Reply to thread

Message

<blockquote data-quote="ForgottenSeer 95367" data-source="post: 1004774">Microsoft probably will not implement Smart App Control to its fullest possible extent (such as it did with Windows 10 S which was superb security) for consumer and small businesses. It knows that it can&#039;t block too much otherwise there will be consumer backlash. Afterall, Windows is nothing but a conduit to supply profitable media to consumers. More money to be made (by orders of magnitude) selling entertaining stuff to consumers than protecting them for, basically, free or very little cost to them. But I would expect there to be tweaks or manual configuration (e.g. SAC XML) possible for those users inclined to enforce the highest possible security using SAC. Yet it remains a guessing game. We&#039;re dealing with Microsoft, where features come-and-go, some stick, some fade-away (remember Desired State Configuration?). It&#039;s anybody&#039;s guess.We already know that users are screaming for a way to whitelist programs and files in Smart App Control as they see fit (look at the SAC feature requests submitted to Windows Insider&#039;s) - because SAC is blocking stuff that those users shouldn&#039;t be doing or using. So the cracks created in security by users themselves are already afoot where SAC is concerned.Microsoft has been telling developers for a while that SAC might block their unsigned programs, and the only workaround Microsoft is willing to provide is for the developer to purchase and apply a digital certificate. Microsoft has postured and drawn such lines in the sand before, only to relent every single time once the backlash reached enough of a threshold.For those intent on implementing mighty security, Microsoft will leave the manual methods of AppLocker, Group Policy, MDAC\WDAC and SRP. Since enterprise is so dependent upon these, and the fact that Windows is a unified OS image, we can expect these to be shipped by Microsoft for a long, long time.</blockquote>

[QUOTE="ForgottenSeer 95367, post: 1004774"] Microsoft probably will not implement Smart App Control to its fullest possible extent (such as it did with Windows 10 S which was superb security) for consumer and small businesses. It knows that it can't block too much otherwise there will be consumer backlash. Afterall, Windows is nothing but a conduit to supply profitable media to consumers. More money to be made (by orders of magnitude) selling entertaining stuff to consumers than protecting them for, basically, free or very little cost to them. But I would expect there to be tweaks or manual configuration (e.g. SAC XML) possible for those users inclined to enforce the highest possible security using SAC. Yet it remains a guessing game. We're dealing with Microsoft, where features come-and-go, some stick, some fade-away (remember Desired State Configuration?). It's anybody's guess. We already know that users are screaming for a way to whitelist programs and files in Smart App Control as they see fit (look at the SAC feature requests submitted to Windows Insider's) - because SAC is blocking stuff that those users shouldn't be doing or using. So the cracks created in security by users themselves are already afoot where SAC is concerned. Microsoft has been telling developers for a while that SAC might block their unsigned programs, and the only workaround Microsoft is willing to provide is for the developer to purchase and apply a digital certificate. Microsoft has postured and drawn such lines in the sand before, only to relent every single time once the backlash reached enough of a threshold. For those intent on implementing mighty security, Microsoft will leave the manual methods of AppLocker, Group Policy, MDAC\WDAC and SRP. Since enterprise is so dependent upon these, and the fact that Windows is a unified OS image, we can expect these to be shipped by Microsoft for a long, long time. [/QUOTE]

Verification