Microsoft Announces Device Guard For Windows 10

jones_supa writes: Microsoft has announced a new feature for Windows 10 called Device Guard, which aims to give administrators full control over what software can or cannot be installed on a device. "It provides better security against malware and zero days for Windows 10 by blocking anything other than trusted apps—which are apps that are signed by specific software vendors, the Windows Store, or even your own organization. ... To help protect users from malware, when an app is executed, Windows makes a determination on whether that app is trustworthy, and notifies the user if it is not. Device Guard can use hardware technology and virtualization to isolate that decision making function from the rest of the Windows operating system, which helps provide protection from attackers or malware that have managed to gain full system privilege." It's intended to be used in conjunction with traditional anti-virus, not as a replacement.

Whitelisting executables...

[ZorinLynx]

This actually sounds like a great idea. Whitelist all the executables on your system. Then, if something tries to execute that's not whitelisted, throw up a dialog explaining what's going on. This would catch sneaky attempts to execute trojans in a lot of cases.

One downside is it probably wouldn't work with interpreted languages, and those can be fairly powerful. But it's a start.

Re:

[Anne Thwacks]

It also wont block Malware from "Trusted Malware suppliers".

I think it is safe to presume the signing process will be hacked in a matter of hours.

Re:Whitelisting executables...

[Greyfox]

"Trusted Malware Suppliers"

You mean, like SONY?

Re:

[ron_ivi]

Not just Sony.

McAfee, Norton, Oracle (that damn Ask toolbar), HP Support Assistant, Razer mice [boingboing.net], Skype [dogtownmedia.com].

Heck, it seems most Windows software has a "malware" buisness model these days.

Re:

[Dutch Gun]

I think it is safe to presume the signing process will be hacked in a matter of hours.

Code signing uses the same cryptographic technology as SSL-TLS, and is used by many operating systems already (the notable exception being Linux). The only real way for this system to be subverted is the same as for the web - for a trusted certificate authority to either lose or misuse their private keys, which would allow a certificate to be spoofed.

So, no, the signing system isn't going to be hacked. Code signing isn't a new feature. It's already been a part of Windows for many years. This is just an

Re:

[sexconker]

Code signing uses the same cryptographic technology as SSL-TLS, and is used by many operating systems already (the notable exception being Linux). The only real way for this system to be subverted is the same as for the web - for a trusted certificate authority to either lose or misuse their private keys, which would allow a certificate to be spoofed.

So, no, the signing system isn't going to be hacked. Code signing isn't a new feature. It's already been a part of Windows for many years. This is just an additional enterprise feature that happens to use it.

What's the best way to wash sand out of your hair?
Where'd you get those wraparound granny sunglasses?
Do you prefer Icy Hot or Bengay for severe stiffness and cramps?
Etc.

Maybe you had your head in the sand, were stuck in a cave, or were living under a rock for the past eon, so I'll just point out that the "trusted" certificate "authorities" have repeatedly proven themselves to be untrustworthy and unauthoritative.

Re:

[Dutch Gun]

I'll just point out that the "trusted" certificate "authorities" have repeatedly proven themselves to be untrustworthy and unauthoritative.

No shit, which is why I mentioned that this could be circumvented if the private keys are compromised. Compromised certificate authorities are definitely the Achilles heel of the system, and my concern is that we trust far too many of them at this point, and there's little to prevent one root from impersonating another.

Even so, code-signing still generally does it's job reasonably well, as most hackers don't have the resources or skills to acquire private root certificate keys. No system is completely foo

Re:

[oh_my_080980980]

Yo douche bag: "To help protect users from malware, when an app is executed, Windows makes a determination on whether that app is trustworthy, and notifies the user if it is not. "

So it makes a check against a list of some sort. How hard would it be to get some malicious software signed. More importantly what about devices that are from a trusted source but are not signed. Can an admin out such devices on a white list or does Microsoft control a master list.

FTA: "This gives it a significant advantag

Re:

[Minwee]

"It provides better security against malware and zero days for Windows 10 by blocking anything other than trusted apps—which are apps that are signed by specific software vendors, the Windows Store, or Lenovo [theregister.co.uk] ."

There. Fixed that for you.

Re:

[PsychoSlashDot]

This actually sounds like a great idea. Whitelist all the executables on your system.

If this were done well, it could be useful (if occasionally annoying).

That said, I suspect the definition of "executables" is what's going to cause the biggest headache. Sure, an EXE file is an executable. Sure, so is an SCR. But these days there's so much interpreted code that it's not clear what is a .NET app or Java app and what isn't. How about Flash content? It's sort of executable in that a runtime will process it and DO something. But wait, there's more. PDFs have macros, as do most document

Re:

[sexconker]

You've been able to do exactly this for ages via group policy.
I believe there's even a mechanism to whitelist via certificate (so you don't have to whitelist each time there's an update), though I've never used it.

I'm not sure what's "new" about this feature. Perhaps moving this piece to a separate virtualized ring and relying on hardware virtualization features?

Re:

[goarilla]

Couldn't you already create this "executable whitelist" if you setup software restriction policies ? (https://technet.microsoft.com/en-us/library/hh994620.aspx)

So Microsoft is still papering over failures.

[Anonymous Coward]

This does almost nothing. Just more window dressing.

Most applications DO come from "trusted vendords" (such as Microsoft itself). Yet the virus attacks continue, and the security failures continue.

Re:

[TraumaFox]

Unless I'm misunderstanding this, it's what your IT department trusts by applying its own signature; Microsoft is providing its own list of "trusted" sources, but your organization would still have to whitelist them along with whatever else it wants. This should hypothetically give administrators an easy way to grant limited software installation privileges to users, making it easier to allow/disallow certain software by request. While it doesn't address deeper problems like signature spoofing, it should re

Re:

[Jawnn]

This does almost nothing. Just more window dressing.

Most applications DO come from "trusted vendords" (such as Microsoft itself). Yet the virus attacks continue, and the security failures continue.

You don't understand. This isn't an "antivirus" solution. It works in completely different manner, one designed specifically to be effective even in the presence of porous and buggy operating systems like Windows. That approach is already being used, effectively.

Administrators control

[PPH]

Everyone is a Windows Administrator. So how well will this really work?

Most non IT people will just see the popup saying "Blah, blah blah blah. Blah blah, blah, unsigned blah blah." And click the button that says, "Make the nasty popup go away and run the neat app I just downloaded."

Re:

[Trepidity]

Not always in corporate settings, which is probably what this is aimed at. It's admittedly super-annoying to have to use a machine where you don't have administrator access, but it happens.

Re:

[allquixotic]

This is true for home users, but anyone connected to an enterprise domain who doesn't work for the help desk probably knows the pain of not having an administrator account. Even people who fall under the auspices of "IT" often don't have administrator accounts, if they aren't part of the team that holds the keys to the castle.

I know many software engineers who don't have admin rights on their PCs. It'll be interesting to see the tug of war over this, between paranoid IT guys and the rest of the people who a

Re:

[SimplyGeek]

As a developer, it's always fun when I have to submit a ticket to get a simple Visual Studio plugin installed, wait a month, get signoffs from my manager, IT, the desktop testing lab, and finally get it installed by someone in India that doesn't know how to install it. He then proceeds to close the ticket even though it's not configured right and I can't configure it without admin rights. We need a better system.

Re:

[PPH]

This is true for home users,

And the BYOD crowd. And the telecommuters, who's systems could be configured who knows how when they aren't connected to the company VPN. Or the CEO who can't figure out why he can't take his company laptop to Starbucks and download whatever the hell he wants.

Re:

[Ravaldy]

The idea is that there are different levels of control: "All good, Warning, Deny".

Application control already exists through group policies. What this does is make it easier for the administrators to manage but it also brings another level of flexibly which is virtualization. Windows 10 comes with built-in virtualization which will allow isolation of the instance being run. This will further protect the system. I believe some antivirus are already doing this but obviously MS is trying to make the OS provide

Re:

[pr0fessor]

If you set up the permissions in your organization correctly that doesn't happen, however on home pc yes very much so.

I'm considering making my next pc Ubuntu LTS with KDE. I built one for my brother... he saw the price tag on win7 and said let try Ubuntu, I can always buy windows later if I don't like it. It's been about three months and him and his wife love it.

Re:

[Ravaldy]

OSX is great and all but it hasn't catered to large corporations and enterprises. It's the one segment Apple either doesn't care about or doesn't know how to penetrate. Maybe they understand how generic doesn't work in complex business environment.

Don't take me wrong, the concept is good but what Windows 10 is doing here caters to the corporate/enterprise environment better.

Re:

[blazer1024]

In recent versions OSX even goes a step beyond "are you sure you want to run this app?" into "you cannot run this app unless you go into security settings, enter your admin password and then authorize the app to execute"

Re:

[ColdWetDog]

Yep, the point and click version of SUDO.

Won't guard against signed malware

[Anonymous Coward]

Remember that Stuxnet used drivers signed with "stolen" Realtek and JMicron certificates. Lots of malware is signed with fake, stolen, or weak certs. Hell, some manufacturers like Lenovo even included malware like Superfish on new laptops. Will Deviceguard prevent that from happening?

Not sure this helps...

[xxxJonBoyxxx]

Unless Microsoft's changed something, you can still change the code in (non-device driver) SIGNED executables. (Try it today by flipping a few junk bits in a signed app and see if Microsoft notices the difference.) If that remains true, this isn't much of a deterrent to malware at all.

Furthermore, some of the biggest recent hacks (e.g., Sony) used a SIGNED commercial device driver (running in trial mode) to circumvent NTFS permissions; a default scheme that allows only signed executables wouldn't stop that down either.

Re:

[Ravaldy]

I think anybody with enough of a system background knows you can fool a certificate system locally but how does the external malware know what certificates your organization allow? As for apps from the app store, you cannot fool it into providing a different certificate than it's authentic one.

Considering most apps will eventually be app store downloads/purchases, I suspect their strategy is pretty sound.

Re:

[xxxJonBoyxxx]

>> how does the external malware know what certificates your organization allow

The same way hackers with malicious HTTPS sites do today. They look at the ungodly-long list of default Microsoft CA certs, find a "broken" CA in that list that can be corrupted or whose issuer doesn't really care, and get a signed certificate that looks legit to 99.9% of all corporate users today.

(So far the signing system for Microsoft has also used the Microsoft Certificate Store; the certificates used to allow signed e

Re:

[Ravaldy]

The point is that it makes it a lot harder for malware to target masses. The malware creator needs to fake the right certificate and hope the users make the mistake of running their malware AND it most not be known to AV. That's increased the difficulty significantly.

Corporate IT salvation

[Ed Tice]

Most of the posts on here are of the variety that this is taking away a fundamental human right or that everybody is an administrator so it's a meaningless feature. In the corporate IT world, this is hugely valuable. Most non-programmers *don't* have administrator privileges. But, even if they do, you don't want to allow untrusted binaries. Windows has local administrators and domain administrators. Nobody is a domain administrator. Even local admin privileges won't let you override a group policy. This really is as near perfect solution as you can get. As far as interpreted languages... uh, non-programmers don't need to have interpreters on their machines. Some "interpreted" languages (like the .Net CLR) will honor this and not interpret things that aren't properly signed. So I see this as a big win. Although it's hugely helpful for the large organizations who spend billions of dollars on IT, I do agree that it's a bit of an inconvenience for people who live in their parent's basement and run pirated copies of Windows while claiming to live and die by Linux.

Re:

[Ravaldy]

I do agree that it's a bit of an inconvenience for people who live in their parent's basement and run pirated copies of Windows while claiming to live and die by Linux

Lol!! That was me 10 years ago.

Re:

[Nemyst]

I think the only potential weaknesses would be Java, Flash and browsers which now run a bunch of apps of their own. Java still only ever shows up as a single executable and is easily the biggest security risk in that context. Mind you, you might be able to get away with not having Java installed in a corporate environment, depending on your in-house platform of choice.

Re:

[bruce_the_loon]

Java already has this in place. Can be difficult getting unsigned code running on Java 8 in default configuration.

Re:

[allquixotic]

First, let me say that I totally agree that "regular" users -- those who are not programmers or testers or system administrators -- do not typically need administrative rights, nor do they, in the ideal case, need the ability to run unauthorized third-party programs.

HOWEVER, my concern is that there will be many inappropriate and heavy-handed uses of this technology called "Device Guard" by IT departments that are not effectively satisfying the needs of their users.

Firstly, every IT department would, in an

Re:

[allquixotic]

And for heaven's sake, if you're an IT administrator and reading this, please, please, PLEASE stop forcing users to run IE 6/7/8 and nothing else. At a bare minimum, install and support Firefox ESR. It is not in your job description to take pleasure in your users' suffering. ;)

Re:

[UnderCoverPenguin]

One client I worked for, software developers were issued 2 PCs. One for email, Word and Excel documents, and other office stuff. The other for SW development. There was also a separate LAN for the SW dev PCs. The only support IT provided for the SW dev PCs was (1) an install DVD so we could re-install Windows and (2) hardware repairs (for example, replace a failed hard drive). Otherwise, IT treated us like an outside vendor.

Re:

[allquixotic]

No -- modern web browsers (IE 8+, Firefox since a long time, and Chrome since its initial public release) are sandboxed off from the native platform to such an extent that you cannot access the native code environment or the local filesystem from JavaScript. Even if you tell the browser that you trust the site, a modern browser is not going to allow you to access the filesystem or call Windows APIs from JS.

You can do a lot of useful things with JavaScript and HTML in a browser like Chrome, but there are sti

This is how Microsoft grew before

[david.emery]

If you look at Windows NT and beyond, it was all about removing capabilities from untrusted users, and placing them in the hands of IT staff/CIOs. That was a huge success for Microsoft, CIOs -control the budget- and decide what gets purchased. So they stuck with what empowered them, regardless of whether this was good for the user community, and whether the Microsoft monoculture created more problems -and more costs- than it solved. (After all, the measure of 'power' in many organizations is the size of the budget and staff, growing the CIO budget and hiring more IT workers equated to more CIO power.

So now, with the growth of non-PCs (phones, tablets, even IoT) in companies, Microsoft once again plays to (you could say 'panders to') the CIO and ability to control the device.

This could be quite a battle, with Apple/IBM (and presumably Google/Android soon) providing business services to the user community, versus Microsoft providing control (and familiarity) to the CIO community.

Re:

[Nemyst]

You're severely misrepresenting things here: the notion of putting IT staff in control and removing privileges from users is a fundamental part of how corporate IT is supposed to work. Linux does the exact same thing in that context. You are using and working your employer's hardware: they, not you, get to decide how it's run and what happens on it. You're free to ask them about something, but you don't get to install your own shit because you wanted to. A dumb user installing a cat screensaver trojan doesn

Re:

[david.emery]

I documented the change of control, and noted Microsoft profited from enabling that change. If that's characterized as "misrepresenting" things, so be it.

When Corporate IT provides all employees with a charge number, from the CIO's budget, to use when the IT keeps the employee from being productive, then maybe I'll have more sympathy for corporate IT. How many times, for example, has your computer been forced to reboot in the middle of the day because IT decided to roll out some change? How many times ha

Will not work...

[Lumpy]

a lot of the malware out there is "trusted" crap from "partners"

So now we will have Microsoft certified SAFE malware....

A pretty UAC

[QuietLagoon]

This sounds like new lipstick on the Windows UAC [microsoft.com] pig. From the UAC page:

User Account Control (UAC) helps defend your PC against hackers and malicious software. Any time a program wants to make a major change to your computer, UAC lets you know and asks for permission.

This new "feature" looks like yet another security prompt that the user is going to click through.

This is good - think OS X Gatekeeper

[mccalli]

This sounds a lot like Gatekeeper on the Mac, which works really well. It allows the user several levels of trust - "trust store apps only", "trust store apps plus recognised developers" (certificate signed), "allow everything".

I have mine set to "store apps plus recognised developers" and ask for the rest. If I run something else, I can right click and select Open..., it asks me if I'm sure and I say yes. This is a five second operation which gives me control over my options, whilst preventing unknown apps from running without my knowledge and explicit say so. This Windows one sounds pretty much the same, with the addition of your classic enterprise lock down features - it it's a corporately-owned machine, then yes the corporate should get say over what's running on it.

Imagine the kind of download-happy, click-on-everything user that we've all seen around. They would download cunningly-disguised-malware.exe and try to run it, and the OS would simply prevent them. Now true if they had admin rights they could go into preferences, set to allow everything etc. but it's all more effort and a quick realisation that something's unusual here.

Nope, I regard this as a good move. It already exists in OS X and works well - putting a similar system into Windows seems like a good idea to me.

This is not a new concept, and it's already broken

[Da w00t]

Bit9's application whitelisting product was leveraged to attack customers using it.

http://krebsonsecurity.com/201... [krebsonsecurity.com]

Re:

[Nemyst]

By that logic, SSL is also broken, and so is any form of encryption: if you have the key, you're shit out of luck. Thankfully, getting the key(s) is a lot more complicated than you make it sound.

Executables are interesting, but what about data?

[jpvlsmv]

Ok, so this will prevent a modified "acrobat.exe" from running without a prompt. But running a properly-signed "acrobat.exe" to open evil.pdf still pwns the machine. You can also completely pwn a system by interacting with PowerShell. Wanna bet that in a corporate environment (which this is intended to help) powershell.exe will be allowed to run? (and thirdly, this functionality already exists since XP, in the form of "Parental Controls" and/or AppLocker.) --Joe

It was a nice feature in 2003

[jd142]

So this feature has been around in some form or another since at least 2003. See https://technet.microsoft.com/... [microsoft.com] for how to implement it 12 years ago. It included the ability to make generate a hash for an executable, so if you needed people to run foobar.exe version 1.1.1.1, you generated the hash and then people could not run 1.1.1.0 or 1.1.1.2. You could also do certificates from trusted publishers, etc. It looks like there are a few new features, including virtualization options, but this is really just a rebranding of an existing feature to make it more prominent for the end user. Something all corporations do.

win 10

[JohnVanVliet]

one more reason to get a new computer WITHOUT A OS
That way i can install MY OWN NON Microsoft OS

ActiveGuard

[AnotherBlackHat]

Device Guard; the proven security model of ActiveX.

Personal use

[Bengie]

I could see this being useful for my desktop. I think all of my games are signed, I would need to check. But if it became common practice, this could be useful. I could create a whitelist.

McAfee Application Control now OBE

[random coward]

Looks like MS is going to kill McAfee's application control(used to be solidcore) product.

Re:

[BradleyUffner]

"which are apps that are signed by specific software vendors, the Windows Store, or even your own organization"

Re:

[gtall]

Do you trust MS? Do you feel lucky, punk?

Re:

[Wolfsbruder]

Stop with the Transformer quotes.

It's not Transformers, It's Dirty Harry.

Re:

[Ravaldy]

Which is quoted in Transformers.

Re: FTFY

[jd2112]

Transformers has dialogue?

Re:

[Ravaldy]

2 to 3 lines.

Re:

[ColdWetDog]

Slashdot needs a "+1 Hey everybody, look at this idiot!" moderation.

No we don't - it's just assumed.

Re:

[fuzzyfuzzyfungus]

I can only comment on SRPs as they currently exist; but as of now the only real pain is vendors who don't sign anything. Self-signed or untrusted roots throw up scary warning by default; but you can add those to the trusted list if you wish. Legacy software is a giant pain in the ass, since most of it predates the custom of signing much of anything by default; but newer stuff generally isn't so bad. If necessary, you bless the vendor's cert and that takes care of it. You can also (again, with the present im

Re:FTFY

[Anonymous Coward]

This is an optional feature, mainly targeted for enterprise use. The system administrator chooses what to whitelist. Also, any app can be self-signed.

Quite nice feature if you want to prevent random executables from conquering the computer. Of course this does not protect from vulnerabilities contained inside any of the trusted apps.

Re:

[kolbe]

I would like to think if I installed Win10 Enterprise on my systems at home and use workgroups, I could deploy this and manage my kid's ability to allow/disallow various applications as well...

In the mind of an Administrator, domain employees are not any different than children after all.

Re:

[Minwee]

Children tend to complain to HR a little more often about complicated login processes and restrictive password policies.

Re:

[LifesABeach]

Meph, it gives bored 14 year old's something new to play with.

Can they revoke an app's approval retroactively?

[Rob Y.]

So let me see. I assume all Microsoft apps will be signed as trusted from day 1. But of course, the bugs that make them malware don't turn up till months or even years down the road. Same applies to, say, Firefox or Chrome, but new versions of those won't be automatically signed - or maybe they're big enough players that they will, but you get the point. Other than allowing some administrators to force a Microsoft-only 'standard' desktop on users, what does this accomplish?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[ColdWetDog]

And Gatekeeper is fine (for individual use, it's not an Enterprise solution). If you don't understand the concept of walled garden or malware, then the DEFAULT secure position is to protect you from you lack of computer sophistication.

If you pass computer kindergarten and can now walk along the road unchaperoned, then you are one simple click away from freedom.

A perfectly sensible approach. I suspect that anyone posting here using OS X has unclicked Gatekeeper, but we are not it's target audience. Rememb

Re:

[Creepy]

Gatekeeper was never really designed for corporate style use, but to be honest, neither was the mac itself. For that matter, Windows PCs aren't really designed for corporate use, either.

My worry is that it works like Gatekeeper, though. The Windows Store is a hideous mess, especially on the free side - a lot of programs that should be free come up as low voted "lite" versions that do nothing without you paying for the real program. A prime example of this is .7z - the default programs (and there are about 2

Re:

[reikae]

I think right-clicking on an icon and selecting uninstall is intuitive to desktop users; it certainly was for me. And there's always Powershell :-)

Re:

[fuzzyfuzzyfungus]

What is damned annoying is that 'Gatekeeper' can be turned off; but as of 10.10, it will turn itself back on after a period of time. iOSX seems likely in the near future.

Re:

[rjstanford]

How often do you install new un-signed software that you didn't compile locally yourself that right-clicking only on the first time that an app is executed is a problem?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[dimeglio]

I believe this feature is more for corporate IT (the real administrators) rather than for individual administrators of the system. Although corporate IT has some control, it basically centers around limiting the installation and not the execution of applications. For home use, I'm sure this is going to be disabled quickly - just like the firewall.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Marginal Coward]

The days of downloading programs from dubious vendors and websites zipping up files via shareware/freeware is over.

Darn, there goes my home software business that I've run on the side for the last 15 years under the old "shareware" model. And I always thought the biggest threat to extinction that I faced came from pimply-faced teenage hackers posting cracks for my registration keying system. (Nobody but teenagers would spend the time to crack such low-volume software. I ain't exactly selling Photoshop.)

What about software developers?

[ifdef]

I'm a software developer. I am constantly recompiling new versions of the code I'm working on.

It's bad enough that I have to keep reconfiguring my firewall (yes, all link-local addresses should be whitelisted; yes, all addresses given out by my own DHCP server should be whitelisted; yes, our server in the "cloud" should be whitelisted; yes, all address in a VM should be whitelisted; etc.).

Will I now have to include some sort of signing step in my build process? What about when I download and install a new

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Meneth]

Presumably this "Device Guard" can be disabled by an administrator. As a software developer, you do administrate your own computer, right?

Re:

[ifdef]

Yes, this would presumably be the solution.

I don't know, though, it was not trivial to configure Windows 8.1 to allow me to install and run an unsigned driver.

Re:

[Jawnn]

>>

Windows (like iOS and OSX) is no longer just an operating system, it's a platform. The new paradigm is to download from the app store ecosystem where it's vetted. Even Android has this process. The days of downloading programs from dubious vendors and websites zipping up files via shareware/freeware is over.

You're kidding, right? The "vetted" Android apps are (in general) collection shit, a sizeable portion of which is unsafe or downright toxic.

Re:

[RingDev]

I'm going to turn this on in a heart beat for my wife's Mom and Grandma's PCs.

And I'm sure the sys admins here at work will deploy with it enabled and completely locked down. It sounds way easier than dealing with this Power Broker crap.

-Rick

Re:

[ifdef]

Well, yes. I don't want my kids installing stuff on any of the other computers in the house. I was going to qualify that statement, but maybe it should stand as is. I don't want them installing anything at all without my knowledge.

I guess it's okay as long as it is sufficiently configurable. I know what I'm doing, and I need to do things that I don't expect my wife or kids to need to do. I'm also pretty careful about protecting myself, but they are more interested in their forums or facebook or tumbler

Re:

[cinky]

It's for organizations... You know, so you don't install stupid shit on your company laptop. It's not "microsoft says what you can install"... But you would actually have to read the article before commenting...

Re:

[LifesABeach]

MS has the bucks to buy H1B hacks to make "a device" that *nix users have come to consider normal in an O/S. I give some bored 14 year old about a month to publish the simple work around for MS's "solution?"

Re:

[mlts]

It is understandable to be worried... but similar functionality has been in Windows for a while.

Secure Device is basically AppLocker, except on a driver level. AppLocker is a function that can be turned on since Windows 7 that can allow applications by signature or by their hash.

For the enterprise, this is a useful tool. One use case would be on servers, as a way to prevent an attacker from trying to install a driver for keylogging or to hook into disk I/O in efforts to try to grab a key or a password. A

Re:

[fuzzyfuzzyfungus]

TFA is a little vague; but if it is implemented the way that Software Restriction Policies [microsoft.com] currently are; I'd be all for it(and I say that as a smirking, linux using, tinfoil-hatted paranoiac.)

Cryptographic verification and whitelisting are enormously powerful techniques, and (aside from being able to take advantage of them), they are simply too useful to forbid successfully. What matters, and makes the difference between a fortress and a prison, is who gets to put something on the whitelist.

If you ca

Re:

[rjstanford]

The way that OS X solves the issue is that unsigned apps can still be run, but they require a more explicit first-time-only execution (right-click -> open which then displays a confirmation dialog indicating the app name and the website it was downloaded from) as opposed to signed apps that just run like normal. Its very unobtrusive, never even happens for most people, and works very well in the "least amount of tech to solve the problem" sense.

Re:

[LifesABeach]

Poor A/C, you did.

Re:privacy :{

[Anonymous Coward]

No imbecile, it's talking about checking the code signing certificate.
If you've trusted the particular vendor or cert chain, then the app is allowed to be installed, if you don't trust the cert, it warns or blocks installation or execution.

Re:

[Needs2BeSaid]

You're kind of an ass. Not that there's anything wrong with that.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[John Bokma]

It needed 2 be said, I guess ;-)

Re:

[drinkypoo]

Android has the same functionality, and it can be disabled there as well. No reason to believe it would be any different in Windows, at this point.

Now, there is the question of whether some malicious software could reactivate it, railroad it, use it for evil. But that's true of any beneficial functionality in the OS.

Re:privacy :{

[Howitzer86]

I had to turn off UAC in Windows 8 to compile and automatically copy my plugin project to its proper directory because that directory is under Programs Files. This was necessary because I had set the host program to start immediately afterwards in order to debug my plugin as it ran. This worked, but in doing so, I lost access to my Windows 8 apps. I only use a few, but it was annoying enough that I eventually moved the project to a Windows 7 machine (and you don't have to turn UAC off completely, it's just as far as Windows 8 is concerned, if that one registry entry concerning protected directories is toggled off the whole thing is compromised).

So, while any rebuttals here to the effect that "undoubtedly you can turn this off" are probably accurate, I wouldn't be surprised if there were things like this built into the system to encourage the user to keep it on. "Want to develop software on your PC? Well, either apply for a personal certificate or stop using Metro apps." It won't really stop developers, but it could shut down new user interest outside of closed markets.

Re:

[Anonymous Coward]

How about you just change the folder permissions on the destination folder rather than compromise/screw your whole system?

Re:

[silanea]

The silver lining, of course, will be a sudden drop in "My computer mysteriously broke down, and of course it wasn't me (or any of the gazillion applications I managed to sneak past the firewall onto my harddisk)." type calls to IT helpdesks all over the world. Yes, there are overreaching admins and locked-down-to-death platforms, but the damage done by insecure, outdated or plain crappy software run without official sanction in offices every day is not exactly peanuts, either. And there are few things as c

Re:

[rjstanford]

That customer deliverable that people have been pulling 16 hour shifts to get done, which is due tomorrow? It depends on a complicated .NET app written in C# using heavy Excel automation. Now they have to rewrite it in VBA, or maybe your deliverable just won't get delivered.

Or if it comes to that then, as a developer, you can just sign the app, you know. The fact that other OSs have had these features for years with none of these issues just makes your complaints look even more ridiculous.

Re:

[bev_tech_rob]

In Corporate America IT: You build a an image with complete OS and App stack, test, verify, and deploy to workstations. If that's too much trouble, then just roll out a Terminal Server with thin-clients. The idea is to either mitigate risks, reduce redundancy in the process, or a combination of all the above.

IT is a cost center; it's an occupation not loved, but deemed a "necessary evil".

Snarky slogan time: Get over IT!!!

Thin clients and Citrix. Problem solved. That is how we do it here.

Re:

[allquixotic]

If some of the IT departments I've had to tangle with in the past were doing their jobs correctly, anyone doing software development -- whether an "official" part of the IT department or not -- would be able to easily obtain local admin rights on their workstation.

If they were doing their jobs correctly, it wouldn't take 2-3 years to develop, test and deploy a simple productivity enhancement or workflow automation solution that might take 40-80 hours to actually code, and maybe another 100 hours to design,