- Jan 30, 2023
- 113
It's honestly very surprising to me that I see super old and totally obsolete technologies such as SRP or software restriction policies is being suggested and used by members in the forum. Thought I'd raise awareness by making this thread and presenting some facts about these technologies.
Here is the timeline of the application control solutions in Windows:
1. SRP (Introduced with Windows XP - before I was even born!)
2. AppLocker (Introduced with Windows 7)
3. WDAC (Application Control for Business) (Introduced with Windows 10)
As a home user, there is 0 reasons, I repeat, 0 reasons, to use #1 and #2.
You only use AppLocker nowadays in a very limited scope, to allow Intune as managed installer for WDAC policies. Since 9 years ago when Windows 10 was introduced, WDAC is the recommended method of Application Control solution.
As you can see even WDAC is not new and it's been with us for 9 years, but it is actively maintained.
All the documents, automations, solutions, tooling etc. to use WDAC for both enterprises and home users are available. All of these things are Free btw!
At the end of the day, it's your choice just like it's your choice to turn off your firewall and AVs. I just wanted this information to be put out there. I've helped multiple companies with implementation of WDAC and continue doing so, and I myself use it on my PC and family members. I've made tooling and documentations available for it and continue to do so.
The threat landscape has changed significantly since Windows XP, it even changes every ~2-3 years, the ever-changing TTPs (Tactics, techniques, and procedures) require us on the defense side to be very adaptive or risk falling behind and being defeated.
Hope everyone has a good time and stays secure!
Here is the timeline of the application control solutions in Windows:
1. SRP (Introduced with Windows XP - before I was even born!)
2. AppLocker (Introduced with Windows 7)
3. WDAC (Application Control for Business) (Introduced with Windows 10)
As a home user, there is 0 reasons, I repeat, 0 reasons, to use #1 and #2.
You only use AppLocker nowadays in a very limited scope, to allow Intune as managed installer for WDAC policies. Since 9 years ago when Windows 10 was introduced, WDAC is the recommended method of Application Control solution.
As you can see even WDAC is not new and it's been with us for 9 years, but it is actively maintained.
All the documents, automations, solutions, tooling etc. to use WDAC for both enterprises and home users are available. All of these things are Free btw!
At the end of the day, it's your choice just like it's your choice to turn off your firewall and AVs. I just wanted this information to be put out there. I've helped multiple companies with implementation of WDAC and continue doing so, and I myself use it on my PC and family members. I've made tooling and documentations available for it and continue to do so.
The threat landscape has changed significantly since Windows XP, it even changes every ~2-3 years, the ever-changing TTPs (Tactics, techniques, and procedures) require us on the defense side to be very adaptive or risk falling behind and being defeated.
Hope everyone has a good time and stays secure!