Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
Harden Windows Security | Only with official documented methods | Always up to date
Message
<blockquote data-quote="ForgottenSeer 98186" data-source="post: 1025376"><p>I know what SAC is, lol.</p><p></p><p>I am a Microsoft native security proponent and I've been around long enough at the enterprise and government level to know how Microsoft handles projects. It's handling of WDAC is the same as AppLocker, Group Policy, PowerShell Desired State Configuration and a myriad of other of its security solutions.</p><p></p><p>As far as WDAC development, it has been static for years. It is not a project that is getting any active development. It gets sporadic updates. SAC is just a sideshow of a sideshow.</p><p></p><p>Updating Microsoft Learn pages is not development, and neither is the supplying of a myriad of deployment and administration scripts and utilities development either. It is exactly this sort of "sprawl" that makes WDAC a manageability problem for sysadmins and security professionals. You can all it "development" if you wish but that is not what it is. The project is not addressing the fundamental issue with WDAC - which is tedious deployment, administration and usability. That is why companies are sticking with Group Policy, AppLocker and Software Restriction Policies.</p><p></p><p>The SAC initiative is Microsoft's desire to deliver a security solution similar to Windows S mode, but allowing home users to safely "use stuff." SAC is another one of Microsoft's vanity projects on behalf of home users.</p><p></p><p>The permanently "ON" or "OFF" modes are the exact kind of functionality that will dissuade the vast majority of users - who actually know what SAC is and care - to embrace it. A permanent "ON" mode appeals only to a tiny minority of security geeks.</p><p></p><p>It is all well-meaning, but it is more of the Microsoft same-same, which is poor execution and implementation.</p><p></p><p></p><p>SAC is being managed by Microsoft the same way it handled AppLocker, Group Policy, and PowerShell Desired State Configuration. Microsoft will take it to a certain point and then just silently stop, as it has done with most all of its security projects. So yeah, it is already in the "half-baked" Microsoft class of things.</p><p></p><p>The requirement that a user must perform a clean-install is a non-starter. How many home users do you think are actually going to do that? The fact that no one can create an allow exception - how many home users, amongst those few people who figure out what SAC is, are going to use SAC when it blocks their favorite game DLLs and they cannot allow them?</p><p></p><p></p><p>Yes. It is used in enterprise - by a very few enterprises that is. Due to many issues, WDAC is not widely used to the extent that Microsoft openly addresses this fact in its learn pages. I work daily with companies and government agencies that are mandated by law to have robust security - and none of them use WDAC. When the subject of WDAC is broached, the sysadmins scurry for the shadows.</p><p></p><p>If SAC were ready for production, then it would not require an evaluation mode. If it were ready for production, then it would not be blocking Microsoft's own processes and DLLs. If SAC were ready for production, then it would not need the extended telemetry that Microsoft forces as a requirement.</p><p></p><p>What is Microsoft doing exactly with SAC at this time? It is collecting data via Intelligent Security Graph and building lists of processes, DLLs and other files to be rated and allowed. So it is using all the home users as guinea pigs. That's what.</p></blockquote><p></p>
[QUOTE="ForgottenSeer 98186, post: 1025376"] I know what SAC is, lol. I am a Microsoft native security proponent and I've been around long enough at the enterprise and government level to know how Microsoft handles projects. It's handling of WDAC is the same as AppLocker, Group Policy, PowerShell Desired State Configuration and a myriad of other of its security solutions. As far as WDAC development, it has been static for years. It is not a project that is getting any active development. It gets sporadic updates. SAC is just a sideshow of a sideshow. Updating Microsoft Learn pages is not development, and neither is the supplying of a myriad of deployment and administration scripts and utilities development either. It is exactly this sort of "sprawl" that makes WDAC a manageability problem for sysadmins and security professionals. You can all it "development" if you wish but that is not what it is. The project is not addressing the fundamental issue with WDAC - which is tedious deployment, administration and usability. That is why companies are sticking with Group Policy, AppLocker and Software Restriction Policies. The SAC initiative is Microsoft's desire to deliver a security solution similar to Windows S mode, but allowing home users to safely "use stuff." SAC is another one of Microsoft's vanity projects on behalf of home users. The permanently "ON" or "OFF" modes are the exact kind of functionality that will dissuade the vast majority of users - who actually know what SAC is and care - to embrace it. A permanent "ON" mode appeals only to a tiny minority of security geeks. It is all well-meaning, but it is more of the Microsoft same-same, which is poor execution and implementation. SAC is being managed by Microsoft the same way it handled AppLocker, Group Policy, and PowerShell Desired State Configuration. Microsoft will take it to a certain point and then just silently stop, as it has done with most all of its security projects. So yeah, it is already in the "half-baked" Microsoft class of things. The requirement that a user must perform a clean-install is a non-starter. How many home users do you think are actually going to do that? The fact that no one can create an allow exception - how many home users, amongst those few people who figure out what SAC is, are going to use SAC when it blocks their favorite game DLLs and they cannot allow them? Yes. It is used in enterprise - by a very few enterprises that is. Due to many issues, WDAC is not widely used to the extent that Microsoft openly addresses this fact in its learn pages. I work daily with companies and government agencies that are mandated by law to have robust security - and none of them use WDAC. When the subject of WDAC is broached, the sysadmins scurry for the shadows. If SAC were ready for production, then it would not require an evaluation mode. If it were ready for production, then it would not be blocking Microsoft's own processes and DLLs. If SAC were ready for production, then it would not need the extended telemetry that Microsoft forces as a requirement. What is Microsoft doing exactly with SAC at this time? It is collecting data via Intelligent Security Graph and building lists of processes, DLLs and other files to be rated and allowed. So it is using all the home users as guinea pigs. That's what. [/QUOTE]
Insert quotes…
Verification
Post reply
Top