Why don't I use Windows Software Restriction Policies?

[509322]

I personally have never experienced Comodo autosandboxing "System" or "Windows Updates" files.

There's a ton of unsigned files in C:\Windows. Most of them are *.dlls or non-executable file types. The executables only get auto-sandboxed when launched. Very occasionally one will get sandboxed.

 

[Duotone]

I just learned about SRP last year but I still dont use it ... as I'm using AG!

 

[Andy Ful]

Good choice.

 

[Andy Ful]

There are users who click "No" on UAC prompt coz "No" was highlighted/selected by default & cant figure out why the executed program didn't appeared coz they never look into details & only look for "Yes", "No", "Ok", etc & go with "Default" selection, if default selection is not there then action is mostly/always "Yes"..."No" if the mouse behaved erratically & the hit was on "No".
And when the users figure out that the program didn't appeared coz he clicked "No" on that useless window And somehow Google search, etc also figured out disabling UAC & "WOW" it worked, that useless window now doesn't appear.
Now he is a certified expert, atleast on this fix for his frds.

Advices for inexperienced users.
Expected UAC = when you run/install an application.

1. When you see Expected UAC - always choose YES.
2. When you see UNExpected UAC - always choose NO (and call the friend).
3. If you see Smartscreen - always click Do not run (and call the friend).
4. If you cannot obey the above - go for Bitdefender free (joke).

 

[Andy Ful]

Average users
...
A mostly static system users may find Windows FW + WD + SS + UAC effective
A mostly dynamic system users with often changes like software install, software trying, keygen, cracks, etc...
may find inbuilt security not effective.
...

You are, right - WFW + WD + SS + UAC looks good.
Also, WFW + WD + ReHips + UAC, and WFW + WD + Sandboxie + UAC, etc. Nothing is close to ideal, but those configurations work well for many people.

The testers who like virtual machines can be happy with just WFW + WD + SRP + UAC.
The real question is: where can one find the advantage of using (learning) SRP?

I think that stability & compatibility is the answer. If someone likes to use Comodo Firewall (without any issues) there is no purpose to drop it for SRP.

 

[Andy Ful]

The serious issue which can be found in Windows built-in security, is the lack of serious self defense. The main mechanism is UAC, which depends of user's choice. If the malware gets elevated, then the game is over. It can disable Windows Defender, SRP, script blocking, etc.
Things could be better if system wide SmartScreen would be truly system wide.
In Windows 8+, we can see many improvements (Secure Boot, AppContainer, Smartscreen App on the Run, Cloud, etc.). There is also a good idea to release a platform for converting desktop programs to Windows Store Apps. We will see what happens next.

 

[DC47561]

I personally like SRP. It takes quite a bit of investigation to find out what programs you need to allow to run in order for the system to work properly. Blocking .lnk files will disable any desktop shortcuts. It took me a while to work that one out!