Monday, February 27th 2017
Microsoft Adds Ability to Block Win32 Apps from Install on Windows 10
In a story headline that is sure to ruffle some reader's feathers, Microsoft has done exactly that: Added the ability to block installation of any app using the oldest remaining major API in Windows: Win32.
But hold on to your nerd-battlewagons, brave tech warrior. Microsoft is not enabling this feature by default. It is currently only in an experimental build, and per MS, it will not be on by default in any mainline build ever produced. It's simply there for "added security."
And yet, is this not a sort of admission of Win32's supposed inferiority from Microsoft? The fact that you can block this and not block the Windows Universal apps is in a way saying "here, these are safe. No, win32 is not."
Oh, and yes, if there is any question, this is an editorial in the fullest sense of the word. Enjoy.What makes the Universal Windows platform safe? Is it the sandboxing inherent to the platform? Is it the finer grained permissions system the API provides? Yes, to a degree maybe. But I think the main tactic that Microsoft is taking to keep you safe is to take you out of the driver seat.
Think about that for a bit. That "Windows Store?" Is it any different from Apple's "App Store?" Who controls it? Who decides what gets in and what doesn't? What you see and what you don't? Here's a clue: It isn't the users. Even the word "App" is offensive to me personally, as a power user. I mean what the heck is an "app" anyways and where did my "applications" go? Was the word seriously too big to comprehend so they had to stupify it for the average user?
And yet, as I write this, I feel a tinge of remorse. I don't need this restraint. I don't need that MS-nanny-state watching over me. But I know a lot of people who do. Family. Elderly. People I love. People who mean well but don't know any better. Why should they? It took me most of my life to get here? Can I honestly ask them to devote the same dedication? Is that fair?
But still, this strikes me in an odd place. On one hand, I see it as good as I can turn this on for "problem users." On another hand, I can't help but see it as the first nail in the coffin of an API that puts you in the driver seat and makes you responsible for whatever you do there. Yes, that driver seat has power, and can do awesome things. It can also make you crash in a ditch and no amount of singing "Jesus Take the Wheel" will save you from something like a cryptolocker malware. I want to protect those people, but if MS ever pulls the plug on an API where I'm in charge and can wreck my computer properly, the next thing I'll be installing is the nearest OS that lets me break things again.
So, fellow user, I then turn the discussion to you. Where do you draw the line? When is too much taken away, and how much do we need to take away to protect those who are for lack of a better term "menaces on the highway?" What about those like me, who are menaces on the highway no matter what you do? Hmmm?
Source:
MSPowerUser
But hold on to your nerd-battlewagons, brave tech warrior. Microsoft is not enabling this feature by default. It is currently only in an experimental build, and per MS, it will not be on by default in any mainline build ever produced. It's simply there for "added security."
And yet, is this not a sort of admission of Win32's supposed inferiority from Microsoft? The fact that you can block this and not block the Windows Universal apps is in a way saying "here, these are safe. No, win32 is not."
Oh, and yes, if there is any question, this is an editorial in the fullest sense of the word. Enjoy.What makes the Universal Windows platform safe? Is it the sandboxing inherent to the platform? Is it the finer grained permissions system the API provides? Yes, to a degree maybe. But I think the main tactic that Microsoft is taking to keep you safe is to take you out of the driver seat.
Think about that for a bit. That "Windows Store?" Is it any different from Apple's "App Store?" Who controls it? Who decides what gets in and what doesn't? What you see and what you don't? Here's a clue: It isn't the users. Even the word "App" is offensive to me personally, as a power user. I mean what the heck is an "app" anyways and where did my "applications" go? Was the word seriously too big to comprehend so they had to stupify it for the average user?
And yet, as I write this, I feel a tinge of remorse. I don't need this restraint. I don't need that MS-nanny-state watching over me. But I know a lot of people who do. Family. Elderly. People I love. People who mean well but don't know any better. Why should they? It took me most of my life to get here? Can I honestly ask them to devote the same dedication? Is that fair?
But still, this strikes me in an odd place. On one hand, I see it as good as I can turn this on for "problem users." On another hand, I can't help but see it as the first nail in the coffin of an API that puts you in the driver seat and makes you responsible for whatever you do there. Yes, that driver seat has power, and can do awesome things. It can also make you crash in a ditch and no amount of singing "Jesus Take the Wheel" will save you from something like a cryptolocker malware. I want to protect those people, but if MS ever pulls the plug on an API where I'm in charge and can wreck my computer properly, the next thing I'll be installing is the nearest OS that lets me break things again.
So, fellow user, I then turn the discussion to you. Where do you draw the line? When is too much taken away, and how much do we need to take away to protect those who are for lack of a better term "menaces on the highway?" What about those like me, who are menaces on the highway no matter what you do? Hmmm?
40 Comments on Microsoft Adds Ability to Block Win32 Apps from Install on Windows 10
Apps can do harmful things but if they do, Microsoft reserves the right to remove them from the store. In this regard, it makes your desktop as secure as, for example, an iPhone.
It won't work for most people which is why they have it disabled by default. I can certainly see why they're making it an option (it's cheap to add and it ramps up the security a near infinite fold).
I already know someone that literally operates off Microsoft Edge and this would be perfect for her because it shuts out most harmful things found on the internet.
Edit: Two words: group policy. This is something enterprise customers want so Microsoft is giving it to them. Group policy has a lot of crazy restrictive settings in it but most users are completely clueless to it. I don't think it is anything to get worked up about.
Win32 is literally Microsoft's bread and butter. It's not going away any time soon. To disable it is to forbid decades worth of software from running.
I'm just concerned about the fact its possibly a step towards putting Win32 in a coffin. Albeit a small one. But we all start somewhere.
Right now, just a discussion starter more than a serious issue.
PS: I'm very tired today, so this is a bit more of a "wild and loose" editorial than my usual.
M$ starting to make own app ecosystem in Windows now ?
Android and Apple has own app store
99% user using it just fine
and Windows starting to coerce user with it in Windows
so much for your 'security feature'
Some people need this. I certainly do not.
Edit: Also, the PortableExecutable (PE) header Win32 uses is archaic (literally designed more than two decades ago). Microsoft should maybe pursue creating an alternative to Win32 that isn't a walled garden.
@RejZoR , you don't seem to know how that works. there are similar options in the Apple system. Only App Store, Signed Apps or anything.
In the past Telemetry was also opt-in. Then it was opt-out. Now you can´t turn it off unless you buy the enterprise version of Win10.
In a few months we will have the free Windows 10 Cloud OS with no Win32 app support. To be able to use Win32 apps you'll need to buy a home/pro license for $150 (if you don´t have one already). And some years from now it may be only available on enterprise versions.
I wouldn´t be surprised if some manufacturers start shipping their PCs/laptops with Win 10 Cloud only.
And BTW, looking at the current trends, it´s only a matter of time before the paid version of Windows becomes a subscription service too.
All this is ultimately is tin foil hatting.
1 To eventually make it mandatory to only install approved apps from their Windows Store. They then get a cut of all revenue generated, just like Apple do. And Apple take a hefty 30%. Just think what a money spinner it would be for Microsoft. It will take them a long time, but they've got it. I believe Google gets a cut from the Play Store too, but don't quote me.
2 Control what you can run on your computer. Control is power in many different forms.
3 Improve the security of your computer to reduce the likes of garbage like cryptolocker from infecting it. Shame on you! :p Keep 'em coming.