Microsoft Plans Smartphone-Style Permission Prompts for Windows 11 Apps (bleepingcomputer.com)
- Reference: 0180782446
- News link: https://it.slashdot.org/story/26/02/12/184223/microsoft-plans-smartphone-style-permission-prompts-for-windows-11-apps
- Source link: https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-new-mobile-style-windows-security-controls/
A separate initiative called Windows Baseline Security Mode will enforce runtime integrity safeguards by default, allowing only properly signed apps, services, and drivers to run. Both changes will roll out in phases as part of Microsoft's Secure Future Initiative, which the company launched in November 2023 after a federal review board called its security culture "inadequate."
[1] https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-new-mobile-style-windows-security-controls/
Good idea but..... (Score:4, Insightful)
Would this apply equally to all applications including Microsoft's own? If not, this is yet another violation. Microsoft Teams, Microsoft Office, Outlook, etc. are all some of the largest perpetrators of this behavior. Windows itself is a large perpetrator of this same behavior and repeatedly ignores user choice.
Re: (Score:3)
For what it's worth, I do see Teams asking for OS location, camera, and mic permissions, but not other Office programs.
Re: Good idea but..... (Score:2)
It's frustrating as far as I'm aware there's no way for win32 apps to query if the microphone is allowed or not. Short of reading the registry. My programs are all audio based so it's a pain in the arse to talk a user through unblocking their mic in windows settings. They just expect it to work(which it used to...)
Re: (Score:1)
> For what it's worth, I do see Teams asking for OS location, camera, and mic permissions, but not other Office programs.
The last time I looked, Teams was installed by default in Windows 11. Has that changed?
Re: (Score:2)
Not sure, I can only speak from corporate experience. It may be installed by default, but it asks for permissions on first run.
Re: (Score:2)
Why do Excel/Word/Outlook need access to your location/camera/mic? Are you sure they're not asking for permission because they aren't using them?
Re: (Score:2)
They don't need that access and they don't ask as far as I'm aware. I think they're not asking because they're not using them.
Re: (Score:2)
Yeah, when are we getting the OS level override to tell any app that its DRM can fuck right off? Computing has lost its way when companies providing software have more control over our devices than the owner of the devices. Just because software comes from Microsoft, Adobe or any other major software provider doesn't mean it isn't malware. When a device is designed in a way that its security model treats the owner as an untrusted threat actor, software enforcing that model functions as malware with respect
Nope (Score:4, Interesting)
Nope, I would rather have an OS for a PC, not a smart phone. You've lost your way Microslop.
Re: (Score:2)
I wish desktop apps could work more like Android apps. Sure, some of them need to hook into the system a bit deeper, but a lot could be fully sandboxed. No need to install into the real filesystem, all files kept cleanly in one place and removed when the app is uninstalled. No permissions at all without explicit confirmation from the user.
You can do it with the tech Windows has already, but it's a pain.
Again? (Score:1)
You mean...UAC? The thing you have get a prompt for to access certain folders anyway? Recognized downloads, signed drivers, signed installers, and that awful new universal Windows whatever the hell protected folder, have to boot into Linux and bypass bitlocker to delete a corrupt Teams app new bullshit, all were train wrecks. How about they have Windows Babysitter Edition and Windows I Know What I'm Doing edition. Would that solve this?
Re: (Score:1)
You clearly can't tell the difference in motivation between FOSS' securirty linitations on behalf of the user, and microsoft's limitations to enforce vendor lock-in and potentially even control what applications the user can install. Low IQ post
Re: (Score:2)
To me the critical feature this is missing in access control like, know location, access a calendar etc, Is no but lie, most people just grant access because they want run the app they will say yes to anything. Just think of license agreements.
It will fail (Score:4, Insightful)
Like all the other things Microsoft recently tried to implement; it'll be implemented badly and will eventually be rolled back because it's broken state.
Re: It will fail (Score:2)
Yep, too many developers are just unwilling to do code signing, whether due to cost, privacy, or censorship concerns.
Re: It will fail (Score:2)
I don't sign my things because I am not willing to spend £100 a year to dox myself for a free project. Besides it's not as though code signing certifies quality only that it's the original file the developer released.
What permission groups do these cover? (Score:3)
This sounds nice, and macOS is pretty good at this, but I do wonder if there are ways to get around this. For example, accessing a photos repository via the filesystem and not a photos API, or accessing contact files directly as opposed to a contact API. Even with these permissions fairly tight, if the app can scoot around add/modify stuff, it can do ransomware, Trojans, or data exfiltration.
What many developers will do is just not bother with code signing and demand the user do some overrides, or do something similar to Macs, and force allowing "full disk access" for the program to run. Maybe even force the user to turn off the prompts, just like in the Vista days where users were told to turn off UAC.
Re: (Score:2)
Microsoft has that covered. Go try getting people to take the steps needed to run an unsigned driver, and live with various games and DRM'd crap refusing to run while the mode is active. You have to reboot, trigger the advanced boot menu, then choose to disable signature enforcement for the entire system, every time can't make it persistent, and must have SecureBoot disabled.
Now granted malware etc can evade that, but typically only by exploiting a loaded signed driver... no chance anything doing that doe
Bring back (Score:3)
Abort, Retry, Fail?_
Bring it back Microsoft, that was super intuitive. Since this is the AI era, have Bob and Clippy ask it.
Re: (Score:2)
And be sure to ask "Are you sure?" before looping back to Abort, Retry, Fail?_.
Re: (Score:2)
> Abort, Retry, Fail?_
> Bring it back Microsoft, that was super intuitive. Since this is the AI era, have Bob and Clippy ask it.
Since this is the AI era, have Clippy ask Bob to do it.
Details devil... (Score:2)
The concept sounds interesting, but what will matter is how it actually works (or does not work).
Microsoft itself biggest privacy threat (Score:2)
Let's see... Install windows, update it, attempt to get local login, shut off each drive search contents indexing and wait, attempt to shut off indexing, shut off inking, camera, attempt to make reporting minimal, attempt to shut off location--or just download Linux.
Pot, Meet Kettle (Score:4, Insightful)
> The company's Windows Platform engineer Logan Iyer said the move was prompted by applications increasingly overriding user settings, installing unwanted software, and modifying core Windows experiences without permission.
Excuese me, but aren't these behaviors already baked right into Windows 11?
Re: (Score:3)
>> The company's Windows Platform engineer Logan Iyer said the move was prompted by applications increasingly overriding user settings, installing unwanted software, and modifying core Windows experiences without permission.
> Excuese me, but aren't these behaviors already baked right into Windows 11?
Oh, they won't be warning users about the settings Windows updates change. The 'core Windows experiences' thing there is basically them whining that sometimes other software gives the users the chance to change default egregious Windows behavior for a more user-friendly setting. I'm guessing anything where an app currently changes Windows defaults, you'll get the choice in the app, then after changing the setting there, it'll pop-up an annoy nag screen to warn you you are breaking security, destroying your
Re: (Score:2)
Damn you, you beat me to it! ;-) Even to the point where the quote you chose was already in my clipboard before I read your post...
Re: (Score:2)
>> Excuese me, but aren't these behaviors already baked right into Windows 11?
> Sounds like he's a Lyer.....