"controlled folder access"
You mean protection like Defense+ in the free Comodo Firewall has been giving me for the last decade?
A below-the-radar security feature in the Windows 10 Fall Creators Update, aka version 1709 released last week, can stop ransomware and other file-scrambling nasties dead. The controlled folder access mechanism within Windows Defender prevents suspicious applications from changing the contents of selected protected folders. …
Genuinely curious. What's wrong with Comodo? Has been fine for me for years and seems quite powerful. I'm aware they've pretty much stolen Process Explorer it would seems with their version that looks shockingly similar. But still been good.
Only issue is GeekBuddy. That should be avoided and I guess we should be pulling them up just for that alone.
Genuinely curious. What's wrong with Comodo?
Maybe some here don't like it because the initial setting up is (was - last time I used Comodo was in 2008 before I went to mainly Linux) a bit annoying. All that thinking!
Not like the Windows firewall, which may or may not be turned on (you can't be sure) and just does it's thing, quietly letting anything and everything through protecting you from all them nasties! (at least that's what the marketing dept claim)
I'd also love to hear someone suggest flaws in Comodo, as my memory of it is good and I may end up suggesting it to someone stuck with Windows - would hate to make their machines even less secure!
so how much of a pain IS it to set up everything to be "scramble-proof"? And when will the ransomware be smart enough to "un-do all of that" ?
I'm guessing that it's NOT password protected with a separate pass-phrase, nor write protected with something that's truly tamper-proof.
and without much review, we only have Microsoft's claims about its features...
/me hope it actually works, but I suspect that maybe it's not worth the hype.
It can be disabled with the following PS command:
Set-MpPreference -EnableControlledFolderAccess Disabled
It does need to be ran as Administrator, but that's trivial to work around.
It's a false sense of security, if any. Educating users is still the best cure.
"It does need to be ran as Administrator, but that's trivial to work around."How is that trivial to work around? Users on Windows 10 won't have admin access without at least a warning prompt to elevate access.
You mean that thing that's on the screen briefly before the user clicks the "make it go away!" button? Or the one that defaults to the "allow" button being selected, which gets "clicked" when the user presses their space button. Which is not very often really, only every 4-5 characters typed or so....
Not knowing how the permissions mechanism works, but my plan to defeat it would be 1) to bombard the user with prompts (making the reason sound safe enough, eg "Mostwonderousfreebackup.exe needs to access your data to protect it, allow (yes/no)?" in the expectation that they'll hit "yes" (what turned UAC into just another Useless Annoying C...) or b) use a trojan that acts much like A.
Now, a versioning system that can detect wholesale changes to user's files and maybe take action (without having a simple yes/no prompt the user can make go away quickly but something that sticks around and explains itself fairly carefully - no I don't know how this can be achieved sorry!) , and make sure that the previous copy of the user's files cannot be touched - that would be good. Of course a quick defeat to that is to fill the HDD with stuff so there's no space left.
Maybe the versioning software can send the file that's making the changes back to HQ (and other places, ie competing AV firms) for analysis, and hold it's execution till cleared?
Unfortunately any security system that requires the average user to select "no" several times a day is doomed to failure.
"You mean that thing that's on the screen briefly before the user clicks the "make it go away!" button?"
Only if they have admin rights. Most corporate users wont. This cant beat a determined idiot with admin rights, but it's a good start....
"You mean that thing that's on the screen briefly before the user clicks the "make it go away!" button?"Only if they have admin rights. Most corporate users wont. This cant beat a determined idiot with admin rights, but it's a good start....
I suspect there may be some management issues there as well.. (ie manager demanding certain things be allowed which shouldn't).
"Except here the group policy disables UAC as the C-Level kept complaining about the pop-ups..."You let USERS have admin rights?! And then disable the safeguards?! Good luck with staying in business...
Typically, if you don't let C-level types have their way, they send you on your way.
"Typically, if you don't let C-level types have their way, they send you on your way."
And typically companies have processes and policies around admin rights that you get fired for ignoring. I have worked in many many varied companies and NEVER do standard user accounts get admin rights. If a C-type REALLY needs admin access then it's via a separate admin login with no profile / email etc so that you just use it when admin is actually required. Someone in your company isn't managing their users properly and you have a weak security policy and processes.
As I said, good luck with staying in business...
And typically companies have processes and policies around admin rights that you get fired for ignoring.
Ah yes, the old "I'll fire THE BOSS because I'm IT and therefore bigger than he is. Hello Jake, never knew you to post AC! :)
If a C-type REALLY needs admin access then it's via a separate admin login with no profile / email etc so that you just use it when admin is actually required.
"What? I don't want to bother with that. My time is important, I don't want to stuff around logging out and back in. Give me permanent admin access or you're fired and I'll get someone in who can do what they're told!". Or words to that effect.
As I said, good luck with staying in business...
Many of these companies still seem to be surviving quite well actually. YOU, however, would be out at best at the next contract renewal if you don't let some of these people get their own way.
It works better if you realise they missed the log out/log back in the setup help. Didn't check if it applies changed folder lists but it doesn't update your app whitelist without it. Cue much annoyance.
Also if you're using a 'select folder' file dialog it will just silently fail to write. No warning. Be careful.
Yes, I read the article, had a look and it's greyed out. Even the normally pretty useless "Microsoft Community" (Where shills meet to defend the mother ship) has this documented. To use this protection you have to rely only on the less safe MS AV. It's the IT equivalent of saying "Take off your condom and use the rhythm method".
I always have a sinking feeling when I read about falling creators.
Will they ever land?
With luck they'll land somewhere in Red, and I do mean 'red', mond.
Insert lyrics from 'Beautiful Streamer' or 'Blood on the Risers' here. http://home.hiwaay.net/~magro/parasongs.html
Airborne!
Will hijack your browser or Outlook or some other whitelisted application and use it to encrypt your folders. It isn't as if those applications don't always have a lengthy list of patches every month, finding such an attack will be pretty easy.
I don't see this as a long term solution, it is fixing last year's problem while the malware guys are already working on next year's nasties.
"Will hijack your browser or Outlook or some other whitelisted application and use it to encrypt your folders. "
You have posted this in reply to a comment that Outlook wasn't one of the whitelisted apps.
Presumably the whitelisted apps have to be digitally signed and will lose their white-listing if they import DLLs that aren't also approved. There's no reason why this can't be made watertight. It doesn't look to be using anything that hasn't been part of the Windows kernel for about a decade. Having said that, I will grant you that whether it is actually effective is another matter.
So if this feature is for Defender and Defender is supplied with Windows and Windows 7 is still supported will Microsoft get sued if someone gets ransomware that would have been stopped by something they didn't add to Windows 7 because they are trying to get everyone on Windows 10?
I'm making the assumption this is not being added to Windows 7.
A new feature that adds security and fixes a problem that allows ransomware to propagate on a machine.
If the OS was secure then it wouldn't be needed however it is therefore it's a fix to a problem.
Lets say a variant of ransomware infects Windows 7 machines but not Windows 10 due to this "feature", you could argue that Microsoft was negligent in not adding this to Windows 7 leaving users vulnerable as they are obliged to supply security fixes.
You say tomato, I say potato.
'Windows Defender' on Win 7 is a useless application which tries and fails to do something about spyware. 'Windows Defender' on Win 8 and later, including Win 10, is an application of quite limited use which attempts to do something about malware in general, including spyware, but which is not the best antimalware app ever made. There are notable differences between Defender on Win 8/8.1 and Defender on Win 10; this feature is merely one more. Defender on Win 8 was built on the bones of Microsoft Security Essentials, for Win 7. They are not the same application. Defender on Win 10 has the same name but is not the same application as Defender on Win 8/8.1. If you want the features of Defender on Win 10, you have to be running Win 10. In other words, no, this won't be backported to Security Essentials on Win 7. And, no, this won't be backported to Defender on Win 8/8.1. Go ahead and sue. You will lose.