Monday, February 27th 2017

Microsoft Adds Ability to Block Win32 Apps from Install on Windows 10

In a story headline that is sure to ruffle some reader's feathers, Microsoft has done exactly that: Added the ability to block installation of any app using the oldest remaining major API in Windows: Win32.

But hold on to your nerd-battlewagons, brave tech warrior. Microsoft is not enabling this feature by default. It is currently only in an experimental build, and per MS, it will not be on by default in any mainline build ever produced. It's simply there for "added security."

And yet, is this not a sort of admission of Win32's supposed inferiority from Microsoft? The fact that you can block this and not block the Windows Universal apps is in a way saying "here, these are safe. No, win32 is not."

Oh, and yes, if there is any question, this is an editorial in the fullest sense of the word. Enjoy.
What makes the Universal Windows platform safe? Is it the sandboxing inherent to the platform? Is it the finer grained permissions system the API provides? Yes, to a degree maybe. But I think the main tactic that Microsoft is taking to keep you safe is to take you out of the driver seat.

Think about that for a bit. That "Windows Store?" Is it any different from Apple's "App Store?" Who controls it? Who decides what gets in and what doesn't? What you see and what you don't? Here's a clue: It isn't the users. Even the word "App" is offensive to me personally, as a power user. I mean what the heck is an "app" anyways and where did my "applications" go? Was the word seriously too big to comprehend so they had to stupify it for the average user?

And yet, as I write this, I feel a tinge of remorse. I don't need this restraint. I don't need that MS-nanny-state watching over me. But I know a lot of people who do. Family. Elderly. People I love. People who mean well but don't know any better. Why should they? It took me most of my life to get here? Can I honestly ask them to devote the same dedication? Is that fair?

But still, this strikes me in an odd place. On one hand, I see it as good as I can turn this on for "problem users." On another hand, I can't help but see it as the first nail in the coffin of an API that puts you in the driver seat and makes you responsible for whatever you do there. Yes, that driver seat has power, and can do awesome things. It can also make you crash in a ditch and no amount of singing "Jesus Take the Wheel" will save you from something like a cryptolocker malware. I want to protect those people, but if MS ever pulls the plug on an API where I'm in charge and can wreck my computer properly, the next thing I'll be installing is the nearest OS that lets me break things again.

So, fellow user, I then turn the discussion to you. Where do you draw the line? When is too much taken away, and how much do we need to take away to protect those who are for lack of a better term "menaces on the highway?" What about those like me, who are menaces on the highway no matter what you do? Hmmm?
Source: MSPowerUser
Add your own comment

40 Comments on Microsoft Adds Ability to Block Win32 Apps from Install on Windows 10

#1
FordGT90Concept
"I go fast!1!11!1!"
If you can get by with everything you need through the Windows Store, enabling this security feature will disable 99.9% of viruses out there for Windows.

Apps can do harmful things but if they do, Microsoft reserves the right to remove them from the store. In this regard, it makes your desktop as secure as, for example, an iPhone.

It won't work for most people which is why they have it disabled by default. I can certainly see why they're making it an option (it's cheap to add and it ramps up the security a near infinite fold).


I already know someone that literally operates off Microsoft Edge and this would be perfect for her because it shuts out most harmful things found on the internet.


Edit: Two words: group policy. This is something enterprise customers want so Microsoft is giving it to them. Group policy has a lot of crazy restrictive settings in it but most users are completely clueless to it. I don't think it is anything to get worked up about.

Win32 is literally Microsoft's bread and butter. It's not going away any time soon. To disable it is to forbid decades worth of software from running.
Posted on Reply
#2
R-T-B
FordGT90ConceptIf you can get buy with everything you need through the Windows Store, enabling this security feature will disable 99.9% of viruses out there for Windows.

Apps can do harmful things but if they do, Microsoft reserves the right to remove them from the store. In this regard, it makes your desktop as secure as, for example, an iPhone.

It won't work for most people which is why they have it disabled by default. I can certainly see why they're making it an option (it's cheap to add and it ramps up the security a near infinite fold).


I already know someone that literally operates off Microsoft Edge and this would be perfect for her because it shuts out most harmful things found on the internet.
Yeah, if you can't tell by the editorial, I know a few who would benefit too.

I'm just concerned about the fact its possibly a step towards putting Win32 in a coffin. Albeit a small one. But we all start somewhere.

Right now, just a discussion starter more than a serious issue.

PS: I'm very tired today, so this is a bit more of a "wild and loose" editorial than my usual.
Posted on Reply
#3
chaosmassive
Oh, wow
M$ starting to make own app ecosystem in Windows now ?

Android and Apple has own app store
99% user using it just fine

and Windows starting to coerce user with it in Windows

so much for your 'security feature'
Posted on Reply
#4
MrGenius
Hell...I'm not even comfortable with the term "application". Let alone "app"...which I loathe. I was raised on "programs".
Posted on Reply
#5
R-T-B
chaosmassiveso much for your 'security feature'
That's my biggest issue with app stores really, is that I'm surrendering content control to a third party.

Some people need this. I certainly do not.
Posted on Reply
#6
chaosmassive
R-T-BThat's my biggest issue with app stores really, is that I'm surrendering content control to a third party.

Some people need this. I certainly do not.
its kinda 'mother knows best' things
Posted on Reply
#7
FordGT90Concept
"I go fast!1!11!1!"
R-T-BYeah, if you can't tell by the editorial, I know a few who would benefit too.

I'm just concerned about the fact its possibly a step towards putting Win32 in a coffin. Albeit a small one. But we all start somewhere.

Right now, just a discussion starter more than a serious issue.

PS: I'm very tired today, so this is a bit more of a "wild and loose" editorial than my usual.
I think worst case scenario is Microsoft enables it by default (like UAC) with major caution/warning telling users that disabling could expose the computer. I can't see them ever completely disabling it because the performance difference between UWP and Win32 is significant. They would lose too many customers if they didn't leave it.
Posted on Reply
#8
eidairaman1
The Exiled Airman
Dual Boot W10 with W7 or WXP
Posted on Reply
#9
R-T-B
eidairaman1Dual Boot W10 with W7 or WXP
I'd sooner date a penguin.
Posted on Reply
#10
FordGT90Concept
"I go fast!1!11!1!"
That second picture in the OP reminds me of trying to run a Win16 application on Windows 64-bit.


Edit: Also, the PortableExecutable (PE) header Win32 uses is archaic (literally designed more than two decades ago). Microsoft should maybe pursue creating an alternative to Win32 that isn't a walled garden.
Posted on Reply
#11
Prima.Vera
90% of the Games and Software out there are still using Win32 executables...
Posted on Reply
#12
Hossein Almet
Totally agreed with the editorial, personally I have a phobia for apps, they take the control away from you. Taking about security risk, what about the apps of the Windows store that are in themselves a security risk, and if so, will Microsoft takes responsibility for that. In my newly install Windows got crippled by Windows apps, namely I cannot update the graphic driver, and I cannot restore Windows to an early point. It costs me A$150 to get it check out. And I am advised not to any of the Windows apps in the meantime, until Windows store got the fix. But they've never informed you that Windows store got corrupted in the first place, how are they going to inform you it got the fix?
Posted on Reply
#13
R-T-B
FordGT90ConceptThat second picture in the OP reminds me of trying to run a Win16 application on Windows 64-bit.
Lol it is, I just picked it because I found it funny that an application called "Hope" was claiming it failed to run as win32. Went with my article's theme of "hope" for Win32's future slowly dwindling, in my very tired state of mind. :)
Posted on Reply
#14
RejZoR
So, this is really happening. We've been talking about this with AVAST Software staff during our meeting last month. Microsoft is trying to lock the OS down to what Apple has and wants to limit ecosystem around their dumb universal whatever apps. Despite malware and stuff, this is the future I don't want. If I'd want stupid Apple and their Mac, I'd be using that. I'm on Windows for a reason. And that reason is universal modularity and freedom of what I bloody want to run and from where.
Posted on Reply
#15
Fierce Guppy
"Windows Store"? What is this thing of which you speak?
Posted on Reply
#16
Gundem
RejZoRSo, this is really happening. We've been talking about this with AVAST Software staff during our meeting last month. Microsoft is trying to lock the OS down to what Apple has and wants to limit ecosystem around their dumb universal whatever apps. Despite malware and stuff, this is the future I don't want. If I'd want stupid Apple and their Mac, I'd be using that. I'm on Windows for a reason. And that reason is universal modularity and freedom of what I bloody want to run and from where.
I hear that!
Posted on Reply
#17
huguberhart
There have already been write ups, about version of OS for institutions without dedicated or outsourced administrator. Microsoft is simply trying to match Google and Apple.
@RejZoR , you don't seem to know how that works. there are similar options in the Apple system. Only App Store, Signed Apps or anything.
Posted on Reply
#18
TheDeeGee
Fierce Guppy"Windows Store"? What is this thing of which you speak?
Indeed, it's the first thing i uninstalled with Powershell, together with the Xbox App.
Posted on Reply
#19
BrainCruser
Prima.Vera90% of the Games and Software out there are still using Win32 executables...
90%? Try 99.99%
Posted on Reply
#20
Endeavour
The problem with this is that it may be a way to gradually force you into the store.
In the past Telemetry was also opt-in. Then it was opt-out. Now you can´t turn it off unless you buy the enterprise version of Win10.

In a few months we will have the free Windows 10 Cloud OS with no Win32 app support. To be able to use Win32 apps you'll need to buy a home/pro license for $150 (if you don´t have one already). And some years from now it may be only available on enterprise versions.
I wouldn´t be surprised if some manufacturers start shipping their PCs/laptops with Win 10 Cloud only.

And BTW, looking at the current trends, it´s only a matter of time before the paid version of Windows becomes a subscription service too.
Posted on Reply
#21
Hossein Almet
FordGT90ConceptIf you can get by with everything you need through the Windows Store, enabling this security feature will disable 99.9% of viruses out there for Windows.

Apps can do harmful things but if they do, Microsoft reserves the right to remove them from the store. In this regard, it makes your desktop as secure as, for example, an iPhone.

It won't work for most people which is why they have it disabled by default. I can certainly see why they're making it an option (it's cheap to add and it ramps up the security a near infinite fold).


I already know someone that literally operates off Microsoft Edge and this would be perfect for her because it shuts out most harmful things found on the internet.


Edit: Two words: group policy. This is something enterprise customers want so Microsoft is giving it to them. Group policy has a lot of crazy restrictive settings in it but most users are completely clueless to it. I don't think it is anything to get worked up about.

Win32 is literally Microsoft's bread and butter. It's not going away any time soon. To disable it is to forbid decades worth of software from running.
What about the apps from Windows Store that got the bugs? What more, Windows seem to be oblivious to them.
Posted on Reply
#22
Shihab
Tim Sweeney's gonna have a field day with this...
FordGT90ConceptI think worst case scenario is Microsoft enables it by default (like UAC) with major caution/warning telling users that disabling could expose the computer. I can't see them ever completely disabling it because the performance difference between UWP and Win32 is significant. They would lose too many customers if they didn't leave it.
For which API, UWP or Win32? Care to elaborate?
Posted on Reply
#23
Camm
You thought the anti-trust lawsuits over AV & Web Browsers was big, if Microsoft actually made this default, they would be dwarfed by magnitudes. Not to mention Enterprise would freak the fuck out and expedite moves to any platforms it can.

All this is ultimately is tin foil hatting.
Posted on Reply
#24
Tsukiyomi91
MS is gonna get some flak soon... expect them to get burned gloriously.
Posted on Reply
#25
qubit
Overclocked quantum bit
I think that Microsoft has introduced this feature for these reasons and in this order:

1 To eventually make it mandatory to only install approved apps from their Windows Store. They then get a cut of all revenue generated, just like Apple do. And Apple take a hefty 30%. Just think what a money spinner it would be for Microsoft. It will take them a long time, but they've got it. I believe Google gets a cut from the Play Store too, but don't quote me.

2 Control what you can run on your computer. Control is power in many different forms.

3 Improve the security of your computer to reduce the likes of garbage like cryptolocker from infecting it.
R-T-BOh, and yes, if there is any question, this is an editorial in the fullest sense of the word. Enjoy.
Shame on you! :p Keep 'em coming.
Posted on Reply
Add your own comment
Nov 21st, 2024 12:45 EST change timezone

New Forum Posts

Popular Reviews

Controversial News Posts