Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Windows 10 Is Getting A Clever New Way To Fight Off Ransomware

    Home Forums AskWoody support Windows Windows 10 Windows 10 Is Getting A Clever New Way To Fight Off Ransomware

    This topic contains 7 replies, has 2 voices, and was last updated by  AlexEiffel 3 months ago.

    • Author
      Posts
    • #125093 Reply

      b
      AskWoody Lounger

      Windows 10 is already very good at protecting you against all kinds of malware threats, but it’s about to get even better. Microsoft knows that when it comes to your computer’s defenses, there’s always room for improvement. That’s why the Windows 10 Fall Creators Update is adding a new malware-fighting feature.

      Microsoft is adding a new ability to Windows Defender, the built-in anti-malware app that ships with Windows 10. The company has cooked up something it calls controlled folder access.

      Windows 10 Is Getting A Clever New Way To Fight Off Ransomware

      1 user thanked author for this post.
    • #125209 Reply

      AlexEiffel
      AskWoody Lounger

      Interesting, but as always, Microsoft takes the least effective but least disruptive approach to security: most apps can write to the protected folders. Only if MS Defender knows an app is bad will it block it and then it gives you the permission to unblock it if you think you know better. I don’t see that as bringing any more protection than a traditional antivirus working with signatures.

      It is just marketing bs with no real value added. If they provided a way to protect folders and let the user customize a whitelist, it might be different.

      This reminds me of when Microsoft started bragging it has a two-way firewall in Windows a long time ago. It was in practice not really usable for most including lot of PC users, but they could say they now provided a two-way firewall. This is the same kind of bs protection.

      • #125210 Reply

        b
        AskWoody Lounger

        They have provided a way to protect folders and let the user customize a whitelist. See “Allow an app through Controlled folder access” in the linked Windows Blog article.

        • This reply was modified 3 months ago by  b.
        • #125231 Reply

          AlexEiffel
          AskWoody Lounger

          From what I understand, this whitelist is not a “block all except what is in the whitelist”, but rather a way to tell Defender to make an exception IF it blocked the app in the first place. This is a very different security paradigm. Defender lets everything in unless it has a reason not too that it doesn’t explain. Then, if you think Defender is wrong, you can add the app to the exception list and have it unblocked. To me, that is different than a signature based antivirus behavior.

          • #125252 Reply

            b
            AskWoody Lounger

            Of course it’s different to a signature-based antivirus. But it has a user-customizable whitelist. I’m not clear whether you think it’s going to block too much or too little.

            • #125267 Reply

              AlexEiffel
              AskWoody Lounger

              Oh sorry, I didn’t write proper English and added to the confusion. I meant “that is not different than a signature based antivirus behavior” and the “too” is a “to”.

              Yes, it has a white list for things Defender decided to block, but Defender don’t block anything unless it has a good reason to think it should be blocked, like a signature-based antivirus that represents an allow-all by default policy. You keep looking for bad things to block instead of allowing access only to a restricted white list of what app you want to allow access to certain folders explicitly. That an antivirus blocks a ransomware from executing or that protected folders prevents this ransomware from writing to protected folders after identifying the ransomware doesn’t provide much difference in value.

              And so, in effect, as per MS words, most apps can write to the protected folders. If Microsoft ever gets noticed that an app misbehave, they will block it, and then you can whitelist it if blocked, but why would you? Honestly, I don’t see that as particularly useful. If we are talking about the world of apps as in App Store apps, it would be interesting to start with a clean slate and only allow access to some specific folders on an app by app basis. That would be much more secure than granting access to all usual folders for many apps that don’t need it.

              Why let a little game access your Word documents or that calculator app or flashlight access any folder at all, your contacts, calendar and what else? In the world of Store Apps, this makes more sense than an allow-all-unless-we-think-it-should-be-denied policy. Plus, MS clearly says most apps won’t be blocked, so really what added protection this provides compared to a traditional antivirus?

            • #125275 Reply

              b
              AskWoody Lounger

              It doesn’t allow all by default, it blocks all by default unless it’s on Microsoft’s whitelist or yours. It’s quite different to antivirus signatures which have to be updated quickly to identify new bad programs. Protected folders will only allow access by approved programs. So all your documents and photos (or anything you consider valuable enough that you might currently consider paying to get unencrypted) are protected from ransomware. It does “only allow access to some specific folders on an app by app basis”, but not only for store apps.

            • #125363 Reply

              AlexEiffel
              AskWoody Lounger

              Ok, well it is different if that is what you understood from this. That isn’t clear at all from the link by Microsoft that you posted, where they talk about a blacklist:

              “Controlled folder access monitors the changes that apps make to files in certain protected folders. If an app attempts to make a change to these files, and the app is blacklisted by the feature, you’ll get a notification about the attempt. You can complement the protected folders with additional locations, and add the apps that you want to allow access to those folders.”

              So I guess if they use a whitelist, it makes more sense to be able to unblock an app.

              I think it is an interesting idea if that is how it works. What would be even better would be to be able to have complete control over the whole thing and not have whitelisted apps you don’t want whitelisted. You could protect a folder and only allow the apps you want to be able to access it, not relying on Microsoft to decide which apps are whitelisted. This could be useful.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Windows 10 Is Getting A Clever New Way To Fight Off Ransomware

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.