even though M$ make more money from the companies, eg thru costly Volume License fees.
So, the way that a cptr should be run should start with the home-users and not Enterprise/company users.

In future, there can be a GPEdit policy in Win 10 Ent to limit installation of all apps to Windows Store, but not for Win 10 as a whole. If not, M$’s Win 10 will likely end up like Apple’s iOS/App Store with a market share of only 15% or less.

Reply | Quote

Oh no, I really don’t think that. Maybe my comment was very badly written. I specifically said that although the walled garden approach might suit better some small companies AND a significant portion of home users, there will always be a need for an open OS. MS could offer you to run what you want (walled or not), but I am worried at some point they will just try to lock everything up for various reasons including thinking they could do that to protect copyrights as they tried to bake some protections in Vista back in the days and then those people will have to move somewhere else and maybe keep Windows not too far for some of the needs that the OS can’t provide.

For myself, I am ok with the walled garden idea for my Ipad and Iphone, it just makes things simpler and more secure. But I still need the open desktop. They fulfill different needs. For my users, my job would be a lot simpler if they only ran a walled garden with the real Office on it and if the OS wasn’t in the way showing them ads and other non-sense gimmicks for consumers that have nothing to do with business.

Reply | Quote

@ AlexE

http://www.windowscentral.com/windows-10-cloud-will-run-win32-apps-only-windows-store

A company’s Windows IT admin has the right to restrict employees’ ability to install apps/software for security reasons bc the cptrs belong to the company, esp dummy employees.
So, Win 10 admins may find M$’s move to restrict installation of Win32 apps to Windows Store only as helpful against the employees.

But as an individual Win 10 cptr owner and user at home, would you personally like to be restricted by M$ to the Windows Store only when you wanna install Win32 apps/software ?

IOW, it’s about freedom of choice and caveat emptor for Windows users.
Nothing can prevent a foolish person from being scammed/phished online or offline, not even Win 10 Cloud and its walled-off Windows Store or the liberal nanny-state govt.

Bear in mind that a desktop OS is quite different from a mobile OS, eg you can’t do serious work, software development and online competitive gaming with a smartphone running a mobile OS.
Hence, it was possible for Apple to get away with walling off their App Store in iOS = resulted in a market share of only about 15%. M$ may not get away with doing the same for Win 10 Cloud, esp if an equal competing non-walled-off desktop OS exists.

Reply | Quote

My points was exactly the opposite. The walled garden approach might free the employees from IT in small businesses as they will be able to install whatever they want from there. Right now, i lock everything up by default so no installation is allowed to prevent security issues. I am not defending this idea as a good idea, just pointing out that it seemed to be the original rationale for Microsoft to remove some control from IT in non big enterprise setting.

I really din’t mind being restricted on IOS. I don’t miss the tinkering and the installation of security software. Of course I wouldn’t like to be restricted as an individual, like many people, on my desktop, because it has a different function. That is why the last part of my comment was addressing this idea that the need for a customizable open desktop system will not go away anytime soon even if there migh be a need for a walled garden Windows desktop filled with practical considerations that might not get addressed for many years still.

Bear in mind too that even if IOS can’t let you do a lot of serious work, there is nothing preventing a walled garden system from offering this someday. Mobile OS is not the same as walled garden.

Of course I agree wihth you if Ms locks everything and doesn’t offer a non walled OS at some point, a competing desktop would have a good chance of taking market shares. But for this to hsppen, that alternative should offer what will be missed. Many people said they would switch to Linux and there alreayd would be many reasons to flee to Linux and not wait for the walled garden, but it doesn’t happen on a large scale for many valid reasons. Your great games don’t run on Linux, Office don’t run on it and for a lot of people LibreOffice is not a suitable replacement, Linux desktop is also not that much a model of stability and compatibility. Windows has a huge edge with the legacy it carries and it is not that easy to switch. It might cover lots of needs for some users, but many end up running Windows anyway for some tasks.

Reply | Quote

@ AlexE

I agree that Linux desktop OS is not an equal competing OS to Win 10.
Maybe Google’s coming Fuchsia OS will be.

Reply | Quote

Yes it is vey much possible, but then it might not solve the privacy issue. However, I am not sure how many people are that much concerned with that besides the crazy old fools here including myself.

Reply | Quote

1. You can already restrict users by not giving them Administrator privileges.

2. Linux already is walled garden – if you want it to be, you can be restricted to repositories only. But it’s open source, so there’s no chance anybody will make it completely closed OS.

3. There are already many great games on Linux – Hitman, Civilization 6, XCOM 2, Mad Max, Dying Light, Pillars of Eternity, Metro: Last Light, Tomb Raider – to name a few.

4. LibreOffice is sufficient for 90% of MS Office users, I guess – it’s just a matter of getting used to – not to mention that LibreOffice Writer used to be much better than Word for example with embedding pictures in text.

5. Ubuntu is supported by a large company and already preinstalled on Dell laptops for example:

http://www.dell.com/learn/uk/en/ukbsdt1/campaigns/dell-linux-ubuntu-en

If MS continues what they’re doing, people may consider switching.

Reply | Quote

@ AlexE

System administrators should focus their efforts against hackers rather than against their companies’ employees, eg supporting M$’s move to block non-Windows Store apps.

The attackers, the researchers later determined, had used the tools to collect passwords of system administrators and for the remote administration of infected host machines.

https://arstechnica.com/security/2017/02/a-rash-of-invisible-fileless-malware-is-infecting-banks-around-the-globe/

Reply | Quote

Well, I think it is common knowledge that the security incidents most often comes from the inside. Maybe it is not true, but if I had to bet who among the sysadmins here would vote that they need to focuses more on hackers than inside, I am not sure how many would.

Please bear in mind that often for an attack to succeed, it needs to get inside in the first place and that is often done by socisl engineering.

Reply | Quote

@ AlexE

Other examples,
http://gizmodo.com/report-sony-hackers-got-in-with-stolen-admin-credentia-1672958426

https://www.bloomberg.com/news/articles/2014-03-13/target-missed-warnings-in-epic-hack-of-credit-card-data

It is undeniable that there was much greater damage done to the companies by hackers, maybe bc of some system administrators’ over-focus against the companies’ employees, rather than focusing more against hackers.

Seems, some system admins do not like their companies’ employees, more than hackers.

1 user thanked author for this post.

AlexEiffel

Reply | Quote

Good points.

In my case during the last 20 years, it is the employees who have saved us because they are good and respected the rules we put in place. They understood the need for security and didn’t take risks when they were not sure. I try to limit to what is reasonable and try to get as much support from the employees as possible because they are the ones that can make the difference.

You have a point that a lot of negligence has been going on in big organizations regarding some threats they were aware of. Politics in the C-suite plays a big role and it is sometimes hard to justify spending for risks management as when nothing happens you get more rewarded than if you did something. I just hope that the current context makes businesses more aware of the risks of doing nothing and will entices them to focus better on security, but if the fads of BYOD and IoT have teached us anything, it is that many don’t have security as their priority.

Reply | Quote

This is what we have in 1607

Reply | Quote

woody wrote:

Choose where apps can be installed from. (Presumably, the wording will change before the final version ships, unless we get a new dangling participle option with.)

Up with which you will not put!

But preposition stranding is not wrong.

1 user thanked author for this post.

woody

Reply | Quote

Fyi,

Microsoft is late to offer this option; macOS has had a similar toggle as part of its Gatekeeper system since 2012.

With this switch, every version of Windows 10 can offer similar lock down to the rumored Windows 10 Cloud edition. This Windows edition, still not officially confirmed by Microsoft, will ship with the switch set to “Store only,” and it’s expected to require a paid upgrade (to regular Windows 10 or Windows 10 Pro) to change out of this position. This SKU gives Windows something of a Chrome OS or iOS-like experience: legacy applications can’t be installed at all, and the Store acts as the gateway to any and all third-party code.

The most recently leaked build of Windows 10 Cloud supports both UWP applications, built using the new Universal Windows Platform API, and Centennial-converted Win32 applications. This should give it a much wider selection of applications, and hence much wider appeal, than Microsoft’s last attempt at a locked down operating system, Windows RT.

https://arstechnica.com/information-technology/2017/02/windows-10-creators-update-can-block-win32-apps-if-theyre-not-from-the-store/

Reply | Quote

In May 2016, MS announced that TPM 2.0 will be a hardware requirement for new devices that ship with the Windows 10 Anniversary Update. The encryption keys saved in TPM 2.0 will decide what software will be allowed to run. If the software comes from an approved location, it will have the appropriate keys, e.g. The Windows Store. TPM 2.0 also aligns with other security features introduced with Windows 10. It looks as though the next version of W10 will be deploying this technology.

TCG (one of the authors of the technical specification for TPM 2.0, of which Microsoft is a member) has faced resistance to the deployment of this technology in some areas, where some authors see possible uses not specifically related to Trusted Computing, which may raise privacy concerns. The concerns include the abuse of remote validation of software (where the manufacturer—and not the user who owns the computer system—decides what software is allowed to run) and possible ways to follow actions taken by the user being recorded in a database, in a manner that is completely undetectable to the user.

1 user thanked author for this post.

AlexEiffel

Reply | Quote

@ anonymous#97715

Jurgen Born suspects that Device Guard is used in Windows 10 Cloud to allow or block applications and programs based on signatures.

http://www.ghacks.net/2017/02/09/windows-10-cloud-hacked-to-run-win32-programs/

https://www.1e.com/blogs/2016/05/03/device-guard-practice/

Seems, M$ is not using TPM 2.0 to block apps in Win 10 Cloud.

Reply | Quote

If you were upgraded to W10 on older hardware, you will not have TPM 2.0. You most probably have TPM 1.2 (which can not be updated to TPM 2.0). Considering that most of the new W10 security features were designed by Microsoft for the Enterprise Client, it is a mute point for the consumer.

Controlling what software can be run on older consumer systems is going to come down to what setting the user chooses (or what the default eventually is) in the next release of W10. If the consumer buys a new device with W10 pre-installed, the OEM will have installed TPM 2.0 and the consumer will be subjected to its deployment specifications – that being the hardware control of what software can run.

FYI only:
– Credential Guard and Measured Boot are more secure with TPM 2.0.
– Passport: Domain AADJ Join and Passport: MSA / Local Account requires TPM 2.0 for HMAC and EK certificate for key attestation support.
– Device Encryption for Modern Standby devices, all require TPM 2.0.

Reply | Quote

http://www.zdnet.com/article/microsofts-latest-windows-10-test-build-supports-ability-to-block-non-store-apps/ (dated 28 Feb 2017)
Likely, M$ will soon start offering Win 10 Cloud on new OEM Win 10 cptrs as a replacement for Win 10 Home, ie after the release of Creators Update in April 2017.

Reply | Quote