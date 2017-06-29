Windows 10 Will Soon Protect Files and Folders From Ransomware (theverge.com) 18
Microsoft is making some interesting security-related changes to Windows 10 with the next Fall Creators Update, expected to debut in September. From a report: Windows 10 testers can now access a preview of the changes that include a new controlled folder access feature. It's designed to only allow specific apps to access and read / write to a folder. If enabled, the default list prevents apps from accessing the desktop, pictures, movies, and documents folders. "Controlled folder access monitors the changes that apps make to files in certain protected folders," explains Dona Sarkar, head of Microsoft's Windows Insiders program. "If an app attempts to make a change to these files, and the app is blacklisted by the feature, you'll get a notification about the attempt."
Petty useful (Score:2)
SMB / MSI / psexec are not "Apps"... (Score:1)
But the recent malware attacks weren't simply malicious trojaned apps changing each other's files. It was spread by compromising / using system services that are meant to be used to access a broad array of files. I don't see how changing the permissions model to block inter-app accesses will fix this...
Specific apps? (Score:2)
So it'd be enough for ransomware to impersonate those specific apps or just get into the party list. Shouldn't it?
Re: (Score:2)
It's just one more slap-dash fix in a creaky operating system riddled with legacy APIs that are now being easily strangled with NSA-ware. Adding strict user space is what made XP SP2 somewhat tenable, but this is just one more embarrassing and glaring hole, and IMHO, a great reason to take a serious look at devops and agile as software development models. Windows 10 isn't new; it's the lipstick on a pig made from thousands and thousands of attempts to get it right.
I'm just entirely shocked that Microsoft's
Re: (Score:2)
And what would a sane security model look like? Ransomware runs under the credentials of the user that has executed the malware, so if the user has read/write access to files and folders, then those folders are vulnerable. It's not that much different than someone accidentally deleting a bunch of files they have access to. I suppose you could put some quantity monitoring, as in if x number of files are altered or deleted, then suspend the process that is doing the file system changes, but that would probabl
MS Office? (Score:2)
Maybe I am wrong, but it looks like Office has been an attack vector.
Will it be in the party list of "allowed apps"?
I am Protecting (Score:2)
will be used to block steam unless you buy gamer (Score:2)
will be used to block steam unless you buy windows 10 pro gamer
Great, so... (Score:3)
..the next generation of Ransomware will exploit a vulnerability in this new service to prevent YOU from accessing these folders and files.
How very convenient!
=Smidge=