 trparky
Premium Member
join:2000-05-24
Cleveland, OH ·AT&T U-Verse
|
trparky
Premium Member
2017-Jun-29 2:37 pm
Say goodbye to ransomware with Windows 10 Fall Creators UpdateYes, ransomware will be a thing of the past with Windows 10 Fall Creators Update thanks to something called "Controlled Folder Access" in Windows Defender. Windows 10 will hide your important files from ransomware soon | The VergeMicrosoft is making some interesting security-related changes to Windows 10 with the next Fall Creators Update, expected to debut in September. Windows 10 testers can now access a preview of the changes that include a new controlled folder access feature. It’s designed to only allow specific apps to access and read / write to a folder. If enabled, the default list prevents apps from accessing the desktop, pictures, movies, and documents folders.
“Controlled folder access monitors the changes that apps make to files in certain protected folders,” explains Dona Sarkar, head of Microsoft’s Windows Insiders program. “If an app attempts to make a change to these files, and the app is blacklisted by the feature, you’ll get a notification about the attempt.”
The new controlled folder feature is designed to protect against viruses and ransomware from locking machines out of certain folders. Ransomware has hit the headlines recently as WannaCry and Petya wreak havoc on older Windows machines worldwide. Microsoft is also including exploit protection into its Windows Defender software in Windows 10, which should help prevent viruses and malware from exploiting vulnerabilities in the first place. These are protections for your files against ransomware at the kernel and Windows Defender level. Rest easy, your files are safe. About fucking time Microsoft! |
|
13 recommendations |
...unless there's some (other) bug that totally negates the benefits this feature brings. Par for (Microsoft) course.
My Semi-Sarcastic 00000010bits
Regards |
|
 Kilroy
MVM
join:2002-11-21
Saint Paul, MN
2 recommendations |
to trparky
White lists are better than black lists. Unfortunately most users wouldn't put up with being required to allow access to a folder for each software package that wanted access.
How does something get on the black list?
What happens if it isn't on the black list?
I'll have to wait and see before I make a real call on how good this is. |
|
9 recommendations |
to trparky
Doubt anything MS comes up with will do anything besides making it harder to use a computer. Except "for dummyies". |
|
8 recommendations |
said by Ken1943:Doubt anything MS comes up with will do anything besides making it harder to use a computer. Except "for dummyies". THIS ^^^^Among computer users there are primarily two groups: 1) Those who make the effort to learn some basic concepts (or beyond), and, 2) Appliance operators. And some in between. Dumbing down systems to cater to the latter only makes it more inconvenient for the rest of us who know what we're doing, practice proper computer hygiene, and have good recent serviceable backups for when we make a mistake (and everyone makes mistakes). The drive to make things "idiot proof" will only encourage the proliferation of more idiots. And there is a huge latent cost associated with that. |
|
2 recommendations |
StuartMW
Premium Member
2017-Jun-29 5:21 pm
said by InternetJeff:The drive to make things "idiot proof" will only encourage the proliferation of more idiots. Too late IMO. On an unrelated (or not) subject today is the 10yr anniversary that the first iPhone went on sale. |
|
| |
to trparky
The 'Petya' ransomware in the news recently is not actual ransomware. It's just masquerading as one, probably due to media attention from WannyCry. Reports say it doesn't save several encryption keys, and wipes system file tables, rendering the drive unusable.
Also, just how easy/hard will it be to add access to that whitelist? Will users be able to add to it? If so, how hard would it be for malware to sneak in and add itself? If not, MS will break many, many programs. |
|
|
1 recommendation |
to trparky
said by trparky:Rest easy, your files are safe. Yea, or you could just not run your computer as administrator with Windows 7 / 8 / 10 and revert to yesterday's version. |
|
trparky
Premium Member
join:2000-05-24
Cleveland, OH ·AT&T U-Verse
2 recommendations |
trparky
Premium Member
2017-Jun-29 5:36 pm
I wrote a test program in C# with the following code... private void btnOverwrite_Click(object sender, EventArgs e)
{
openFileDialog1.Title = "Choose a file to be overwritten";
if (openFileDialog1.ShowDialog() == DialogResult.OK) {
try {
System.IO.StreamWriter streamWriter = new System.IO.StreamWriter(openFileDialog1.FileName, false);
streamWriter.Write("I have been overwritten! HAHAHA!");
streamWriter.Close();
MessageBox.Show(this, "File \"" + openFileDialog1.FileName + "\" has been overwritten!");
}
catch (Exception ex) {
MessageBox.Show(this, ex.Message + "\n" + openFileDialog1.FileName);
}
}
}
private void btnDeleteFile_Click(object sender, EventArgs e)
{
openFileDialog1.Title = "Choose a file to be deleted";
if (openFileDialog1.ShowDialog() == DialogResult.OK) {
try {
System.IO.File.Delete(openFileDialog1.FileName);
MessageBox.Show(this, "File \"" + openFileDialog1.FileName + "\" has been deleted!");
}
catch (Exception ex) {
MessageBox.Show(this, ex.Message + "\n" + openFileDialog1.FileName);
}
}
}
It's rather simple in its code but it does what I need for the situation. This is the result... 
Windows prevented it because my program is not a "trusted" program so access to that folder is denied. Since this is in the beta phase things aren't going to work perfectly (you need to whitelist programs to allow access) but I figure that eventually this feature will allow trusted programs from known vendors or digitally signed programs to be automatically whitelisted.
|
|
dave
Premium Member
join:2000-05-04
not in ohio |
to trparky
The straightforward compatible way to do this would be: 1. Devise an unforgeable way to assign a principal identifier to an "application" 2. Use the existing ACL-based access control mechanisms present on most kernel objects Did they? (Of course, #1 is the hard part) ObFact: I believe the Titan Supervisor had this in the 1960s. |
|
 wxbossThis is like Deja vu all over again.
Premium Member
join:2005-01-30
Fort Lauderdale, FL
2 recommendations |
to InternetJeff
said by InternetJeff:Dumbing down systems to cater to the latter only makes it more inconvenient for the rest of us who know what we're doing... Convenience is the nemisis of security and manufactures are only concerned about mass appeal. It's not unreasonable to presume that if you work for one of these companies and attempt to make an argument for social responsibility instead of corporate avarice, you'll quickly find yourself browsing Indeed for another career option. And companies attempting to address theses issues 'after the fact' only supports the argument I made. |
|
trparky
Premium Member
join:2000-05-24
Cleveland, OH ·AT&T U-Verse
1 edit
4 recommendations |
to InternetJeff
said by InternetJeff:Dumbing down systems to cater to the latter only makes it more inconvenient for the rest of us who know what we're doing Something needs to be done. The malware situation isn't just out of control it's a damn plague on the platform. People talk about "user education" to help solve this but we've been preaching this idea for the last decade and where the hell has that gotten us? Nowhere. Hell, we've taken a step backwards if you ask me. How many people have you encountered would click on something even if the window said "I am a virus. Don't click on me" and they would still do it. I can't imagine that you haven't encountered people like this. I have and it makes me want to slap them upside the head and yell "What the hell are you thinking?" Their usual response is that they click on just about anything. It's these people that I want to just yank the damn computer away from and shove an iPad into their hands. We can try and teach them all we want, we can keep teaching them until the sun grows cold, and yet... people will keep doing stupid shit. User education isn't working, we need to save them from themselves. |
|
2 recommendations |
said by trparky:How many people have you encountered would click on something even if the window said "I am a virus. Don't click on me" and they would still do it. I can't imagine that you haven't encountered people like this. I have encountered a few over the years. And after I politely explain the reasons why not to do it, I don't help them anymore if they keep doing it. Life is too short. said by trparky:We can try and teach them all we want, we can keep teaching them until the sun grows cold, and yet... people will keep doing stupid shit. User education isn't working, we need to save them from themselves. My philosophy is slightly different. I offer help and education. Sometimes repeatedly. But at the end of the day if behavior does not change, I let Darwin takeover and let him do his important work. They'll learn ... eventually maybe. Sadly, in this world, some people should not be to driving, operating heavy machinery, or using a computer if they cannot or will not learn. It is what it is. |
|
trparky
Premium Member
join:2000-05-24
Cleveland, OH ·AT&T U-Verse
2 recommendations |
trparky
Premium Member
2017-Jun-29 8:29 pm
said by InternetJeff:I let Darwin takeover and let him do his important work. That idea may work if their system is but an island, isolated from the rest of the world. Unfortunately we don't live in that kind of world, we instead live in an interconnected and networked world in which one person's dumbass mistake in one tiny corner of the world can have widespread repercussions for the entire globe. The needs of the many outweigh the needs of the few. |
|
1 recommendation |
to trparky
Obvious workarounds that the bad guys will be working on right now.
• Application whitelist? Add to whitelist
• Stuff the keyboard buffer to accept prompts to access files in secured folders with a non-whitelisted program
• Compromise allowed apps that are on the whitelist
• Use poisoned Excel or Word file to launch VBA scripts via UNCOMPROMISED word.exe or excel.exe to scan and encrypt the privileged folders. |
|
trparky
Premium Member
join:2000-05-24
Cleveland, OH ·AT&T U-Verse
1 recommendation |
trparky
Premium Member
2017-Jun-29 11:35 pm
I'm sure, security is an arms race against the bad guys. Does that mean that we should just figuratively throw our hands in the air? Throw in the towel? Tell ourselves that the bad guys will always win?
I for one say no to that, we must engineer newer and better ways to protect ourselves against an ever growing malware landscape. Is what Microsoft created going to be perfect? No, but it's a good step in the right direction. |
|
trparky
1 edit
1 recommendation |
trparky
Premium Member
2017-Jun-29 11:51 pm
At this site and others like it people disrespect Microsoft up one side and down the other. They complain that Microsoft is taking away the power from them. This I understand but what people fail to understand is that we are not the target audience anymore. The days of tweaking our operating systems are over, computers have become a household item and the common man are screaming for things to be more secure, more stable, more... trustworthy.
Unfortunately, as we have said here at this site, security is often a trade-off; you trade usability and customization for security. It's always been that way and it will always be that way. To quote Fullmetal Alchemist, there is a Law of Equivalent Exchange. You have to give one to get the other.
I long for the days in which I won't worry about if I will be hacked, will I be infected just by going to a web page. True, I don't get infected because I practice safe computing but it's tiresome. Reading this and reading that just to stay one step ahead of the bad guys. It feels like it's a never ending battle and that's because it is. Some days I feel like we're losing the good fight. |
|
| |
to HELLFIRE
said by HELLFIRE:...unless there's some (other) bug that totally negates the benefits this feature brings. I don't know if I would call it a "bug" but, the above article links to this article. » blogs.windows.com/busine ··· dows-10/quote:
One of the most common targets for attackers is often your browser, with more than 90% of attacks using a hyperlink to initiate stealing credentials, installing malware, or exploiting vulnerabilities.
That's quite true. However, I don't want an injected dll into the browser process that monitors the browser activity and checks urls, etc., for privacy reasons. So, the devil is in the details. My rule on browsers is, they run below medium integrity and run as a target of runas on an alternate ID that I have crippled a bit. To my chagrin, I've found that there was a lot of security that I passed up on, really since Win 2000. This job objects, restricting Sids, was available in 2000. Vista added integrity levels. I'm not comfortable with a browser that runs at medium integrity level. My uncomfortableness has been alleviated since 2013. I'm on Win 8.1 so apparantly, I don't receive the benefits of this new initiative even though I'm still in mainstream support. The one thing I'm wondering about in Win 10 is the integration of EMET into the OS. In particular, I wonder how available ASR will be. That is a very, very important mitigation for me. Here is what I see when Firefox starts up. 
Yep, those modules didn't load. It doesn't need all that crap, per me. Like Microsoft says, 90% of the problem is the software that talks to strangers, the browser.
I handle browser security, and that is 90% of the problem, per Microsoft. So, if they want to lend a helping hand, that sounds good. If the tradeoff is, they're sending to the cloud all the urls one browses, I pass. So, the devil is in the details.
:edit "firefox" is a program compiled by me. FirefoxML is the Mozilla program that has a modified environment so a reduced integrity program works, and runs in a job object, restricted permissions, etc. Works well with the Mozilla and Goggle variants.
|
|
tlbepson
Premium Member
join:2002-02-09
dc metro |
to trparky
trparky:
>>Something needs to be done.
The saviour complex is alive and well I see...
|
|
tlbepson
3 recommendations |
to trparky
trparky:
>>At this site and others like it people disrespect Microsoft up one side and down the other.
Take a deep breath and...let it go... |
|
trparky
Premium Member
join:2000-05-24
Cleveland, OH ·AT&T U-Verse
2 edits
2 recommendations |
trparky
Premium Member
2017-Jun-30 1:14 am
It's not just this site. Neowin, Betanews, HardOCP, Tom's Hardware, TweakTown, and TechPowerUp. So you know what all of those sites have in common? Hate against Microsoft for bullshit reasons, often they hate just to hate.
I am not being paid by Microsoft here and if anyone says that they are dead wrong!
They are doing good in the realm of computer security which seriously needs work. We are a security related web site, we know the risks, we know the threats, and yet when something good comes about to try and combat these threats that we all know so well we fight it. Oh no, we can't have that! That's heresy! We must keep plodding along doing the same old shit that we've been doing for the last ten years and keep failing and failing and failing. Why? Well... That's how we've always done it.
Yet it doesn't work.
The moment something good comes about from this hated company everyone boards the hate train. Because it's the cool thing to do. Just like how everyone hates Apple. It's cool! Everyone hates the iPhone yet without the iPhone ten years ago there would be no Android. Or at least it wouldn't be what it is today. Oh but we have to hate the iPhone because it's cool to hate it.
Everyone here loves Android yet time and time again we have been shown that the security of Android sucks ass. Apple sucks, the iPhone sucks. Bullshit. The iPhone is the better and more secure platform. There's a reason why more security experts agree that if you care about security you buy an iPhone. |
|
4 recommendations |
Frodo
Member
2017-Jun-30 2:01 am
Everything does work. Who got infected with Wannacry? Nobody here. Why? Because if people have an ISP like mine, egress had to be enabled in the modem. I didn't need SMB coming from the internet, so no issue here.
I don't thing anyone has any problem with Microsoft developing a more secure operations system. But, some have an issue with the increased security if it involves a trade-off with privacy, because for some, privacy itself is a security issue.
Microsoft will get my attention if they develop an OS where everything is running at USER level and not at KERNEL level.
While gamers might need the latest performance option, for me, my I7-3770 is still cranking at 10% or less, 5 years after I got it.
The notion of a privilege escalation because too much stuff, especially fonts run in Ring 0 needs to get lost.
MS said something about the browser being 90% of the problem. (Which is true). I'm wondering what their solution is, especially for 3rd party browsers, and the level of snooping and profiling involved with Win 10.
Glad I'm on 8.1. I have until 2023 to worry what to do then. We'll see if by that time my CPU routinely rises above 10%. |
|
 Astyanax
Premium Member
join:2002-11-14
Melbourne, FL
1 recommendation |
to trparky
Sounds like an impending nightmare for tech support people. There are going to be users screaming at them that they can't get to their report for the big meeting and they're going to get fired if they can't get it. They better have it off by default than on.
Reminds me of the UAC days back during Vista. Everybody did everything they could to work around it. The same thing is going to happen with this too. |
|
2 recommendations |
to Frodo
said by Frodo:Everything does work. Who got infected with Wannacry? Nobody here. Why? That's incorrect. People here could easily get infected via a payload sent through email, torrented files, web sites hosting fake files, etc. How do you think the first person that infects a network is infecting a network? |
|
trparky
Premium Member
join:2000-05-24
Cleveland, OH ·AT&T U-Verse
3 recommendations |
trparky
Premium Member
2017-Jun-30 9:54 am
You know what I see a lot of around here and on sites like this (Neowin, Betanews, HardOCP, Tom's Hardware, TweakTown, TechPowerUp, etc.)? Arrogance. People talk about themselves being "Holier than Thou." Yeah. I have this and that installed, I don't do this and that, I practice safe computing. But you know what? All of that means shit because all it takes is one second, one momentary lapse of good judgment. Perhaps after coming home from a night of drinking more than you should have. You get on the computer and without thinking... *boom*, your system is infected from here to next Tuesday and your data is as good as gone.
None of us are safe, let that sink in. The moment you think you are safe is the moment you let your guard down and that's when you get infected. It can and has happened even to the best of us. Because all it takes is one single solitary moment of a lapse in judgment and you're done son.
I have said it before and I'll say it again, the Internet is a global community. All of our machines are interconnected on one gigantic network that spans the globe. Security isn't just something that needs to be practiced by a few of us, it needs to be practiced by all of us. All it takes is one person's dumbass mistake in one tiny corner of the world and we have can have widespread and lasting repercussions for the entire globe.
People are going to seriously hate me for saying this but the general public is too damn stupid to be having the machines sitting on their desks that they have. We here have seen it time and time again, they continue to do stupid shit over and over and over again regardless of how much "education" we have given them. User education doesn't work! It just doesn't! These people need all the handholding that they can get and then some. These are the people I want to yank the computer out of their homes, hand them an iPad, and tell them they are just too stupid to have a general purpose computing device.
In a perfect world, that is what would happen. These general purpose devices would all be replaced by walled garden devices such as the iPad but we don't live in a perfect world. Our systems need to change to adapt to a world in which people are just plain stupid. Us computing enthusiasts are no longer the target audience, we make up less than 1% of the people using these systems. The rest of the 99% of the users need the hard decisions made for them. Yes, it's going to result in less freedom for those of us who know what we're doing but if it means that we'll finally have a truly safe computing experience then I'm all for it. Yes, I will embrace it wholeheartedly! |
|
5 recommendations |
said by trparky:In a perfect world, that is what would happen. These general purpose devices would all be replaced by walled garden devices such as the iPad but we don't live in a perfect world. Some ideal you have. Have a corporation like Apple, Google, Microsoft or Comcast rule with an iron fist in a velvet glove what you are allowed to see and do. I think I'll apply for that Mars rocket. |
|
trparky
Premium Member
join:2000-05-24
Cleveland, OH ·AT&T U-Verse
|
trparky
Premium Member
2017-Jun-30 11:07 am
Security must be paramount! If that means we as end users have a little less power, so be it. I don't have a problem with it. It works in the Apple realm and yet nobody bats an eye, nobody complains, and people buy iDevices in droves. They must be doing something right! |
|
| |
to Black Box
said by Black Box:I think I'll apply for that Mars rocket. In Patrick Henry's time it was quote:
Give me liberty or give me death.
I guess the modern equivalent is "I want off this planet even if I might die getting to another one". |
|
| |
to trparky
said by trparky:If that means we as end users have a little less power, so be it. The huge fault in everything you've written is that the majority of these infections get in through users compromising their own security by bypassing checks and balances or attacks that are exploiting systems in ways that are not patched, at all, by anyone. The only part where I'd agree is that if Microsoft defaulted the primary user account to a standard user as opposed to an administrator, in which case Ransomware wouldn't even be an issue with Windows 7 / 8 / 10 and this thread's update would be a huge shrug. As I wrote above, you could simply recover yesterday's Previous Version on 7 / 8 / 10 if you were not running as an administrator since practically every ransomeware requires escalation to purge volume shadow copies. As Black Box inferred, you start locking people down and they're going to switch to Apple... like plenty of people I know have done since the abomination of Windows 8 and the barely corrective Windows 10. |
|
trparky
Premium Member
join:2000-05-24
Cleveland, OH ·AT&T U-Verse
1 recommendation |
trparky
Premium Member
2017-Jun-30 11:32 am
said by urbanriot:you start locking people down and they're going to switch to Apple I don't seem to have a problem with that. It's a great platform for the majority of people who just want to use a computer to get things done without worry. |
|
·
