Windows 11 Smart App Control to Require Clean Install of Windows
As part of its recent campaign to make Windows the platform of choice for “hybrid work,” Microsoft is rolling out a new security feature. It’s called Smart App Control and it’s kind of like Windows Defender SmartScreen on steroids. This new feature aims to prevent malicious apps from being installed by unwitting users. While that’s certainly a noble goal, there’s just one problem: in order to run it you’ll have to perform a clean installation of Windows. Though the hardcore among us used to boast about regularly nuking and reinstalling Windows to maintain peak performance, that’s no longer the case. Now we boast about how long we go without having to reinstall Windows. That’s because it’s a pain reinstalling all our apps and programs we spent years tweaking. Also with SSDs, Windows usually runs quite fast, even after years of uptime.
The new security feature appeared in a recent Windows Inside build of Windows 11, and the company has described it in a recent blog post. According to Microsoft, “Smart App Control goes beyond previous built-in browser protections and is woven directly into the core of the OS at the process level. Using code signing along with AI, our new Smart App Control only allows processes to run that are predicted to be safe based on either code certificates or an AI model for application trust within the Microsoft cloud.” The company says its cloud processes an incredible 24 trillion “security signals” every 24 hours. It’s this data that it will use to predict which apps are malicious.
The rub is if you enable it on a system with pre-installed apps, it won’t be able to examine them prior to them being installed. The company doesn’t say why it can’t examine already installed apps, like a virus scanner of sorts. Microsoft only states, “Smart App Control will ship on new devices with Windows 11 installed. Devices running previous versions of Windows 11 will have to be reset and have a clean installation of Windows 11 to take advantage of this feature.”
According to a summary of it by Ghacks.net, after a clean install you can enable it but it runs in evaluation mode. In this mode it examines your PC usage to determine if it should be enabled or not. It won’t block anything in this mode as it’s merely examining the situation. After this trial period is over, the software will either turn itself on or off. Alternatively, admins can choose to enable it or not. However, if you turn it on and then disable it later, you’ll need to do a clean install of Windows again.
Here’s the rub with just turning it on and letting it do its thing; there doesn’t appear to be any workaround for it blocking an application. Smart App Control will flag and block applications based on three criteria: known malicious applications, untrusted apps, and potentially bad software. In order to determine if an app is trusted or not, Microsoft relies on signed software and usage. Unsigned apps that its cloud doesn’t recognize will be blocked. This could be a problem since an app can be untrusted but still safe. You might have an obscure app you’ve run for 10 years that Microsoft won’t like, for example. It will block the installation of these apps, and there’s no way to add them to a “white list.” That could be a problem for a lot of users for obvious reasons. (Legitimate applications with a relatively small number of users are likely to run into this problem. Many benchmarks and less-common applications I’ve used over the years have run afoul of SmartScreen -Ed)
Hopefully Microsoft figures out a way to either enable it without a clean installation. At the very least, the company could allow some kind of exclusion list for certain apps. Even Apple allows you to override its security suggestions by typing your password and clicking several buttons. It’s possible Microsoft will rethink this, as its blog post notes it’s still in its early stages. In its blog post highlighting the new security features, it concludes with, “More details on this feature will be shared in the future.”
Continue reading
Microsoft: Pluton Chip Will Bring Xbox-Like Security to Windows PCs
Intel, AMD, and Qualcomm are working to make Pluton part of their upcoming designs, which should make PCs more difficult to hack, but it also bakes Microsoft technology into your hardware.
Apple: ‘It’s Up to Microsoft’ to Get Windows Running on New ARM Macs
According to Apple, the question of supporting Windows on the M1 is entirely in Microsoft's court.
How Does Windows Use Multiple CPU Cores?
We take multi-core awareness for granted these days, but how do the CPU and operating system communicate with each other in the first place?
Minecraft With Ray Tracing Now Available for All Windows 10 Players
You don't usually think of Minecraft as a realistic game, but the developers have been hard at work adding RTX ray tracing to the game for the last eight months. It's finally out of beta today, and it really works with the blocky look of Minecraft.