Most users are infected by ignoring some alerts of security software and still hoping that they will be uninfected.
However, I also miss the possibility of exclusions.
However, I also miss the possibility of exclusions.
Smart App Control - Windows 11 22H2 feature promises significant protection from malware
- Thread starter Andy Ful
- Start date
Yes it reduces usability; then I have two options, either to use programs allowed by SAC, or to disable SAC and apply MAC with exclusions.
SAC usability improvement.
SAC can now be toggled ON/OFF from inside the Windows Security app (tested in the Insider Build 26220.7070).
windowsforum.com
SAC can now be toggled ON/OFF from inside the Windows Security app (tested in the Insider Build 26220.7070).
Microsoft testing faster Quick Machine Recovery in Windows 11
Microsoft is testing a faster version of Quick Machine Recovery (QMR) and updated Smart App Control (SAC), allowing users to toggle it without requiring a Windows clean install.
www.bleepingcomputer.com
Windows 11 Insider Build 26220.7070: Faster Recovery, Widgets Redesign, SAC Toggle
Microsoft has shipped Windows 11 Insider Preview Build 26220.7070 (packaged as KB5070300) to the Dev and Beta channels, an incremental but meaningful update that tightens recovery workflows, refines the Widgets user interface, and removes a handful of practical friction points for testers and IT...
windowsforum.com
Last edited:
Great news.SAC usability improvement.
SAC can now be toggled ON/OFF from inside the Windows Security app (tested in the Insider Build 26220.7070).
Windows 11 Insider Build 26220.7070: Faster Recovery, Widgets Redesign, SAC Toggle
Microsoft has shipped Windows 11 Insider Preview Build 26220.7070 (packaged as KB5070300) to the Dev and Beta channels, an incremental but meaningful update that tightens recovery workflows, refines the Widgets user interface, and removes a handful of practical friction points for testers and IT...
Waiting for adding "exclusions"; SAC can be disabled to allow installing an app, but after re-enabling, launching such app may be blocked, if not added to exclusions.
Don't hold your breath, my friend.
Seems that MS decided to add SAC to all computers on W 11 soon
techpulse.be
Belangrijke Windows 11-beveiligingsfunctie komt toch naar alle pc's - TechPulse
Een cruciale beveiligingsfunctie van Windows 11 die Microsoft eerder alleen voor nieuwe Windows-installaties beschikbaar stelde, komt nu alsnog naar alle pc's.
techpulse.be
Last edited:
With forthcoming "Smart App Control - ON/OFF", when SAC blocks a known-good software update then:Don't hold your breath, my friend.
1. Turn SAC OFF
2. Update known-good software
3. Turn SAC ON
No need for exclusions.
But I know how this turns out for the masses:
1. Turn SAC ON
2. It blocks much of the stuff that they try to execute
3. Turn SAC OFF
4. Run unknown/untrusted files
5. Turn SAC ON or keep it permanently OFF
Either way, the user disabled the protection because they are a "User that wants to use stuff." Inevitable outcomes are infected systems. Lost files. Stolen identities and money.
There is only one type of truly effective default deny. It is the one that the user can never disable - not even in an administrator privileged account.
Can't be done? Will make systems non-functional, break software, cause productivity to falter, and make the system "unusable"? Nope. Anybody that says that it will either has an agenda or they're ignorant of the facts. There's effective ways to manage such a device (by others; not the user of the device themselves).
This kind of restriction will certainly create fookery for the hoomans that require abilities in order to maximize effectiveness of said tasks.
Your not wrong though, it's the only way to fix stupid.
@bazang
The scenario you outlined happened with UAC a lot years ago.
But I think with SAC it might be a little better because of the contineous updating of the cloud white list.
On my wife's laptop I have enabled SAC and never have heared her complain, because she just uses her PC.
I have her laptop also hardened (Defender in Zero tolerance mode and blocking scripts in user folders with Software Restriction Policies) using Andy's tools.
I think the people who think they are power users are the real problem. Let me illustrate it with something which actually happened in real life.
I was lucky she is running as Standard User because the husband of a friend of hers told her he had a better photo editor and collection tool when they were making a photo book for one of her other friends (she became 50)
My wife phoned me for the admin password because the friendly husband of her friend needed to turn off something. I asked where he needed it for. When he came on the phone he told me wanted to disable Defender temporately and SAC permanently to install something.
I refused and the situation became pretty awkward because the man turned it into a "don't you trust me" situation.
While we were talking I found a simular program in the Windows store. This sort off prevented a old fashioned "high noon shoot out".
The scenario you outlined happened with UAC a lot years ago.
But I think with SAC it might be a little better because of the contineous updating of the cloud white list.
On my wife's laptop I have enabled SAC and never have heared her complain, because she just uses her PC.
I have her laptop also hardened (Defender in Zero tolerance mode and blocking scripts in user folders with Software Restriction Policies) using Andy's tools.
I think the people who think they are power users are the real problem. Let me illustrate it with something which actually happened in real life.
I was lucky she is running as Standard User because the husband of a friend of hers told her he had a better photo editor and collection tool when they were making a photo book for one of her other friends (she became 50)
My wife phoned me for the admin password because the friendly husband of her friend needed to turn off something. I asked where he needed it for. When he came on the phone he told me wanted to disable Defender temporately and SAC permanently to install something.
I refused and the situation became pretty awkward because the man turned it into a "don't you trust me" situation.
While we were talking I found a simular program in the Windows store. This sort off prevented a old fashioned "high noon shoot out".
Last edited:
1. "Users want to use stuff". That might be legal, but it don't make it right - at least not for uneducated, ignorant, wholly dis-inclined and insecure masses.
2. "Users want to use stuff" model generates hundreds of billions in Euros/USD every year:
A. Software Installs.
B. Malware Removal Services.
C. Entire clean-up projects of the hooman fookery.
D. Cybercriminals making bank with every second on the clock registering a "Chah-Ching!!".
E. Ever-increasing cybersecurity costs get passed onto the hoomans at "Cost Plus" - at built-in fees and prices which usually make it a profit center.
There's a global threshold at which the hooman stupid will kill us all.
We're all on a one-way train trip to that stupid apocalypse.
Test this theory after SAC ON/OFF feature is shipped with Windows 11 by:
1. Giving a laptop with SAC enabled to a group of 6 to 18 year olds.
2. Giving a laptop with SAC enabled to a group of adults aged 19 thru 101 (randomly chosen).
Watch the hoomans bypass SAC by simply turning it off whenever they see fit to do so because they all want to do unsafe, unhygienic stuff - in other words "Users want to use stuff."
Hypothetical tests allow for any outcome, which does not mean the results you claim are true neither will such a hypothetical test proof you are right.
I can hardly lmagine Microsoft would make such a drastic move (from blacklist to whitelist) when it was not supported by the big data Microsoft gathers with telemetry.
There's nothing hypothetical about that. If I had a dollar for every time someone has asked me how to disable a security to install something that's being blocked I'd be a rich man. That knowledge stems from experience and is common sense as he is not wrong, users do want to use stuff. Especially that age bracket, they know better than everyone at that age.
The whole point of the "hypothetical test" is that it replicates real-world hooman behaviors and patterns of behaviors in the wild.
What I said is already well known and widely accepted as fact.
Microsoft is not moving from blacklist to whitelist with regards to SAC.
It will begin shipping SAC with the ability of the user of any unmanaged device (e.g. consumers, home users) to turn SAC ON or OFF at will. Microsoft has not stated exactly when it shall begin to do this. So no ETA. It is also an absolute certainty that Microsoft will ship SAC set to OFF by default which means the vast majority of users will never set it to ON in the first place. When set to OFF by default, it is just users using Windows on their digital device as usual - downloading and executing stuff without any restraint. The general behavior of the masses.
For those users that do turn it ON, many will turn it OFF and execute stuff because they are "Users that want to use stuff."
Microsoft has tried major security improvements to greatly reduce the stoopid hooman behaviors, but each time the "Users that want to use stuff" complained so intensely that Microsoft stopped its terrific security improvements. I suppose the "Users that want to use stuff" complaining that they are forced not to do things on their systems that make not only theirs, but everyone else's digital systems unsafe is a continuation of that stoopid hooman behaviors.
There's detailed, large scale studies out there about user psychology and behaviors. They're all behind paywalls and are very expensive - usually 10,000+ Euros. You can gain access to those studies - or at least some of the best parts - by becoming an enterprise or government Microsoft Security client with a 1+ million contract. Or you can just do free and perform some Google Foo or basic AI search engine queries about "Users want to use stuff", whey they do it, and why they are so insecure.
Anybody that designs security to prioritize convenience is an exploiter of people. They might not even realize that they are not doing anybody a bit of good by making things convenient. The first rule of solid security is never to allow any user to make a decision or to be able to "use stuff" on their own. But most do realize and their justification is "I have to cater to Users that want to use stuff by making it all convenient for them." Well, that seems perfectly legitimate but the fact of the matter is that the average person cannot or will not make decisions or behave in a manner to do even a little bit securely.
So the only way to make Windows safe is to enable SAC by default and not allow any unmanaged device user to disable it. The right thing to do is to make it convenient for the masses to report incorrect blocks, but Microsoft cannot allow that. Logistically and economically it cannot permit billions of users to submit reports. Microsoft is not going to devote the resources to make any such system work - at least not without charging about $75 per person. So, in other words, it would have to adopt a SAC subscription model but the "Users want to use stuff" crowd would never tolerate having to pay.
You may also like...
-
Windows 11 KB5067036 update rolls out Administrator Protection feature- Started by Parkinsond
- Replies: 13
-
Simple Steps to Secure Your Windows 11 PC- Started by Divergent
- Replies: 0
-
Windows 11’s MSN Weather now has more ads and new features- Started by Gandalf_The_Grey
- Replies: 2
-
-
Microsoft Defender Antivirus + Windows 11 Smart App Control (SAC)- Started by Shadowra
- Replies: 56