- May 31, 2017
You are aware that VS was tested in AutoPilot mode, so your comment is quite disingenuous. This is the exact kind of security theater that I am talking about.You have never been to this theater.
If you are looking for evidence then look at the tests on Malware Hub. Even without any AV (only properly configured SRP) the results were like in (almost) perfect theater. You can compare them with the test results of VS, if you need a reference point.
Anyway, you are right that classic SRP was not designed to mitigate modern threats in the business environment. The danger comes from the attacks with admin rights via lateral movement. Furthermore, SRP and Windows policies are not well designed to stop the highly targeted attacks. Lastly, most people do not know how to configure SRP for optimal protection (you are not the only one).
Properly configured SRP + simple hardening (like blocking SMB protocols and remote features) is still very efficient when a few computers are connected to the home router (no lateral movement).
Software Restriction Policy was designed to stop the user from running user mode software. It was not designed as a sophisticated anti-malware mechanism that blocks modern threats. In other words, you can use a screwdriver to drive a nail, but it is best to use the right tool for the job (a hammer).