Windows 10 Will Soon Protect Files and Folders From Ransomware (theverge.com) 219
Microsoft is making some interesting security-related changes to Windows 10 with the next Fall Creators Update, expected to debut in September. From a report: Windows 10 testers can now access a preview of the changes that include a new controlled folder access feature. It's designed to only allow specific apps to access and read / write to a folder. If enabled, the default list prevents apps from accessing the desktop, pictures, movies, and documents folders. "Controlled folder access monitors the changes that apps make to files in certain protected folders," explains Dona Sarkar, head of Microsoft's Windows Insiders program. "If an app attempts to make a change to these files, and the app is blacklisted by the feature, you'll get a notification about the attempt."
Petty useful (Score:5, Interesting)
Disk firewall? (Score:2)
I've seen "disk firewalls" in other operating systems. Macs use something like SELinux to keep all but root tasks out of the Time Machine repository.
I think this isn't a bad thing, and a must eventually. However, it does force an organization system (where the Documents folder winds up organized into Word, Excel, etc. subfolders, each only allowing the appropriate application and the backup program to access that directory.) Some ransomware can use a Dancing Bunnies attack and just ask the user for permi
Re: (Score:3)
What could possilby go wrong? (Score:3)
Re: (Score:2)
Re: (Score:2)
Presumably this would be useful against malware that doesn't have root privilege (or whatever it's called in Windows-land). Currently, any software running at user-privilege level has the ability to munge the user's files, which by unfortunate coincidence are usually also the files that are the most valuable and most difficult to recreate after they get destroyed.
I'm not sure what would be sufficient to defend against malware that has root access, since presumably any defense you put up could be removed by
Re: (Score:2)
Re: (Score:2)
I'm sorry. You are doing backups wrong.
Backups should be done via a client/server; where the client agent software sends data to the server.
The client system should not ever directly mount nor be able to write to the backup media.
And of course, the backups should be differential versioned; so if the client is compromised, and the encrypted/corrupted files are backed up, that you can still roll back to the day before the corruption.
And there should be another separate back up on top of that.
Don't get me wron
Re: (Score:2)
Sure, if user context switching was a thing in Windows that would be problem solved. However I'm not going to log into a different account every time I wanted to access a certain file.
Re: (Score:2)
RUNAS USAGE:
RUNAS [ [/noprofile | /profile] [/env] [/savecred | /netonly] ] /user: program
RUNAS [ [/noprofile | /profile] [/env] [/savecred] ] /smartcard [/user:] program
RUNAS /trustlevel: program
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
External drives directly attached to the computer are great for handling the "oh shit" type of disasters, like disk failures. Install Veeam, Time Machine, or something else, and forget about it. However, all it takes is one format command and the data is history.
I always recommend people use the 3-2-1 method of backups: Three different storage areas, two different media types, one offsite. Keep the external HDD for full system restores, but look at CrashPlan, Mozy, or some other offsite backup for docum
SMB / MSI / psexec are not "Apps"... (Score:5, Insightful)
But the recent malware attacks weren't simply malicious trojaned apps changing each other's files. It was spread by compromising / using system services that are meant to be used to access a broad array of files. I don't see how changing the permissions model to block inter-app accesses will fix this...
Re: (Score:2)
But the recent malware attacks weren't simply malicious trojaned apps changing each other's files. It was spread by compromising / using system services that are meant to be used to access a broad array of files. I don't see how changing the permissions model to block inter-app accesses will fix this...
I was going to mention this, but perhaps at least it will raise the bar somewhat so that instead of fighting all sorts of "apps" that people download you are only fighting unpatched systems and zero-days bugs...
Re: (Score:2)
It seems that the idea is a whitelist rather than a blacklist, and across user-system space. In such case, if no one can modify the contents of a folder (not even using Windows explorer, or any system service), except using the registered binary, this would avoid any changes from scripts or trojans. Seems a nice idea to me.
Re: (Score:2)
If only an app can modify data, that's DRM (Score:2)
if no one can modify the contents of a folder (not even using Windows explorer, or any system service), except using the registered binary
Then an application's publisher could hold your data for ransom.
Specific apps? (Score:3)
So it'd be enough for ransomware to impersonate those specific apps or just get into the party list. Shouldn't it?
Re:Specific apps? (Score:5, Interesting)
It's just one more slap-dash fix in a creaky operating system riddled with legacy APIs that are now being easily strangled with NSA-ware. Adding strict user space is what made XP SP2 somewhat tenable, but this is just one more embarrassing and glaring hole, and IMHO, a great reason to take a serious look at devops and agile as software development models. Windows 10 isn't new; it's the lipstick on a pig made from thousands and thousands of attempts to get it right.
I'm just entirely shocked that Microsoft's stock price hasn't cratered into the pit it deserves. Don't think that the current wave isn't the last or best; ransomware will be iteratively released until bitcoin shoots past $10,000/coin.
Re: (Score:3, Insightful)
I'm just entirely shocked that Microsoft's stock price hasn't cratered into the pit it deserves. Don't think that the current wave isn't the last or best; ransomware will be iteratively released until bitcoin shoots past $10,000/coin.
Because it's not really hurting Microsoft's pocket. There isn't really a legitimate alternative for windows. The general public seemed baffled by Linux (and Linux isn't getting the marketing spent to promote it). Apple is a walled garden that nobody wants.
Many business apps only run on windows. Microsoft's customers aren't going anywhere.
Re:Specific apps? (Score:4, Interesting)
I'm just entirely shocked that Microsoft's stock price hasn't cratered into the pit it deserves. Don't think that the current wave isn't the last or best; ransomware will be iteratively released until bitcoin shoots past $10,000/coin.
Because it's not really hurting Microsoft's pocket. There isn't really a legitimate alternative for windows. The general public seemed baffled by Linux (and Linux isn't getting the marketing spent to promote it). Apple is a walled garden that nobody wants.
Many business apps only run on windows. Microsoft's customers aren't going anywhere.
At least for the Apple case, you are incorrect:
In general:
http://www.vertoanalytics.com/... [vertoanalytics.com] ...and, more specifically...
"IBM began replacing PCs with Macs in early 2015, when it began giving employees the choice to upgrade to a Mac when their company kit needed upgrading. The data speaks for itself, at IBM an astonishing 73 percent of employees will choose a Mac when they get the chance to choose for themselves"
http://www.computerworld.com/a... [computerworld.com]
Re: (Score:2)
"IBM began replacing PCs with Macs in early 2015"
Irony can be pretty ironic.
Re: (Score:2)
"IBM began replacing PCs with Macs in early 2015"
Irony can be pretty ironic.
Are you speaking of the irony that stems from the fact that, in the early days of Apple, Jobs basically touted that they were the "Anti-IBM"?
If so, I have thought about that, too. But remember, PCs were only a VERY small part of IBM's business (in fact, it started as part of their TYPEWRITER division!); so IBM itself was never THAT beholden to the WIndows culture, anyway.
Re: (Score:2)
Yes, and the other way around too.
Windows or no Windows, IBM owned PC(tm)
Re: (Score:2)
Many business apps only run on windows. Microsoft's customers aren't going anywhere.
With the move towards SAAS, I wonder if this is going to change. If all of the business apps change to web-based products instead of installed software, then you can use any OS you want as long as it has a browser.
Re: (Score:2)
If all of the business apps change to web-based products instead of installed software, then you can use any OS you want as long as it has a browser.
And, in the case of business travelers' laptops, $10 per GB to connect to said web-based products.
Re: (Score:3)
Apple is a walled garden that nobody wants.
Come again? While iOS may be a walled garden, macOS has no meaningful restrictions on what you can run. If you can download it, you can run it, regardless of source, author, or whether they're registered with Apple. I'll grant that the default setting these days is to disallow unsigned apps (i.e. apps not signed by a registered Apple developer), which makes sense as a default, given that this is an OS being used by untrained masses, but for someone such as yourself, you can easily bypass the restriction on
Re:Specific apps? (Score:5, Insightful)
You're baffled by Windows. Let's see you set up a corporate network with active directory domains using an all-Microsoft environment, complete with patch management, group policy, and the like. Then replicate that in linux.
You can't.
I run DevOps software on Linux. We develop stuff here, we deploy it, we run it in Docker containers, we put it on Linux. I got Linux to connect to the Active Directory domain via Samba--it's rickety, fickle, and hard to debug, as well as basically-independent because it doesn't do any of the actual active directory stuff. You can't push configurations down through Samba. Samba isn't Puppet.
I've been fighting that battle for 10 years. I tell people we need robust, integrated enterprise network and configuration management like a Microsoft Domain; they tell me nobody wants that, and that Samba can already provide single sign-on. The freaking Social Security Administration investigated replacing much of their workstation deployments with Linux and deemed it unacceptable because you can't do anything like SCCM or GPO. Oh, you can now, if you want to develop Puppet or Chef modules in-house, with no standards to work from.
The operational risk of running Linux, the sheer cost of administrating and securing a giant network of dumb workstations, is just ridiculous. Your network will never be in a known state. This is an easy problem to fix, except the people who want it fixed are either unable to do it themselves (yeah I'm not any form of programmer you want writing production code) or able to get a better, faster result by just buying COTS like Microsoft Active Directory and SCCM.
Oh, and many business applications only run on Windows. That's not really a big deal today--not with O365 and all--and a mixed environment is acceptable if you can manage it sanely.
The Linux ecosystem is filled with people who manage isolated servers or somehow got LDAP working for single sign-on and think that's acceptable. There's a nebulous push for things like Puppet and Pulp, in its isolated world, learning no lessons from large enterprise deployments of Novell (in the past), Windows, and so forth. People think that some rickety, slap-dash work that's not even up Windows NT 3.51 standards is somehow ready to take over the world, except that the applications aren't ported to it; in reality, the applications are hardly a barrier at all, and the complete lack of support for wide enterprise deployments is the big killer.
Get some perspective.
Re: (Score:2)
set up a corporate network with active directory domains using an all-Microsoft environment, complete with patch management, group policy, and the like.
There's your problem.
Then replicate that in linux.
Yep, it's hard to replicate such a complete POS infrastructure. Your mind is locked into the Windows world. This is like saying "Have you ever driven a car, with a steering wheel, seatbelts and all -- now try to replicate *that* on a motorcycle.
If you need evidence that unix is fit to run massive scale networks, maybe look at relatively unknown, obscure projects like, say, the Internet.
hard to debug
Harder to debug than AD? Do you even know what debugging means?
Re: (Score:2)
Let's see you set up a corporate network with active directory domains using an all-Microsoft environment, complete with patch management, group policy, and the like. Then replicate that in linux.
This here is the problem. When substituting a work flow with another, free or propitiatory, one simply can't build a bijection with the fundamentally different domains. Some things have to go, some change and some done in a completely different way than before. What lies below the line and what comes out of the system at the end is what matters. This building of the solution is the only way you can even determine the actual operational risk to an organization within relevant timescales.
I'll just quote another reply too and answer both in one post:
If the enterprise needs things on Linux, nothing is stopping them from scratching their itch and sharing it. Enterprise technology is only relevant in big business. Libre software developers owe nothing to business to make any software for them. In fact, a good portion of libre software developers detest commercial software and have little interest in what businesses use. Enterprise only takes, anyway. Who cares if your use cases aren't being met? Build it or deal with the broken dumpster fire that is Windows.
I can understand that people feel the Linux community is a bit like Mr. Jekyll and Dr. Hide, because it's got cheerleaders and grumps rolled into one.
Linux cheerleader: Bah Windows sucks, why don't you use Linux on the desktop?
Enterprises: It lacks central management features equivalent to AD with group policies, SCCM etc.
Linux grump: We don't owe you nothing. It's your job to deal with all the trouble of switching.
Enterprises: Who said we wanted
Re: (Score:2)
Apple is a walled garden that nobody wants.
Which I guess explains why Apple makes more money than the GDP of most sovereign nations on Earth.
Re: (Score:3, Insightful)
I know it's fun to hate on Microsoft but it's worth noting that Linux has no protection from this kind of malware either. With this change the user directory on Windows will actually be more secure than the user directory in Linux.
Re: Specific apps? (Score:2)
For Linux on the desktop, it seems like it should be possible to have apps, like a web browser and email client, that have their own users. You could then run the apps via sudo and they'd only have access to files for their user or group. But last time I tried this I couldn't get it to work. Has anyone else done this successfully?
Specific apps? (Score:5, Informative)
You can use SELinux to accomplish a similar setup. You can ensure that a given application only has access to specific directories or files. Having spent a little time with it I can say it has an obscene learning curve.
Re: (Score:2)
You can use SELinux to accomplish a similar setup. You can ensure that a given application only has access to specific directories or files. Having spent a little time with it I can say it has an obscene learning curve.
Can you do the opposite based on directories? Make it so that only certain apps can access directories or files?
1998. only x user, running y program, can do z (Score:2)
Yes, if you can express any such security rule in English, you can do it with Selinux.
Only this role (group of users) can access this set of files, and only by running these programs, and only has read/write/execute permission. There are other attributes you can use as well.
SELinux was released it in 1998.
It's particularly well suited to servers. You can say exactly what your mail server software, or Apache web server, has access to, under exactly what conditions.
Re: (Score:2)
Fedora has long come standard with SELinux enabled. I hate it. It sounds like a great idea, but the vast majority of apps do nothing special with SELinux failures, and just report them as "permission denied", leading the user to suspect a different problem than what's actually going on. And that's the good case; since SELinux problems can cause failures in things many programs don't expect to fail, it can leave you having to dig through the program with strace to figure out what went wrong. And with service
Re: (Score:2)
"Has anyone else done this successfully?"
Check out Qubes OS https://www.qubes-os.org/ [qubes-os.org] . Qubes is picky on HW requirements, but works well if you have the HW.
Re: (Score:3)
Not hating on Microsoft. They're their own worst enemy. And I have quite a bit of difficulty with your determination that this makes Windows more secure than Linux. Remember: Microsoft only recently even considered the concept of user space. Everything was root. Everything before XP SP2 was admin. Only now are they trying to protect user space in rational ways. And they're failing.
Why are they failing? Lack of rigorous testing made impossible by legacy APIs, horrific driver control, proprietary transports,
Re: (Score:2)
Re: (Score:2)
I know it's fun to hate on Microsoft but it's worth noting that Linux has no protection from this kind of malware either. With this change the user directory on Windows will actually be more secure than the user directory in Linux.
No, it will just devolve into being a REAL PITA to do ANYTHING that resides inside of your User's directory-tree.
Re: (Score:2)
SELinux? If Apache gets compromised, and winds up with a root context, it won't be able to do much other than scrozzle its own directories.
Re: (Score:2)
It's just one more slap-dash fix in a creaky operating system riddled with legacy APIs
Oh accessing a file system is related to legacy APIs? Tell me how Linux get's around protecting user files from programs run with user privileges? You lose a point for every manual intervention a user needs to make in order to actually access their files. How does Linux defend against a hacked user program with user privileges updating and containing malware from encrypting the files that the software needs to access? (Not that MS will succeed in this, but hey you're attacking them for trying. What are you
Re: (Score:3)
You make the mistake of believing that I espouse Linux as a secure operating system. It's better than the mutt called Windows in security, and has been for quite sometime. It's not invulnerable. Almost nothing is.
Do you understand concepts like SE Linux? If not, then there is no rational discussion from here; you're a Windows fanboi and will not be swayed.
Windows is prevalent in a large part of the business world. But as they're systematically held hostage by ransomware, cracks that leak billions of dollars
Re: (Score:2)
I'm just entirely shocked that Microsoft's stock price hasn't cratered into the pit it deserves.
Hm. Why should their stock price go down? It is guaranteed income. Everyone needs an operating system and Microsoft has a legal stranglehold on the consumer and business markets. Microsoft could do something utterly evil, like monitor everything you do on a computer for analysis by the government and I bet there would barely even be a peep about it. Sure, some knowledgeable people will whine and complain needlessly about how such monitoring is merely to make Microsoft's products better, but the thought spac
Re: (Score:2)
You can push the public only so far....
Re: (Score:2)
Not like Windows is...
Re: (Score:2)
One extra hurdle for them to clear. Better than no change.
MS Office? (Score:2)
Maybe I am wrong, but it looks like Office has been an attack vector.
Will it be in the party list of "allowed apps"?
Re: (Score:2)
Office has ALWAYS been an attack vector. From damn Macro viruses in the 90's to other tecnhiques that embed in Word or other office products today.
My wife got a virus on her laptop recently opening a Word document. Office is still very much a vector.
Re: (Score:2)
Misconfigured Office is still very much a vector.
FTFY. Macros are disabled by default, and office has been opening files in protected mode, which disables all 'script-like' elements for years. And if you're on a domain, you can tighten those screws even further.
And all of this stuff is built upon design features that were present in NT decades ago, unlike bolt-ons that exist in the Unix world. UNIX had zero protection because it wasn't designed with security in mind. As the designers have admitted years ago. You do have some toys like SELinux/AppArmour but the first thing people want to do is turn them off because they sucks.
I dunno about that.
macOS seems to be doing pretty good in the security department, and it is a UNIX.
Re: (Score:2)
OSX is riddled with tons of security holes due to really bad programming.
Unix was designed with security in mind, hence why it had a functional DAC system which extended quite well to ACL (although the standard for ACLs was rescinded; Linux implements it anyway), and took Capabilities-based security equally-well.
Windows, on the other hand, was designed with no filesystem access control and didn't even segment userspace and kernelspace contexts, so any program could write to RAM above 3GB and mess with ke
Re: (Score:2)
If your wife was stupid by effectively clicking yes to the "Hey, don't be stupid out there, the world is a dangerous place" box ( http://media.askvg.com/article... [askvg.com] ) to a malware laden document she randomly opened, she deserves to be infected.
She opened a Word Document sent from her professor (and had been expecting a Word Document from her so didn't treat it as suspicious).
I am Protecting (Score:2)
will be used to block steam unless you buy gamer (Score:4, Interesting)
will be used to block steam unless you buy windows 10 pro gamer
Re: (Score:2)
Errr why would you say that? MS already has the ability to block Steam they don't need to write a new feature for that. Please try and fit the hole in the tinfoil hat, some of the mind control is getting through and you're missing some really basic crap.
Re: (Score:2)
I suspect that is still a few years off. They learned with Trusted Computing that the chains have to go on a bit more slowly for the public to not cause a fuss about it.
On a side note: Holy shit Slashdot is terrible without noscript. Actually, all of the web is. Been redirected to viruses twice so far this morning. How does this ecosystem even exist? Turn off the scripts,
Re: (Score:2)
How does this ecosystem even exist? Turn off the scripts,
Without scripts, how would an interactive web application like pix2pix [npocloud.nl] work? Would it instead have to be an OS-specific executable that the user is expected to download and install, or just do without if the user is running a different OS?
Great, so... (Score:5, Interesting)
..the next generation of Ransomware will exploit a vulnerability in this new service to prevent YOU from accessing these folders and files.
How very convenient!
=Smidge=
Re: (Score:2)
Windows already does a fine job of that. When I upgraded from an XP system to Win7 (separate, all-new machine) and copied my files over, something got messed up with file permissions. I treat my desktop like a temp folder and write files to it all the time, except once I try to delete one of these files, Windows will throw a UAC prompt. No matter how many times I approve the prompt, Windows just keeps demanding admin access. All I have to do is wait 5 minutes, and then I can delete the offending file.
doesn't matter any more (Score:2)
I used to get work done in Windows but I've diversified away from it on my production machines -- I do have it on a few test machines just in case they make some customer friendly decisions
Things I'm unhappy about:
- the broken update process (when I tried a few months ago, Windows 7 no longer auto-updates all the way through without manual intervention) -- it was supposed to work until 2020
- the telemetry which reportedly can't be completely be turned off -- I like building nice quiet machines that are read
Channeling Homer Simpson (Score:2)
Ah, Windows - the cause of, and solution to, all of life's problems.
Whitelist or blacklist... same thing ... not. (Score:2)
Microsoft SELinux (Score:2)
So Microsoft is implementing a crippled version of SELinux?
Will Word or Excel be on the blacklist? (Score:2)
Office macros are one of the most notorious attack vectors...
Versioned file systems (Score:2)
Personally I would be more concerned with exfiltration than deletion but if MS wants to provide safety they should consider versioning file system so that designated folders can be rolled back to prior states no matter what happened to the data. Not all fail is intentional and this could provide useful value beyond attack resistance.
Aspect based access control mechanisms have a tendency of subverting themselves in the name of convenience over time. First there was the windows firewall, then every app inst
Re: (Score:2)
File system based versioning, something some older OS's were known to do. I think it was TOPS-20 that kept a versioned filesystem.
This would be a much better solution to the ransomware issue, not only because it's the best way to ensure you can recover previous versions of files, but it's also useful for a myriad of other situations.
Of course, Microsoft probably doesn't read /. so I doubt we'll get the more useful feature. App whitelist/blacklist seems a bit too complicated for end-users to be excepted to
you figured out access rights! (Score:2)
Sounds like UAC, part 2 (Score:2)
Prediction: It will be exactly 6 months, maybe less, before MS largely defeats this, because, just like UAC, the only way MS knows how to make anything is either COMPLETELY in-your-face to the point of madness, or COMPLETELY useless.
Protect from ransomware (Score:4, Funny)
reboot & encrypt hd sectors ?! (Score:2)
Store your important data elsewhere (Score:2)
Why can't they just use Volume Shadow Copy Service (Score:3)
There's an even easier way Microsoft could solve the problem that already exists and has probably 99% of the work already done for them: Volume Shadow Copy Service.
Set aside 100 gigs of a 500+ gig hard drive, and designate one or more folders for protection.
Any changes to files in the protected folders get journaled to that 100-gig area.
If the journal fills up, the hard drive gets write-protected, with the exception of a 1-2 gig area where the user can create and save NEW files, but can't overwrite/delete existing files (so there will always be somewhere to save open files if the rest of the drive gets write-locked).
Add some extra logic to warn the user as the journal reaches certain milestone sizes. Allow users to override the limits... but treat it like the safes used for change at convenience stores... you can override the limit NOW, but it won't take effect for 24 hours (and maybe up to a week, with warnings leading up to its execution, for more radical overrides).
Need to write lots of temp files? Do it to a directory that's not protected. Or get a bigger hard drive, and make policy changes (that have to either be set at installation time, or get delayed by a period of time to give adequate advance warning).
The only real difference between how it's used now would be the setting of hard thresholds that couldn't be exceeded without write-protecting the drive to give the user time to take action. It would probably create some new denial of service opportunities (some, accidental rather than malicious), but it would be a fairly effective safeguard against the current #1 mode of action used by ransomware (mass-encryption in the background of files over a short period of time).
I'm pretty sure that I always want administrator.. (Score:2)
Stick to user-level authorization for reading... but having application whitelists writing to folders may help the situation somewhat for the moment, or at least until the malware author learns how to masquerade their creation as some ordinaril
Re: (Score:2)
IMHO, this is yet another sad example of Microsoft solving the problem backwards.
Take the way it handles program installation. If the .msi installer goes to create a new directory in c:\program files, c:\program files(x86), or somewhere else, Windows throws up all kinds of warnings. But if the installer simply goes to MODIFY an already-existing .exe file, it'll silently allow it without complaint once you've swatted away the UAC prompt. Which, IMHO, is fucking STUPID. Almost BY DEFINITION, if I launch a .ms
Linux has had this for a while (Score:2)
Microsoft reinvented groups - the hard way (Score:2)
They used to own Xenix, there's no legal issues in the way of them learning from the examples of others.
Re: (Score:3, Interesting)
And what would a sane security model look like? Ransomware runs under the credentials of the user that has executed the malware, so if the user has read/write access to files and folders, then those folders are vulnerable. It's not that much different than someone accidentally deleting a bunch of files they have access to. I suppose you could put some quantity monitoring, as in if x number of files are altered or deleted, then suspend the process that is doing the file system changes, but that would probabl
Re: (Score:2)
Ransomware runs under the credentials of the user that has executed the malware,
So, run your e-mail client in one user account, your browser in another and keep your local work (documents, etc.) in your 'main' user account. Read-only access (via group permissions) between accounts. This is a solution that I've used since before Linux had ACLs.
Re: (Score:2)
How do you plan to save emailed documents to local storage, download files from the internet, then read-write to those files using local programs, etc?
That's easy!
You just turn off the Ransomware Protection, just like everyone did with UAC!!!
Re: (Score:2)
How do you plan to save emailed documents to local storage
In the local storage of the account running the e-mail client. The important ones can be copied to the primary account via read-only access granted to the shared group. Same for downloaded files and uploading documents prepared in the primary account.
I've seen people who have taken this a step further and managed moving files between the accounts using CVS [wikipedia.org] or it's siblings. A bit of an overkill IMO. But as long as the owner of the repository doesn't run the ransomware, committed versions of your local file
Re: (Score:2)
But as long as the owner of the repository doesn't run the ransomware
In the case of a home PC, would the PC owner run the repository? Or would the repository be a subscription service on the other end of a possibly slow and/or capped Internet connection? Or is there a third option that you are willing to describe?
Re: (Score:2)
And what would a sane security model look like? Ransomware runs under the credentials of the user that has executed the malware, so if the user has read/write access to files and folders, then those folders are vulnerable.
That's user based access control. What they're talking about here is role based access control, which prevents a user from modifying files unless the process he runs also in a role that allows modification.
The problem is that the rules for such systems must be maintained, so when Joe Schmoe installs a new word processing program, it won't be prevented from opening his documents because it hasn't been assigned to the correct role(s). And you cannot trust the users themselves to be able to determine that, o
Re: (Score:2)
Anything to stop the user from being a fucking idiot is okay in my books. If they can't be bothered reading and understanding, that's on them and they deserve to be ransomwared.
That's all well and fine if it were only the (ir)responsible persons who got affected. But would you be fine with patients suffering because a nurse was an idiot and got the machines ransomwared?
Re: (Score:2)
That works well on a relatively limited device like a smartphone. I'm thinking more in the context of a workstation on a network with network shares. It would be a considerable paradigm shift away from the classic shared resource to an "application-focused" model. I'm not saying it couldn't be done, and couldn't work, but it's a shift away from how shared file networks have worked for decades now.
Network share doesn't affect file capabilities (Score:2)
Apple's solution is to allow apps to open any file which is dragged onto the app by the user, or selected from a standard file selector.
I'm thinking more in the context of a workstation on a network with network shares.
The user would drag a file from the network share onto the app or use the standard file selector from within the app to choose the file from the network share.
Re: (Score:2)
How does Finder distinguish dragging a file onto an app for the purpose of reading from dragging the same file onto an app for the purpose of modification?
Re: (Score:2)
You can still mark files as read-only
The use case I'm imagining is that the user wants one application to have read-write access to a file but another application to have read-only access to the same file. Consider, for example, a photo indexing application. The user might want to give the application access to read photos in a particular folder and its subfolders but not write access.
Re: (Score:2)
The problem being that a lot of things are "executable", which is how malware can be spread via Word documents and the like. Actually locking down execution is going to mean any data format that includes macro or scripting capabilities is going to have be shelved, and there is a lot of software out there that utilize these kind of executable capabilities, and are potentially vulnerable to being used as a malware vector.
Re: (Score:3)
Why not implement a sane security model instead
Because a "sane security model" uses defense in depth. There no one single "silver bullet" solution. Any security layer can fail, so you need additional layers to contain or mitigate the damage.
Your first layer of defense is your firewall ... your last layer is your offsite backups. You should have many more layers in between.
Re: (Score:2)
Your first layer of defense is your firewall ...
This is why working security can never be achieved. As long as there are people who think that he first layer of defense can be anything other than the human brain, and that security can be achieved through technology alone, the default state will continue to be vulnerable.
Re: (Score:2)
Microsoft has always been more concerned about backwards compatibility than anything else. They won't put in a new sane security model because it will break that compatibility. The problem is the do put something out with better security but it's alongside with a version that's completely compatible with all of the other software so users are going to choose the version that lets them use the most applications. Microsoft needs to eventually bite the bullet and change the internals knowing that it's going t
Re:Put another band aid on... (Score:5, Insightful)
Mandatory or role based access control is no more sane than the configuration of it. The problem is that Joe Schmoe want to open his files in RandomApp without having to learn how to add rules for it.
Convenience wins over security any time.
Re: (Score:2)
On a Mac, App Store apps have restricted access to a very limited set of folders (as described by the entitlements list that has to be approved by Apple) BUT they can open any file from any folder if the user drags it onto the app or selects it from a standard system file selector within the app. That makes it totally transparent to the user for the vast majority of apps while remaining secure because the app cannot fake the user interaction that allows access to the files.
For the moment, only App Store app
Re: (Score:2)
Maybe not, but I suspect you are not Lord Nelson, either.
What's not to love about more and more annoying popups asking uninformed users questions they can't understand, and insisting they answer before they can continue?
How else can we convince people that Ubuntu is actually great, despite systemd, persistent and recurrent network software failure, and the system forgetting your sound card settings if you reboot?
Disclaimer: I use *BSD - but only because Ken Olsen said "Unix is snake
Re: (Score:2)
This sounds strangely like the App-Locker feature that's available on some Windows Server and Enterprise editions...
Applocker prevents launching of applications based on rules. This sounds different in that it prevents apps from accessing data based on rules. So the application could be allowed, but it may not be allowed to access some data.
Re: (Score:2)
No one solution is going to stop 100% of all attacks.
If this stops 5% of the attacks it's an improvement and a step in the right direction. By itself it isn't enough but if it stops some attacks (and doesn't introduce other attacks in the process) then I would want this.
Re: (Score:2)
Sounds like a reverse SELinux/AppArmor. With SELinux/AppArmor you create profiles for applications where you can control which directories and/or files they can read, write and create. This solution sounds like they mark certain folders as special and whitelist access to them from certain applications.
Re: (Score:2)
There is (or used to be, at least) GPOs for limiting what could be executed, and we did try it to prevent non-admin staff from running executables located outside of the usual execution paths (for instance, forbidding execution of anything in their profile paths), but it was a pain in the ass, broke a few things, and then I discovered that the execution path limits could be bypassed and thus didn't offer the level of security we wanted.