Serious Discussion Microsoft wants Windows 11 “secure by default,” could allow only properly signed apps and drivers by default

Parkinsond

Parkinsond

Level 62
Thread author
Verified
Well-known
Dec 6, 2023
5,063
14,276
6,069
Microsoft just announced a per-app permission system, just like Android, for Windows 11, to make the OS “secure by default”.
Soon, Windows is said to allow only properly signed apps and drivers to run.
This is still an experiment, and we don’t know when it’ll become the default behaviour, but it’s being considered, and we might see changes soon.
Of course, you’ll be able to turn off all new security features.

www.windowslatest.com

Microsoft wants Windows 11 “secure by default," could allow only properly signed apps and drivers by default

Microsoft plans Windows 11 “secure by default” mode with signed apps only and Android-style permissions for files, camera, and drivers.
www.windowslatest.com www.windowslatest.com
Click to expand...
7-Zip, RIP 😐
 
  • Like
  • HaHa
  • Wow
Reactions: rashmi, Andy Ful, Gandalf_The_Grey and 5 others
Parkinsond said:
7-Zip, RIP 😐
Click to expand...
Although 7-zip is one that defies the norm of signing binaries, I think other OSS projects also struggle to find sponsors to provide such signatures too. Notepad++'s recent brouhaha may partly be related to the fact that their previous benefactor yanked the sponsorship, resulting in a few releases with no signatures until they found another sponsor. CrystalMark (Crystal Dew World, CrystalDiskInfo, etc.) seems to have sponsorship from an unrelated Japanese company with the same name.

This security step-up may put even more pressure on these open-sourced homegrown projects.
 
  • Like
  • Sad
Reactions: lokamoka820, Khushal, Parkinsond and 1 other person
Parkinsond said:
Security-wise, it is a good concept; usability-wise, it is not practical.
Click to expand...
Windows as a platform for home users and "Users who want to use stuff" and everybody does what they want on Windows - that is an era that 10 years ago transitioned off-the-radar over to "The beginning of the end of Windows installed by OEMs onto devices."

Within 30 years, perhaps 50 years, there will be no more local installs of Windows. Microsoft will be a 100% cloud based OS and it will run in its cloud. Microsoft will also make Windows default deny gatekept in the long term. It is aware of the implications, but since 2 billion people pirate Windows routinely, Microsoft has a long-term plan to get rid of such pesky thieves.

Think of the transition the same as how China, in the 1970s, decided on a transition across decades.

It is going to happen.
 
Windows tried to remove many of its built-in customization options with the release of Windows 11, and what happened? Users started using third-party customization apps to restore what they had been using before, forcing Windows to add those options back again (such as the taskbar, for example).

Windows could make Windows Store apps more secure if they wanted to for users who need secure systems.

By the way, aren't signed apps signed because they paid for the cost of signing? Does having money or support behind you make your product secure?
 
  • Applause
Reactions: Parkinsond

You may also like...