Click here: to donate by Credit Card
Or here: to donate by PayPal
Or by mail to: Free Republic, LLC - PO Box 9771 - Fresno, CA 93794
Thank you very much and God bless you.
Posted on 05/10/2025 5:42:53 AM PDT by daniel1212
...A new round of security features scheduled to appear in Windows 11 over the next year will address more fundamental security concerns....
The biggest security issue is that the overwhelming majority of Windows users run using an account with administrator privileges. ..
The fix is a feature called Administrator Protection, which gives the user standard permissions by default. If they need to perform an action that requires administrator rights, such as installing an app or changing a system setting, they'll need to authenticate using Windows Hello biometrics or a device-specific PIN. That authorization creates a temporary token that is valid only for the current action and is destroyed as soon as the task is completed. Microsoft argues that this change will be "disruptive to attackers as they no longer have automatic, direct access to the kernel or other critical system security without specific Windows Hello
The addition of Windows Hello is the game-changer here. Being able to authenticate using biometrics instead of having to enter a password should reduce the hassle factor dramatically. authorization."...
A second feature, Smart App Control, is designed to block malware by preventing unknown apps from running on a Windows 11 PC. Apps that are well known will run without issue, but unsigned and unfamiliar apps will be prevented from running; the feature will also block all scripts from the internet, including those that try to leverage PowerShell as a vector for installing malware.
Smart App Control will be on by default for consumer PCs. In corporate environments, IT administrators will need to enable App Control for Business policies and select a "signed and reputable policy" template; they can then add internal apps using management tools.
(Excerpt) Read more at zdnet.com ...
Click here: to donate by Credit Card
Or here: to donate by PayPal
Or by mail to: Free Republic, LLC - PO Box 9771 - Fresno, CA 93794
Thank you very much and God bless you.
Also: Microsoft blocked your Windows 11 upgrade? This trusty tool can (probably) fix that.
Since I rely on such proven safe third party tools as Explorer Patcher and Open Shell to regain lost functionality MS removed, then I may be turning off Smart App Control. And MS better not prevent adding registry scripts. .
Thank God for tools to be used for good in God's sight in Christ
Another move towards replacing personal home computers with little more than dumb terminals.
ping
 |  |
|---|
Thanks to daniel1212 for the ping!
> The fix is a feature called Administrator Protection, which gives the user standard permissions by default.
On the one hand, IT'S ABOUT BLOODY TIME!!! (Speaking as an IT/Security professional, that is)
I've used Windows continuously since Windows 2.0, every release, every SP and update. It's been a long road, and while this latest improvement is welcome, it's way, way late.
On the other hand, this will make the user complaints from XP-SP2's enhanced security and Vista's UAC (User Account Control) look like a walk in the park.
Windows started life with ZERO security. None whatsoever. Because it was a single-user toy operating system bolted on top of MS-DOS.
Windows NT4 / 2000 / XP were good attempts to start over with a real operating system, but they were rapidly crippled by trying to make NT work like Windows 95/98.
25 years ago Microsoft started trying to bolt on various "fixes" to make the thing more secure (like the two I listed above).
Finally, 40 years after Unix (and then Linux) had actual security (including default non-privileged user accounts), Microsoft admits that maybe Windows should try to be secure by default?
> A second feature, Smart App Control, is designed to block malware by preventing unknown apps from running on a Windows 11 PC.
Gee, sorta like MacOS has had for years? What a great new concept, MS, behind the times as usual.
I have mixed feelings about it being opt-out for consumers (I guess that means "Home" editions) but opt-in for businesses (I guess that means "Pro" editions, or maybe if the computer is domain-joined).
I use the "Pro" edition at home (in a VM) although I don't have a domain at home. So I'm hoping it means "domain-joined". These days I only use Windows to run Windows-only applications, none of which require a live internet connection or exchange data with clouds, so my Windows VMs are pretty well isolated. We'll have to see how this plays out.
Apologies for my kvetching above, the day started with much unexpected computer unhappiness and it sorta set me off.
I appreciate your posting the article; I hadn't seen it when it came out in November, so the reminder is helpful and timely. :-)
And... Happy Mothers Day! however it may apply....
I think the original of that photo had an Apple Macintosh on the desk, not an IBM-PC....
That’s not very reassuring.
On the one hand, IT'S ABOUT BLOODY TIME!!! (Speaking as an IT/Security professional, that is)
I've used Windows continuously since Windows 2.0, every release, every SP and update. It's been a long road, and while this latest improvement is welcome, it's way, way late.
On the other hand, this will make the user complaints from XP-SP2's enhanced security and Vista's UAC (User Account Control) look like a walk in the park. Which is why I intend to disallow it.
Finally, 40 years after Unix (and then Linux) had actual security (including default non-privileged user accounts),
I have to choose to install programs and click thru "you do not have permission" obstacles. Have not seen the need for more, thanks be God.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.