Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Windows Microsoft Operating Systems Software

Microsoft To Introduce a New Feature In Windows 10 Which Will Allow Users To Block Installation of Desktop Apps (mspoweruser.com) 307

Microsoft is planning to introduce a new feature to Windows 10 that will allow a user to prevent installation of desktop apps. The latest Windows Insider build comes with an option that allows users to enable app installations only from the Windows Store. From a report on MSPowerUser: Once enabled, users will see a warning whenever they try to install a Win32 app -- they will get a dialog saying apps from the Windows Store helps to keep their PC "safe and reliable." This feature is obviously disabled by default, but users can enable it really easily if they want.
This discussion has been archived. No new comments can be posted.

Microsoft To Introduce a New Feature In Windows 10 Which Will Allow Users To Block Installation of Desktop Apps

Comments Filter:
  • by Frosty Piss ( 770223 ) * on Monday February 27, 2017 @12:04PM (#53938819)

    At first, I misread the headline as "Windows 10 now allows you to block back-door installation"...

  • by willoughby ( 1367773 ) on Monday February 27, 2017 @12:05PM (#53938825)

    Yeah... 'till the next update.

    • by Lendrick ( 314723 ) on Monday February 27, 2017 @12:12PM (#53938881) Homepage Journal

      Disabled by default, then enabled by default, then mandatory, then not able to be worked around. Give it time.

      • Windows dies when that happens.
        • by mrchaotica ( 681592 ) * on Monday February 27, 2017 @12:38PM (#53939079)

          We can hope, but I'm not counting on it. I think it's just as likely that by the time that happens, having the computer locked down so that only OS maker-"approved" apps can run might be mandated by law because "only hackers would run un-'approved' software" or some other such BS.

          • by Rob Y. ( 110975 )

            Not unless they provide a way to build app store-enabled apps from an existing win32 code base. It's taken a while, but they've realized that win32 code is their biggest ace in the hole. They're even talking about providing an X86 emulator for ARM-based Windows systems, which I assume is for win32-based X86 code. So if that stuff can be installed and upgraded via the app store, fine. Otherwise, no dice.

            • by Rob Y. ( 110975 )

              Oops. I see that they have come out with a way to deploy win32 code to the app store - how did I miss that one? Not that I plan to use it yet - my win32 code runs on anything from XP to WINE, and I don't want to mess with that. But still - nice to know that I could, I suppose.

              • There's WSL which can't be locked down if it's expected to do its job, and can run wine. Just have people migrate to that. Once we're there, shed the pointless outer layer and you don't need to worry about Microsoft lockdown anymore.

        • Disabled by default, then enabled by default, then mandatory, then not able to be worked around. Give it time.

          Windows dies when that happens.

          You probably would have said the same thing before Windows 10 came along. You would have been wrong then, and you're probably wrong now.

          • by bondsbw ( 888959 )

            Windows 10 doesn't block you from installing desktop software, so I don't really see your point.

            • by tepples ( 727027 )

              Microsoft To Introduce a New Feature In Windows 10 Which Will Allow Users To Block Installation of Desktop Apps

              Windows 10 doesn't block you from installing desktop software, so I don't really see your point.

              It will.

              • by bondsbw ( 888959 )

                You are using the future tense but this conversation is about the past tense:

                before Windows 10 came along

              • by Megol ( 3135005 )

                If that happens (fat chance unless MS decides corporate suicide is a good plan) then Windows will be dead. Unlike many Linux fanatics like to claim there plenty of Windows software with no equivalent on other platforms (and not working in Wine), much of that is in daily use for real corporations making real money. But those are Win32 software - not metro (whatever) ones. So if MS would decide to stop supporting "desktop" programs they would alienate a huge portion of their commercial users and probably lead

            • by iCEBaLM ( 34905 )

              But it does spy on the user and send all of that sellable data back to Microsoft with no way to disable it. Did you ever think that would happen? Just wait for it. Pretty soon the only applications you'll be able to install on Windows will come from the walled garden of the Microsoft Store. MS steals everything from Apple, the good and the bad.

      • In the later stages of that progression, how will testing applications in Visual Studio work?

        • Re: (Score:2, Insightful)

          by Anonymous Coward

          You'll need a special license from the government - administered by Microsoft - to run dev tools and debuggers. See Stallman's essay from 20 years ago.

          • You'll need a special license from the government - administered by Microsoft - to run dev tools and debuggers.

            From what government? For 95 percent of the world, Microsoft is foreign. Why would one country's government let a foreign corporation administer its developer licenses?

      • by Keith Russell ( 4440 ) on Monday February 27, 2017 @01:06PM (#53939299) Journal

        The exact same thing was said when Apple introduced Gatekeeper in mac OS Mountain Lion four years ago. The default when Mountain Lion* shipped was to allow apps from the App Store or signed apps from other sources, and it's still the default today. The blanket option to allow all apps and go unprotected is now hidden, but it can be re-enabled from the command line. And you can still override Gatekeeper for individual apps from at least three different interfaces (attempt to launch the app, then open the App Store prefpane; right-click the app in Finder; use spctl from the command line). As far as I'm concerned, that's all as it should be. It's still possible for a user to selectively bypass Gatekeeper, but it's harder to do so accidentally or globally.

        (*: The back-port to Lion allowed all apps by default as a concession to users of old hardware that were left behind when Mountain Lion dropped support for 32-bit EFI.)

        That's no guarantee that Microsoft will be as wise as Apple has been. Instead of code signing, Microsoft is encouraging developers to wrap Win32 apps in UWP containers so they can be published from the Windows Store, so probably not as wise. Closed-source OS developers aren't idiots, though. Apple and Microsoft both know that the "default walled garden on desktop" button is wired to the self-destruct system.

        • by ljw1004 ( 764174 )

          That's no guarantee that Microsoft will be as wise as Apple has been. Instead of code signing, Microsoft is encouraging developers to wrap Win32 apps in UWP containers so they can be published from the Windows Store, so probably not as wise.

          Mac: I download something and install it, and then have ZERO IDEA how to uninstall it. Deleting the icon out of "Application" is easy. But what about configuration files? Even homebrew doesn't solve that -- http://superuser.com/questions... [superuser.com]

          Win32 apps in UWP containers: this "project centennial" approach virtualizes filesystem and registry for the app, so uninstallation will end up removing absolutely everything. I prefer this approach. (speaking as someone with OSX and who knows what leftovers on it...)

      • "...app installation only from the windows store..."

        "Disabled by default, then enabled by default, then mandatory, then not able to be worked around. Give it time."

        Keep your win7 install disk, ppl.

    • by XxtraLarGe ( 551297 ) on Monday February 27, 2017 @12:43PM (#53939121) Journal
      This feature is on by default on the Mac. It's one of the first things I turn off when I set up my account on a new Mac, but it is great for everyone else in my life. My folks & in-laws have Macs, so I'm their defacto support guy. I administer their computers, and they can't install any software except from the Mac App Store. My mom wanted to install a solitaire game from some dubious website, and this prevented it from being installed. I found her a legit solitaire game on the App store for free. As a CIS teacher & hobbyist programmer though, it can be a pain in the neck, since a lot of open source software, such as GIMP aren't already available.
      • Actually, by default it restricts installation to the App Store and "Identified Developers" (e.g. established 3rd-party developers like Adobe). IIRC, you can also type in the admin account user/pass in the prompt to bypass it. Only the really out-there stuff requires going into System Preferences and explicitly allowing it.

        That one TV-advertised product PC-Matic [pcmatic.com] mimics this behavior in Windows if memory serves, which makes me think that Microsoft just wants to bump that company off, perhaps?

      • by bondsbw ( 888959 )

        I'd be fine with opt-out in the form of a one-click admin setting. The case for preventing malware is reasonable for the majority of users.

        Just so long as it doesn't revert the decision I made. Ever.

    • Project "Boil The Frogs" is picking up pace I see!

  • Its about taxes (Score:5, Insightful)

    by NotInHere ( 3654617 ) on Monday February 27, 2017 @12:06PM (#53938835)

    Microsoft sells this as important step against bloatware/malware, but this coudn't be further from the truth. Windows 10 desktops come preloaded with bloatware, and often it re-installs itself after you have removed it. The real motivation for microsoft to do this is because the model of making a limited app store and then taxing every app a big amount (30% usually) has been very successful on the mobile market and they want this for windows too.

    • No Win32 also means no Steam library, leveling the play field for Windows Store to deliver games without being able to install competing stores. How convenient!

      • by Junta ( 36770 )

        I don't know if steam will ever be compatible with this or if there are complications, but they did ultimately allow win32 applications to be delivered via windows store.

      • by bondsbw ( 888959 )

        Despite the article, this isn't actually a Win32 block. It's a sideloading block. You could still install Win32 apps from the Windows Store.

        Though I'm not sure whether a third-party app store like Steam would be allowed. But I don't see anything that would prevent you from temporarily disabling the block just to install Steam.

        • Sure, for now. All new APIs are being written specifically for UWP, and as Win32 will diverge further and further to the point where it will no longer be possible to backport patches and improvements to Win32. At that point it will be considered deprecated and unsupported, even prevented due to security liabilities. Likely only businesses will be able to license a Win32 VM for legacy applications.

    • Nobody wants the store model, even on OS X where it arguably works better because of no pre-installed malware. The right thing, is a) to never let users run as admin, b) tar and feather apps that do not properly work without admin. Astroturf slashdot with developers who still haven't gotten the message, rather than try to convince us MS isn't evil anymore, which we'll never believe anyway.

      There's no reason for 99% of apps out there to actually need administrator privileges, but for some reason, many still d

      • The right thing, is a) to never let users run as admin

        Ransomware can do a lot of damage to the data in a user's account even without elevated privileges.

        There's no reason for 99% of apps out there to actually need administrator privileges

        Even to install? Or should operating systems allow per-user installation of device drivers in order to support applications that need a specific device driver? For example, iTunes installs an iPod/iPhone/iPad driver, and Fitbit Connect which installs a tracker receiver driver. Or do only 1 percent of applications need such a driver?

  • anit trust issues! with going app store only.

    • What? Think of it as lifelock for your computer. You can disable potentially unsafe program installs while it's enabled. If there's something you want to install that's not in the windows store(apps already vetted by MS), simply disable it!

      Is this so hard to comprehend, people?

      • by tepples ( 727027 )

        If there's something you want to install that's not in the windows store(apps already vetted by MS), simply disable it!

        Provided you even can. The forthcoming Windows 10 Cloud Edition is rumored to ship with this feature forced on. Besides, let me know when even something like Visual Studio is available as a UWP application.

    • Yet Apple and Google appear to be able to get away with it....

      • anit trust issues! with going app store only.

        Yet Apple and Google appear to be able to get away with it....

        I'm not entirely sure to which phenomenon you refer. True, Apple locks iOS devices down to use apps from the App Store, but Apple's market share is nowhere near large enough to have "market power" over smartphone apps. As for Google, except for about the first year of AT&T-branded Android devices, practically every Android device with Android Market (now Google Play Store) has offered a checkbox to let users choose to install applications from unknown sources. In fact, last time I checked, Google requir

      • Apple has always allowed you to disable it (in a very easy-to-find spot with admin credentials) in OSX/MacOS, and they've had it in place for like 17 years - and for the entire decade or so that the App Store has existed. Pretty sure that they're in no hurry to lock your laptop/desktop down to the App Store if they haven't done it by now.

        Google is also perfectly okay with what they refer to as side-loading... and have allowed that with just an easy click or two since Android and ChromeOS have respectively e

    • by Megane ( 129182 )

      Never mind the cut of sales we're getting from our app store, this is for your saaaaafety! (as if you can have any safety with a Microsoft OS, after over two decades of experience otherwise)

      The Apple equivalent doesn't require the app store, developers can still sign code with their key when selling other ways, including boxed retail.

      • developers can still sign code with their key when selling other ways, including boxed retail.

        Then how can a developer sign code when distributing software through non-commercial means, particularly free software? Though price competition has made the cost of a domain-validated TLS certificate trivial, with Let's Encrypt offering 90-day certificates to domain owners without charge and SSLs.com offering 3-year certificates for $5 per year, there's as of yet no counterpart to those for code signing on macOS or Windows.

  • by Raistlin77 ( 754120 ) on Monday February 27, 2017 @12:06PM (#53938839)

    This feature is obviously disabled by default, but users can enable it really easily if they want.

    Until it's not. It's only a matter of time before Microsoft sets this by default to try and force users to buy apps from the Windows store.

    • by Junta ( 36770 )

      No, it's about safety and security of course.

      Nothing at all to do with controlling distribution over the platform and taking a cut of all the revenue of every company publishing software on their platform.

      It actually might not have been too bad, if they only had the repository system be extensible like yum and apt, which would allow competing application distribution platforms. But that would be too much for the user and not enough for Microsoft.

      • The majority of Windows systems are corporate workstations, which only need an office suite, PDF reader, and a few corporate-approved applications, typically pushed through SCCM (which I assume will be exempt from this feature).

        I agree it could be awkward for home users, but I'll reserve my harsh judgement for when it actually becomes a problem.

        • by arth1 ( 260657 )

          The majority of Windows systems are corporate workstations, which only need an office suite, PDF reader, and a few corporate-approved applications, typically pushed through SCCM (which I assume will be exempt from this feature).

          The problem is that this is true for most PCs, but not all. And it's the ones that need extra software that tend to be business critical.

          • Do these "business critical" computers happen to be laptops in odd form factors, which would rule out building your own desktop or using a System76 laptop? Or does the "extra software" require a device driver or have some other good reason not to run in Wine? If not, use GNU/Linux.

            • by Megol ( 3135005 )

              What about software that can't run in Wine? Or software that may (partially) run in Wine but isn't supported there? Are you so short-sighted and/or inexperienced that the fact there are many Windows-only solutions out there in use as a critical part of many businesses is news to you?

              • What about software that can't run in Wine?

                If a publisher refuses to add support for GNU/Linux, either natively or through Wine, a business relying on that publisher's proprietary software ought to plan a migration now to a different publisher that is willing.

                • by arth1 ( 260657 )

                  Legacy systems is the bread and butter for many companies.
                  Often, there are no viable alternatives, and writing in-house replacement software is cost prohibitive.

                  • by tepples ( 727027 )

                    In cases like those, would it be worthwhile to contribute developer time or money to the Wine project?

  • "NMeet the new boos same as the old boss."

  • by nimbius ( 983462 ) on Monday February 27, 2017 @12:11PM (#53938877) Homepage

    so heres how to use it in the latest release:

    users: another screen, another popup, another warning. mash enter until the bad square goes bye bye.

    Sysadmins/developers: crinkle nose, furrow brow, open mouth slightly, and quietly under your breath mutter "what the hell" while roaming around the popup to determine if theres a means to disable this garbage in the future. become concerned your app isnt in the store...did it need to be in the store? what was the process for that and why isnt the standup aware? how long has microsoft had its own app store?? people cant possibly use this right? disable the feature, push it as disabled in all GPO's. release your app in iOS and android instead. receive six user bugs in the next 5 years for windows 35 millenium chrome hyper walnut marmalade edition not running this code because your tertiary support agreement uploads werent made exclusive to the hyper microsoft money choo choo store. close as cant-fix/wont-fix and go make another cup of tea.

    • Competent admins: Use proper tools to push applications across the domain, and leave the feature enabled so there's yet another hurdle between the malware-pushing support-call scammers and admin-level access to the system.

      Unfortunately, it's no longer a safe assumption that even "sysadmins/developers" actually make an effective barrier against attacks. They get scammed just like everybody else, and are just as susceptible to a well-crafted phishing site or an urgent call from the CEO's new assistant.

    • users: another screen, another popup, another warning. mash enter until the bad square goes bye bye.

      Clearly, the solution here is to get MS to swap the enter and esc keys so that users can mash away and still be safe!

  • by QuietLagoon ( 813062 ) on Monday February 27, 2017 @12:13PM (#53938891)
    I'd disable the egregious data harvesting that Microsoft is doing. That's a bigger concern to me than desktop apps.
    • Re: (Score:2, Insightful)

      by Skuld-Chan ( 302449 )

      According to Secunia most vulnerabilities announced in 2016 were not Microsoft bugs, but 3rd party applications:

      http://blogs.flexerasoftware.c... [flexerasoftware.com]

      On Windows at least - putting your trust in Microsoft is probably more secure than 3rd party applications.

      And before you mention Open Source - lest we forget the recently DDOS attacks performed by IOT botnet devices running open source OS's - in other words - security and trust is a huge problem we all need to deal with.

      Bottom line - application signing, and only r

  • by Anonymous Coward on Monday February 27, 2017 @12:14PM (#53938905)

    Microsoft has already expressed a desire to kill Steam
    I'm sure they aren't happy about "losing revenue" to Google Play or iTunes either
    How long before some future update changes the default to enabled on all Windows systems?

    • by Megol ( 3135005 )

      You really think the people @ MS are so stupid that removing the big reason they're still #1 for mainstream OS solutions would seem reasonable? I think not however if that would happen anytime I'd switch to another platform in a second.

  • by Oswald McWeany ( 2428506 ) on Monday February 27, 2017 @12:20PM (#53938943)

    Microsoft look enviously at Apple, who get to control and profit from their walled garden. Then they glance over at Android, and see Google has their play store (which, whereas it may not be a walled garden, has a fence around). Fire users most certainly have their own walled garden courtesy of Amazon.

    Apple and Google are both benefiting from these "almost monopolies" they run controlling their users, skimming a bit off the top from everyone. No doubt, Microsoft sees that these are profitable ventures and they want the same control over what runs on Microsoft Windows. It's a little harder to do because there is a lot of legacy applications, and neither consumer, nor software producers want to give a little bit of each purchase to Microsoft. Microsoft are going to continue baby-stepping towards that goal though because they want the money, and their competitors are already doing that.

    It will be a sad day when you have no option but to buy from the Microsoft store, but that day is coming.

    • by dj245 ( 732906 )

      Microsoft look enviously at Apple, who get to control and profit from their walled garden. Then they glance over at Android, and see Google has their play store (which, whereas it may not be a walled garden, has a fence around). Fire users most certainly have their own walled garden courtesy of Amazon.

      Apple and Google are both benefiting from these "almost monopolies" they run controlling their users, skimming a bit off the top from everyone. No doubt, Microsoft sees that these are profitable ventures and they want the same control over what runs on Microsoft Windows. It's a little harder to do because there is a lot of legacy applications, and neither consumer, nor software producers want to give a little bit of each purchase to Microsoft. Microsoft are going to continue baby-stepping towards that goal though because they want the money, and their competitors are already doing that.

      It will be a sad day when you have no option but to buy from the Microsoft store, but that day is coming.

      It's already a sad day because most companies now seem interested only in skimming a little bit of someone elses' profit rather than making an actual product themselves.

    • Isn't this exactly what Gaben said a couple years ago, which sparked the creation of SteamOS and SteamMachines?

  • Yet another reason to not use Windows 10. Walled garden or prison---it's a slippery slope.

  • by acoustix ( 123925 ) on Monday February 27, 2017 @12:24PM (#53938975)

    I want the ability to block the Windows Store from the users. Windows took that ability away from IT in Windows 10 Pro. Thanks, Microsoft.

  • by Anonymous Coward on Monday February 27, 2017 @12:25PM (#53938993)

    Looks like he called it. [slashdot.org]

  • by nucrash ( 549705 ) on Monday February 27, 2017 @12:31PM (#53939019)

    Wasn't there are article about how the majority, I believe has high as 75% of the Windows Store apps were considered malware?
    https://www.howtogeek.com/1949... [howtogeek.com]

    I mean, sure they probably have improved their content since the days of this, but let us not forget how they let this slip not to long ago.

  • It makes perfect sense to prohibit users from installing a program, especially ones that have not been signed, audited and vetted. This prohibition should be on by default but could be disabled from within the control panel only by an admin user, but this is enough of a deliberate action that this would foil a large number of accidentally opened email attachment trojans. The current security situation of making email attachments executable with a few clicks is dismal. The warning messages that currently dis

    • by tepples ( 727027 )

      RBAC rules should be used to lock a user out from running any executable whatsoever from their home directory.

      If that's on by default, then how will a high school student do his computer science 101 homework?

      • You log in as the admin user go into the control panel and disable it.

      • Why do you focus so much attention on young people? Is it that ASD thing were Autistic spectrum people often socialize with people younger than them?

        Most high school students DON'T have comp sci 101 homework, and if they do, they probably do it via the web, not via a compiler/interpreter installed on their home machine.

        And if they do need a compiler/interpreter that can be installed by the machine's admin.

    • This security provision is fine for people who will click on ANYTHING, people who don't read error messages, people who BELIEVE that their version of Adobe Flash really needs updating. However, implementing this will just allow those people to continue to behave foolishly, and annoy the rest of us.
      • An option should be located in the control panel to disable the restriction, there is no doubt. I would never support the idea if that were not available

  • now we have "alternative features"?

  • ...until the first patch after any perceived fuss dies down....

  • One of the more compelling reasons to stick with Windows in the enterprise is that it is straightforward to author, update and deploy software without having to go through a third-party store approval process. If I need to get an update to accounting software that takes care of a sales tax issue, I want that update deployed now, and not wait days for somebody to review it and make sure it complies to whatever flavor-of-the-week UI conventions that a particular reviewer may or may not make an issue out of.

  • by lokedhs ( 672255 ) on Monday February 27, 2017 @09:37PM (#53943283)
    Now take a moment to think about what this feature, once it's enabled by default, will mean for Steam.

    Microsoft has wanted a share of those game sales for a long time.

    Games are the only reason Windows even exists in my household.

If computers take over (which seems to be their natural tendency), it will serve us right. -- Alistair Cooke

Working...