Windows 10 Is Getting A Clever New Way To Fight Off Ransomware

Topic

New Reply

Windows 10 is already very good at protecting you against all kinds of malware threats, but it’s about to get even better. Microsoft knows that when it comes to your computer’s defenses, there’s always room for improvement. That’s why the Windows 10 Fall Creators Update is adding a new malware-fighting feature.

Microsoft is adding a new ability to Windows Defender, the built-in anti-malware app that ships with Windows 10. The company has cooked up something it calls controlled folder access.

Windows 10 Is Getting A Clever New Way To Fight Off Ransomware

1 user thanked author for this post.

AlexEiffel

Reply | Quote

Replies

Interesting, but as always, Microsoft takes the least effective but least disruptive approach to security: most apps can write to the protected folders. Only if MS Defender knows an app is bad will it block it and then it gives you the permission to unblock it if you think you know better. I don’t see that as bringing any more protection than a traditional antivirus working with signatures.

It is just marketing bs with no real value added. If they provided a way to protect folders and let the user customize a whitelist, it might be different.

This reminds me of when Microsoft started bragging it has a two-way firewall in Windows a long time ago. It was in practice not really usable for most including lot of PC users, but they could say they now provided a two-way firewall. This is the same kind of bs protection.

Reply | Quote

They have provided a way to protect folders and let the user customize a whitelist. See “Allow an app through Controlled folder access” in the linked Windows Blog article.

Reply | Quote

From what I understand, this whitelist is not a “block all except what is in the whitelist”, but rather a way to tell Defender to make an exception IF it blocked the app in the first place. This is a very different security paradigm. Defender lets everything in unless it has a reason not too that it doesn’t explain. Then, if you think Defender is wrong, you can add the app to the exception list and have it unblocked. To me, that is different than a signature based antivirus behavior.

Reply | Quote

Of course it’s different to a signature-based antivirus. But it has a user-customizable whitelist. I’m not clear whether you think it’s going to block too much or too little.

Reply | Quote

Oh sorry, I didn’t write proper English and added to the confusion. I meant “that is not different than a signature based antivirus behavior” and the “too” is a “to”.

Yes, it has a white list for things Defender decided to block, but Defender don’t block anything unless it has a good reason to think it should be blocked, like a signature-based antivirus that represents an allow-all by default policy. You keep looking for bad things to block instead of allowing access only to a restricted white list of what app you want to allow access to certain folders explicitly. That an antivirus blocks a ransomware from executing or that protected folders prevents this ransomware from writing to protected folders after identifying the ransomware doesn’t provide much difference in value.

And so, in effect, as per MS words, most apps can write to the protected folders. If Microsoft ever gets noticed that an app misbehave, they will block it, and then you can whitelist it if blocked, but why would you? Honestly, I don’t see that as particularly useful. If we are talking about the world of apps as in App Store apps, it would be interesting to start with a clean slate and only allow access to some specific folders on an app by app basis. That would be much more secure than granting access to all usual folders for many apps that don’t need it.

Why let a little game access your Word documents or that calculator app or flashlight access any folder at all, your contacts, calendar and what else? In the world of Store Apps, this makes more sense than an allow-all-unless-we-think-it-should-be-denied policy. Plus, MS clearly says most apps won’t be blocked, so really what added protection this provides compared to a traditional antivirus?

Reply | Quote

It doesn’t allow all by default, it blocks all by default unless it’s on Microsoft’s whitelist or yours. It’s quite different to antivirus signatures which have to be updated quickly to identify new bad programs. Protected folders will only allow access by approved programs. So all your documents and photos (or anything you consider valuable enough that you might currently consider paying to get unencrypted) are protected from ransomware. It does “only allow access to some specific folders on an app by app basis”, but not only for store apps.

Reply | Quote

Ok, well it is different if that is what you understood from this. That isn’t clear at all from the link by Microsoft that you posted, where they talk about a blacklist:

“Controlled folder access monitors the changes that apps make to files in certain protected folders. If an app attempts to make a change to these files, and the app is blacklisted by the feature, you’ll get a notification about the attempt. You can complement the protected folders with additional locations, and add the apps that you want to allow access to those folders.”

So I guess if they use a whitelist, it makes more sense to be able to unblock an app.

I think it is an interesting idea if that is how it works. What would be even better would be to be able to have complete control over the whole thing and not have whitelisted apps you don’t want whitelisted. You could protect a folder and only allow the apps you want to be able to access it, not relying on Microsoft to decide which apps are whitelisted. This could be useful.

Reply | Quote