Windows 10's 'Controlled Folder Access' Anti-Ransomware Feature Is Now Live

A reader shares a BleepingComputer report: With the release of Windows 10 Fall Creators Update last week, the "Controlled Folder Access" that Microsoft touted in June is now live for millions of users. As the name hints, the Controlled Folder Access feature allows users to control who can access certain folders. The feature works on a "block everything by default" philosophy, which means that on a theoretical level, it would be able to prevent ransomware when it tries to access and encrypt files stored in those folders. The benefits of using Controlled Folder Access for your home and work computers are tangible for anyone that's fearful of losing crucial files to a ransomware infection.

First Exploit

[Calydor]

First exploit will take that feature, lock out USER from doing anything, and pop up a ransomware screen.

Re:

[rtb61]

Technically locking out the user is not a design exploit but a design feature. With M$ as the main administrator user of any windows 10 installation (as the owner you are no longer the administrator just the pretend one), will use it to upload and store programs which they claim for convenience you can instantly access when you pay for them or just to be even more helpfull they can lock you out when you stop paying rent on your own hardware. This is not a security feature for you, this is a control feature

Re:

[Calydor]

This wouldn't be aimed at professionals. Do you think the average computer user would realize that the computer could be salvaged in such a way, or would they panic and pay the ransom rather than having to buy an all new computer?

Not sure...

[djbckr]

How does this work? If "you" somehow allow access to the ransom-ware by clicking something you shouldn't, and the folder is owned by "you" - does this help? And if you are being asked for access to something "you" own on a regular basis, does this actually work?

Re:

[Gilgaron]

It appears to whitelist applications that can modify files in the designated folders. Hopefully it is smart enough that renaming the virus to notepad.exe won't let it in...

Re:

[david_thornley]

If there's whitelists, there will have to be ways to put new applications on the whitelists. (I would have a great deal of difficulty if I couldn't run vim on all text files, for example, but it's not something most people want on their Windows machines.) That looks like one additional button to get the user to click on.

So, I inherently distrust it.

Re:

[tepples]

If there's whitelists, there will have to be ways to put new applications on the whitelists.

Of course there is. An application's developer pays Microsoft a recurring fee for services that include reviewing each version of the application and hosting the application and its updates in Microsoft's repository.

(Source: Any article describing Windows 10 S)

Think SELinux/AppArmor

[DrYak]

This is more similar to something like SELinux and AppArmor.

e.g.: some attachments that you clicked on in your e-mail client, even if run as your credentials, should NOT have a valid reason to write anywhere on your folders (and attachements should not be run to begin with).

e.g.: any sub-process launched by the browser should only exclusively have the rights to write into the cache and download folder, and not anything else, even if they still inherit your session (even if the sub processes aren't changing

Re:

[hcs_$reboot]

I'm periodically asked "Do you want to run ransomware.exe?" to which I happily answer "yes". Then a daily crontab does "rm -rf ~/.wine"

Re:

[amorsen]

You trust wine as a sandbox? That is... courageous.

Re:

[tepples]

I don't trust Wine as a sandbox, given that the entire file system is mounted by default under Z:. It's a bit easier to trust running untrusted executables in a separate user account.

Re:

[thegarbz]

Which user owns a folder is irrelevant on an application level permission. You could run the application as administrator and it wouldn't make a difference. Defender will prevent the *process* from writing to the folder unless it's white listed.

E.g. You may want MS Word and Libre Office Writer to access your folder called "word documents", and absolutely no other application. That won't stop you copying, pasting, moving, etc. But it will stop totallynotransomware-actuallynakedbritney.jpg.scr.exe from access

simple, decade old solution

[Anonymous Coward]

On VMS you could never overwrite a file. File system would by default always keep all the previous versions of it. Ransomware action like that would just result in having additional, encrypted, versions of your files.

Re:

[Anonymous Coward]

Actually VMS did let you overwrite the file.

You just had to specify which version to overwrite.

And if the directory had a version limit of 1, then it happened automatically.

Microsoft implementation

[DrYak]

You can bet that if Microsoft tries to actually seriously implement a log-structured (e.g.: actually decided to use UDF beyond optical and portable flash media) or copy-on-write filesystem (e.g.: ZFS and BTRFS on NT kernels) that supports version control, they'll botch it and there will be an exploit found making the older copies also editable by a non-admin user (the ransomware could purge the older copies and only leave the encrypted version).

Re:

[TheFakeTimCook]

On VMS you could never overwrite a file. File system would by default always keep all the previous versions of it. Ransomware action like that would just result in having additional, encrypted, versions of your files.

That should be true of macOS's "versioned" files, too. Although it appears to be an Application-Specific feature, rather than an OS-wide thing, although reportedly, there is wide Application support for it.

http://osxdaily.com/2015/06/16... [osxdaily.com]

Re:

[thegarbz]

Your simple decade old solution would crash the system when it runs out of HDD space. Volume Shadow copy has been available for Windows for a decade too, but it doesn't solve the problem and is not better than a backup (actually in some scenarios it is worse).

Re:

[140Mandak262Jamuna]

Nope. By default it kept 50 versions.

I vaguely recall names like : [ADE.Aerodynamics.CFD]flow2d.for;31

Storage space

[rsilvergun]

that solution works but your devouring storage space. For a little while high capacity hard drives were making that moot, but lately Users are getting low capacity SSDs now meaning we're back to square one and space is at a premium again. I have a working folder that's managed to grow to 4 gigs over the years full of text files, database backups, documents and the like. And my dev VMs start at 4 gigs and go up.

Re:

[EvilSS]

On VMS you could never overwrite a file. File system would by default always keep all the previous versions of it. Ransomware action like that would just result in having additional, encrypted, versions of your files.

Windows has a similar feature however it's not infinite, it only keeps a finite copy of previous versions. That's why most ransomware does multiple write operations to push the unencrypted version out of the previous versions cache.

Re:

[Anonymous Coward]

Technically they have the capapbility to do this using volume shadow copy and the version selector UI works very well (right click on file/folder -> properties -> previous versions).

To see any previous versions you need the appropriate configuration in place and services started.

That's a much better idea that whatever this is. Like an application firewall, eventually the white list will become packed with everything under the sun, including strange worker processes required by legitimate applications

Re:

[TheFakeTimCook]

MS' solution is not version control, because that uses up disk space and has other UI implications, like selecting the version of a file, and that is not user friendly.

This is about not trusting all apps to access a given sensitive folder and is a step in the right direction.

Seems to be pretty easy to use and understand in macOS:

https://support.apple.com/kb/P... [apple.com]

Re:

[david_thornley]

MS' solution is not version control, because that uses up disk space and has other UI implications, like selecting the version of a file, and that is not user friendly.

Which doesn't explain why, when I right-click to get Properties for a file or folder in Windows 7, there's a tab called "Previous Versions". So far, I haven't heard any UI complaints about it.

Re:

[TheFakeTimCook]

Say hello to btrfs/zfs

ZFS was a GREAT idea; until Oracle went and ruined everyone's fun...

Re:

[thegarbz]

How so? Oracle closing the source on a feature complete file system really affected absolutely no one. Heck most of ZFS adoption occurred after this.

Re:

[TheFakeTimCook]

How so? Oracle closing the source on a feature complete file system really affected absolutely no one. Heck most of ZFS adoption occurred after this.

It stifled the adoption by other OSes, not the least of which was macOS, which was on the verge of making it their default OS. And if it was so "feature complete" when Oracle closed it, then why oh why does MacZFS/OpenZFS still have SO many fairly serious bugs?

Re:

[thegarbz]

It stifled the adoption by other OSes

It did nothing of the sort. Adoption by other OSes started AFTER the source was closed.

not the least of which was macOS

MacOS didn't adopt it for the same reason the Linux mainline kernel didn't adopt it, licensing. The license for ZFS predate's Oracle's acquisition.

then why oh why does MacZFS/OpenZFS still have SO many fairly serious bugs

Because some people are too stupid to know the difference between a bug in a code port and a feature complete project on another platform. As for "fairly serious", OpenZFS has been stable and been used in enterprise applications for over 4 years now. The vast majority of the "b

How does it improve security?

[140Mandak262Jamuna]

Fundamentally if I can do something using my user level privilege, any code I execute can do it. These ransomware exploit a flaw in security and create a local process. Depending on the vulnerability it runs with root or user level privilege. So it should be able to do everything I do, including removing protection for some folders. In fact now it does not have to scan the whole computer to find valuable files. It needs to only look at protected folders.

So how does this work?

Re:

[vux984]

"So how does this work?"

I would guess it uses UAC elevation to grant permission to the app to the protected folder.

There are too many apps to setup

[Gabest]

I mean command line tools. Do you have to give permission to everything, like copy.exe?

Re:

[Comboman]

Presumably, the OS would be smart enough to whitelist it's own executables automatically, so you'd only be setting up third-party apps that need to access your protected directories (My_Docs or whatever; if you try and protect your whole hard-drive then all that extra setup is on you.)

Re:

[thegarbz]

Who the heck uses copy.exe?

Most normal users will access their documents with a limit of: explorer.exe, word.exe, excel.exe, powerpoint.exe, and some image editor. That covers 90% of users out there.

How long will it last?

[WaffleMonster]

My opinion would have been a heck of a lot more useful for Microsoft to roll out a versioning file system. That would have provided more value to customers and end up being way more useful in every way vs piling on new access control regimes and expecting people to use it for real this time.

Would be interesting to hear what if anything prevents an attacker from modifying search path environment variables or user registry or CLI parameters to convince software to load custom add-on haxor.dll's and then laun

Re:

[EvilSS]

Microsoft has a versioning tool: Shadow copy. It can keep previous versions of files. The problem is that malware authors know this, so they will open/write/close the file over and over to flush the clean copies out of the previous versions cache.

Re:

[thegarbz]

My opinion would have been a heck of a lot more useful for Microsoft to roll out a versioning file system.

They did that with Windows XP SP2. However it would be far from useful for every change to increase the amount of disk space used.

NTFS + Volume Shadow Copy, ZFS, btrfs, they all have one thing in common here, I disable the versioning on all of them. Backups are for backups, clouds are for clouds, git is for versioning, snapshotting / versioning filesystems are for wasting diskspace as quickly as humanly possible.

Big binaries

[tepples]

git is for versioning

Then what is for versioning of large non-textual files, such as large GIMP, Photoshop, or Audacity projects? Git isn't really built to handle big binaries. And what is for protecting your private Git repositories from unauthorized modification by ransomware?

Re:

[thegarbz]

Clouds. It was in the list.

Re:

[WaffleMonster]

They did that with Windows XP SP2. However it would be far from useful for every change to increase the amount of disk space used.

From what I understand there is a static change count limit rendering shadow copy worthless for prevention of ransomware.

It would be necessary to configure minimum time and granularity guarantees when you setup a folder. One might say I want to be able to go back to previous state at any point in time over the past year, month, week... whatever and I want to keep at least one change every hour, day, week..etc allowing incremental deltas to be progressively eliminated to reduce cost.

Once configured feature

Re:

[thegarbz]

What's the going rate for a 6TB drive these days?

Quoting $ ignores the problem of data management. Apple's time machine is an easy solution, but every other implementation of versioning filesystem is a management nightmare for users and that nightmare gets larger as sizes increase.

I believe it would have been more productive had Microsoft given users the tools and let them decide for themselves rather than piling on yet another set of access controls and expecting them to be used for real this time.

Do you not realise that access controls and versioning are two different things that just happen to overlap in a small area? Are you also saying that since you're using ZFS snapshotting that AppArmor and SELinux are pointless?

How does this protect you?

[fatboy]

Seriously, most of that kind of malware runs as *YOU*. If you have full access to it, it will be able to encrypt the files. Am I missing something?

Re:

[hcs_$reboot]

Protection relies on what application is allowed to access what folder (plus, of course, the user ACLs to the files)

Re:

[zlives]

and there is no scripting support to bypass gui to do this for the user with powershell?

Re:

[EvilSS]

Seriously, most of that kind of malware runs as *YOU*. If you have full access to it, it will be able to encrypt the files. Am I missing something?

Yes, you are missing quite a lot actually.

All the other popular OSes use sandboxing

[iamacat]

Why should apps have access to all folders by default and then (only now) there is a feature to restrict certain folders? Why should most apps access anything except their own data? Android/iOS/OSX/Web have been like this forever, what is taking so long for Windows?

Re:

[tepples]

Why should most apps access anything except their own data?

If I save a document in LibreOffice Writer, and I want to preview it in Word Viewer or send it to someone in my mail user agent, what procedure would you recommend to grant Word Viewer or my mail user agent access to it?

Re:

[iamacat]

System file open dialog or UI drag and drop will have no problem opening the file and granting a temporary permission to access it. Or LibreOffice can call an API to share a file with user's choice of an app. That's how it works everywhere.

Re:

[tepples]

Have fun dragging and dropping all the source code files from your text editor to your build tool every time.

Backups? Duh!

[Jerrry]

>The benefits of using Controlled Folder Access for your home and work computers are tangible for anyone that's fearful of losing crucial files to a ransomware infection.

This is ridiculous in the extreme. Anyone fearful of losing their files for any reason should be backing them up on a regular basis! So perhaps this new feature prevents files being encrypted in a ransomware attack, but what if the disk fails? Or any number of other issues?

Come on people, get a clue!

Re:

[jfdavis668]

One of the problems with backups is many people keep their backup drive connected, either directly or over a LAN. Ransomware can encrypt those files, too.

How would this possibly work?

[slashmydots]

Blocked from access by all programs by default? So I go to photoshop and hit open and the open file dialog box is blocked from accessing any folder anywhere in my user directory? That's helpful. Is that really how this works or is this more like "nothing can get past the UAC" type of BS?

Re:

[SuiteSisterMary]

Yes, it's very helpful. Think of it when your phone says 'Program X would like to access your photos/camera/location services/microphone/address book/whatever.'

It's ACL by program, rather than by login.

Re:

[SuiteSisterMary]

Nobody's saying it's innovative; the mechanics have been built into NT for literally decades. But now when you can't trust users to access their own files, it's necessary.

Re:

[tepples]

Exactly. It exposes a GUI for mandatory access controls that were already there in the first place.

Just a way to flag interesting files to steal

[hlavac]

Its just a way to have you mark your interesting files to steal from you. Just like deleting a comment

Why not protect the ENTIRE DRIVE this way!?

[Rick Schumann]

No, I didn't read the article, but why should I when this sounds really dumb? Why not protect the entire drive instead of protecting parts of it!? If you have a method for the former, why not do it for the latter and leave it at that? Also how is this fundamentally different than the access/security settings for files and subdirectories that have existed in NTFS for decades?

Re:

[amorsen]

Because the vast majority of files on most PCs are completely standard system or program files that no one really cares about getting encrypted. Fixing them is just a reinstall away, and the traditional ACL's are likely to prevent the wrong kind of access anyway.

The only stuff that's worth protecting is precisely the photo album and the documents folder and the genealogy database and similar. The system does not know which programs should be touching each directory, only the user knows. With Controlled Fold

Question

[Artem S. Tashkinov]

Either I don't understand how it works or it can be circumvented by gaining the SYSTEM level privileges (and most Windows users say "yes" to all UAC warnings so getting the said privileges is not that difficult).

Re:

[thegarbz]

UAC warnings are pretty much non-existent in Windows 10. Everything requires manually setting permissions through a control panel. There's no more simply "click yes to screw yourself" button.

As for privileges, this isn't about ACLs on the filesystem. Think of it like a virus scanner. The virus scanner doesn't care if you try to execute something as Administrator, it still gets in there first. Only rather than looking for viruses in this case it looks at which process is trying to access the disk and blocks

This will not work.

[Thanatiel]

Because "humans" will end up saying "yes" to about everything.
Free game.
Free browser.
Similar named application.
There is no way to aid "idiots" who do not keep at least one backup of their relevant data.

Why not using filsystem activity

[herve_masson]

... instead of filesystem locations (or in addition to)
A ransomware needs to read and write tons files rapidly to be "effective".That's usually how people get first signals:"my pc get very slow"

Windows discovers file permissions

[Chris Mattern]

Truly, they are an industry pioneer.

The hosts file directory is flighty

[Trax3001BBS]

Windows/system32/drivers/etc/hosts it's hit or miss each time I go looking for it. The ETC directory doesn't show half of the time.

Re:Um... Isn't this just default Linux permissions

[JcMorin]

The new feature is not permission by users but permission by an application running. The virus, most of the time, run under your own credentials.

Re:Um... Isn't this just default Linux permissions

[TheRaven64]

That sounds a lot more sensible: Windows NT has had ACLs (much richer than the default UNIX model and similarly expressive to NFSv4 / POSIX ACLs) since day one, but the ACLs have been per user, not per (user, program) pair. The NT kernel supports this kind of ACL policy, but it's never been exposed via the UI (Chromium uses it for sandboxing, constraining different binaries to different parts of the FS).

It's very useful if it's paired with a sensible default policy and a sensible UI. You can implement the same thing with the TrustedBSD MAC framework or SELinux, and macOS / iOS implement their sandboxing policies in exactly this way. macOS, in particular, provides a 'powerbox' model, where the standard open and save dialogs are owned by the system and implicitly grant the application permissions to the files / directories that the user selects as part of a dynamic policy. This means that well-behaved applications never need to ask for explicit privilege elevation. The problem is, well-behaved applications are generally not the ones that you most want to sandbox...

OSX sandbox

[goombah99]

OSX has had this feature for over a decade. It's not used a lot but you can use it. it's fairly simple to use too if you are computer savy.

It's called the sandbox. and it allows you to run an app such that there's a list of files, folders, network address, CPU levels, and all sorts of things it can or can't access.

you create a file in the sandbox direcory that might look like this

(allow file-write* file-read-data file-read-metadata
(regex "^/Users/user_name/[Directories it requires to write

Re:

[Anonymous Coward]

Except that's not how it work. Defender blocks writes, it doesn't prompt. You can add white listed apps but not during a ransomware attack.

Re:

[Anonymous Coward]

Users will be used to automatically say "yes" when they're trying to accomplish something (open a PDF that they just downloaded) and the prompt makes sense ("do you want to grant PDFreader access to folder Downloads?). It doesn't follow that users will therefore say "yes" to a request not related to what they're trying to accomplish.

automate users

[stooo]

Users ? That's not a problem any more.
Just automate users.

Re:

[ljw1004]

So the user will be asked a number of times (probably once per appli / folder) if they agree to allow that appli to access that folder, then when they see the fake "Adobe something wants to access your folder" they will be used to automatically Yes it.

No. RTFA. They will see an error dialog that says "Access is denied. Use File>SaveAs to save under a different location or name." The only way to enable it is (1) opt in via the control panel, (2) chose apps via the control panel.

Re:

[fisted]

(3) Bypass the whole thing via obscure twists in the giant and massively huge clusterfuck that is called WINAPI.

Re:

[Desler]

Why was this rated up when it’s not even remotely close to how the feature works?

Re:Um... Isn't this just default Linux permissions

[EvilSS]

Why was this rated up when it’s not even remotely close to how the feature works?

Because on /. we mod up or down based on our own personal versions of what we thing reality is, not actual reality.

Re:

[fisted]

Way to force a +5. Hacker.

Re:Um... Isn't this just default Linux permissions

[thegarbz]

So the user will be asked a number of times (probably once per appli / folder) if they agree to allow that appli to access that folder, then when they see the fake "Adobe something wants to access your folder" they will be used to automatically Yes it.

You know Windows 10 did away with pretty much all of that, which is why Chrome can't even set itself as a default browser anymore and instead serves up instructions for the user to change it via control panel.

There is no more "simple yes".

Re:

[fisted]

that's not sudo [...] to be sudo [...]

Troll harder. Or learn your fucking unix, even if it's only the Losers' Unix.

Re:

[Bing Tsher E]

The file permissions on Windows filesystems are far more granular and not just based on an xxx field of bitmaps like on vintage OSes like Unix.

What I would like to see for the defanging of ransomware is a way to permanently disable filesystem encryption unless it is re-enabled by a very-restricted-access tool, i.e. filesystem encryption can be permanently disabled on a system and re-enabling it requires a local admin account running in Safe Mode to re-enable plus answer a prompt at reboot.

Encryption and sim

Re:

[omnichad]

permanently disable filesystem encryption

Just because the Windows libraries are a convenient way to encrypt, they're just the low-hanging fruit. If this became difficult to use, they'd just use another library to encrypt the file contents. Malware can easily include this if needed.

Re:

[Anonymous Coward]

ummm the malware out there isn't using OS crypto to do it's thing. Forcing filesystem encryption to require an added permission won't change anything. Likewise these malware executables can easily bring along their own crypto libraries, in fact I think many already do. Denying crypto libraries will also not change anything! You may want to do some research...

Neither is Linux or UNIX

[DrYak]

The file permissions on Windows filesystems are far more granular and not just based on an xxx field of bitmaps like on vintage OSes like Unix.

Non-vintage Unix don't rely exclusively on xxx field bitmap neither.

Modern unix filesystems do support ACL for more complex access control.
Modern features like SELinux and AppArmor also help having application-level control.

What I would like to see for the defanging of ransomware is a way to permanently disable filesystem encryption unless it is re-enabled by a very-restricted-access tool

And how would that prevent a ransomware from implementing its own encryption ?
(e.g.: moving all data it can manage to get access to into a huge password-encrypted .ZIP file ?)

Re:Um... Isn't this just default Linux permissions

[Lobachevsky]

No, it's not the same. Windows already has proper permissions for user directories since Windows NT. The issue is that ransomware runs under the same uid as yourself, so if you can access your own file, then the ransomware program can access those same files. This new feature makes it so that even if the uid has access, you can specify ADDITIONAL restrictions, like which exe is permitted to do so. So some ransomware.exe, even with your uid, will be unable to make changes.

There is no such ability in Linux or *nix, since ACLs are solely based on uid and not the name of the executable with your uid. The closest might be a sudoers file with specific commands for which you're allowed to escalate to root privilege. A *nix ransomware program running with your uid has the exact same privileges as bash or kde or gnome running with your uid and access to all your files.

All that said, there are still ways to circumvent privileges restricting which execs are allowed to access the folder/directory. For instance, if chrome.exe is given access, then any ransomware running as a chrome app will appear to be chrome.exe from Windows' perspective and be given access. This problem exists for any exec that allows running scripts or remote code, like bash or the Windows-equivalent powershell. You either have to deny all powershell execs from access, or grant all powershell execs access. The safest approach would be to not get infected with rogue code with your uid privilege. And if you get infected with rogue code that has Administrator (root) privileges, you're hosed because it can bypass or remove these restrictions altogether.

Re:Um... Isn't this just default Linux permissions

[amorsen]

There is no such ability in Linux or *nix, since ACLs are solely based on uid and not the name of the executable with your uid.

Yes there is. There are even two in Linux, SELinux and AppArmor.

However, there is no easy-to-use GUI to administer it per-user, which means that you rely on the way-too-permissive default policy for most programs. This could have been done years ago technically, since SELinux and AppArmor are both quite old, but no one had the right idea apparently.

Re:

[pnutjam]

App Armor has a GUI and ncurses environment on OpenSuSE.

Re:Um... Isn't this just default Linux permissions

[gillbates]

So the issue now becomes a question of how ransomware authors write ransomware in something like Flash or Chrome, which the average user would always enable. It seems like they haven't fixed the fundamental, underlying problem of users running untrusted code, but only moved the goalposts.

The underlying issue here is that security holes of this type are enabled by Windows:

1. Users don't know, and can't reasonably be expected to know, the difference between executable code and data because the OS blurs the distinction. How many times have we heard Windows users say, "I saved it in Word", or "I saved it in Chrome"?
2. Windows obscures the internals from the users, which makes it even more difficult for users to understand which programs are running. A user has no way of saying to Windows, "These are the programs I might run - don't start any executable I haven't given permission." By default, the bash shell won't execute any executable except those in special directories (i.e., the PATH), and marked as executable. By default, Windows will execute any executable it can find on the filesystem. This simple step would stop a lot of ransomware.
3. The fundamental problem of allowing untrusted code execution by default is that it has spawned an entire class of web software which requires script execution to function correctly. Yes, you and I might be aghast at this, but for the Windows world, running untrusted software is part and parcel of the web experience. Windows has taught them to think there's something "wrong" with their computer if JavaScript is disabled.

The irony of this is that the NTFS filesystem has had fine-grained permissions for 2 decades, but Windows never exploited it until now, and even this move - while better than nothing - is questionable. Why does Microsoft always get the usage model wrong?

Re:

[thegarbz]

So the issue now becomes a question of how ransomware authors write ransomware in something like Flash or Chrome, which the average user would always enable.

Err why? No really think about that. What usage scenario would Flash or Chrome have that requires writing to e.g. Documents directory?

It seems like they haven't fixed the fundamental, underlying problem of users running untrusted code

No one has. It's kind of fundamental to the operation of the computer that the user has the ability to a) run code, and b) have that code access files with their permissions.

Windows has taught them to think there's something "wrong" with their computer if JavaScript is disabled.

And there would be. One should not disable the scripting languages that render webpages, but rather sandbox them into places they become harmless. We want to do more with our computers, not less.

The irony of this is that the NTFS filesystem has had fine-grained permissions for 2 decades, but Windows never exploited it until now

Windows h

Re:

[Anubis IV]

Nope. By the sound of things, this is more akin to the sandboxing feature present in apps sold via the Mac App Store. The apps are running under your permissions, just as they always have, but they now need to request and be granted permission to access new folders. Basically, just as mobile OSes require that an app request and receive permission before it can use the camera, the mic, or your location, Windows is, from what the summary sounds like, now requiring that apps request permission to access specif

Re:

[guruevi]

In Windows, everything runs under your users' account and almost everything else runs as root. This is similar to setting the noexec flag on the users' home partition, something that has also existed a long time.

Re: Um... Isn't this just default Linux permission

[Bing Tsher E]

The beauty of the 'home directory' structure design of a UNIX system is that if malware, or a faulty application you are coding, attempts to wipe out your filesystem, the only thing it will be able to touch is your personal data, the things you actually use the computer to create and manipulate.

Your /home directory can be wiped, and any databases, etc. that you have permission to manipulate can be corrupted. But the binaries that can be re-installed from a CD-ROM or an NFS share in a matter of minutes with a reinstall of the OS are both vigorously protected and easily replaced.

Only the important bits on the computer are vulnerable. Isn't that how it's supposed to work?

Re:

[Gabest]

Ransomware only goes after your personal data. Documents, pictures. There are not many outside your home directory.

Re:

[MightyMartian]

We had a ransomware infection on our network, and it basically tested every network share it could find, and started encrypting on network shares the user had read/write access to. Of course, we keep very thorough backups so data loss was minimal, but ransomware infections certainly go beyond local profile folders. It would be nice to see this logic more thoroughly extended to cover access to network resources.

Re:

[FictionPimp]

Install the File server resource manager role on a windows server and you can basically do just that. There are tons of instructions on the internet on how to use FSRM to block ransomware pretty much outright on network shares.

Re:

[cryptogranny]

This is funny only from a single-user PC perspective, but remember UNIX is a multi-user server system. Yep, if it's your files you _are_ a king. Nothing wrong here. No fool proof behaviour cause users are not considered for fools.

Re:

[spongman]

windows already has this. this feature is about protecting those files that programs running under your accounts would normally have access to.

Re:

[ctilsie242]

For a lot of people, it is the opposite. Being able to encrypt or destroy someone's files is far more lucrative than getting root or Administrator rights.

What is new is the per user/per process granularity (although it really isn't new, as it has been in SELinux for years). This is important, although attacks via IAP mechanisms like Microsoft DDE can jump this... however it is a step in the right direction.

Re:

[R.Mo_Robert]

Relevant xkcd: https://xkcd.com/1200/ [xkcd.com]

Re:

[fisted]

I run my web browser and any *media stuff setuid someoneelse, you insensitive clod.

The New Windows permission

[n329619]

Now with the new Windows structure, it won't be able to touch your personal data but it can completely replace and manipulate everything in Windows directory.

It can wipe the whole Windows directory and replace it with it's own binaries. So after rebooting, you'll finally be able to get borderless ransomware at boot instead of being windowed inside Windows.

/joke

Re:

[roc97007]

"offline" being the operative word here. Backing up to a spare disk or an NFS mount still puts you at risk.

Re:

[Rei]

Often it's not a case of "there are no backups", but "the ransomware gets the backups too because they're read-write accessible".

IMHO, the best solution is a versioning filesystem, where deleting old versioning data requires administrator access. So ransomware "wrote over" all of your files? Big deal - rollback. So long as it can't delete old versions, the worst it can do is temporarily run you out of disk space.

Re:

[chipschap]

Corrupt the user data, OTOH, and you might lose your credentials to log in to the bank, pay your electric, work remotely for your employer, etc., cost you weeks trying to rebuild your life.

What you say is completely correct, and yet anyone whose life is so dependent on their computer really needs to have layered backups that are not on the computer in question, with a very high preference for some sort of off-site location.

I realize that most people don't do this, but they may one day come to regret it. Secure multi-generation backups are really the best defense. While it's good to see MS step up their game here, there has to be a significant degree of user responsibility.

Re:

[hcs_$reboot]

Linux is (of course) subject to that attack as well, the thing is 1) Linux users are usually more system aware and don't run anything attached in a mail 2) attacks target Windows because it's still 90+% of the running OSes (desktop wise).