Microsoft Readies Security Feature-Update for Windows 11 Needing an OS Reinstall to Use

[btarunr]

Microsoft is giving final touches to a what it refers to as a groundbreaking new security feature update for the Windows 11 operating system, which should significantly improve application-level security, and safeguard you from malicious apps based on the way they behave. Trouble is, to use the feature, you will have to reinstall your operating system (i.e. a clean reinstall), if you're on the current release of Windows 11, or any build that's older than the one that carries this update.

The Smart App Control feature by default blocks untrusted or uncertified applications from running on your PC, and unlike browser-level protections such as Smart Screen, is baked directly into the OS, and monitors application code at a process level, to detect potentially malicious application behavior. It does this using a combination of code-signing by the application publisher and an AI model for trust within the Microsoft cloud. The OS keeps in touch with the cloud 24x7 (whenever the PC is up), to receive the latest threat intelligence and AI model updates from the cloud. It's very likely that Smart App Control will be part of the next significant version milestone of Windows 11 (such as "22H2"), which means everyone on 22H1 or older will be made to reinstall to use it.



View at TechPowerUp Main Site | Source

 

[clopezi]

Smart App Control will be part of the next significant version milestone of Windows 11 (such as "22H2"), which means everyone on 22H1 or older will be made to reinstall to use it.

I hope this it's not true and a workaround will be available, because makes no sense that I can install Windows 7 and upgrade to 8, 10 and 11, and now we need a clean install for a new feature...

 

[DrCR]

I hope this it's not true and a workaround will be available, because makes no sense that I can install Windows 7 and upgrade to 8, 10 and 11, and now we need a clean install for a new feature...

Odd to me too. It feels like a requirement/recommendation from a couple of decades ago.

 

[delshay]

I hope this it's not true and a workaround will be available, because makes no sense that I can install Windows 7 and upgrade to 8, 10 and 11, and now we need a clean install for a new feature...

The problem here is, do user(s) still have they windows key going back that far. It maybe wise to track & backup your current key if a new install turns out to be true.

 

[Shihab]

So HIPS, but with the extra costs of having to trust Microsoft with [even more of] your data.
And, according to gHacks, you can't even exclude applications that MS disallows you to run.

Meh. Looks like just another smart screen-ish toggle to turn off.

 

[clopezi]

So HIPS, but with the extra costs of having to trust Microsoft with [even more of] your data.
And, according to gHacks, you can't even exclude applications that MS disallows you to run.

Meh. Looks like just another smart screen-ish toggle to turn off.

That's probably true, but the problem is if they would allow to update future releases without reinstalling, or this will be mandatory until now. It's my concern about it.

 

[SL2]

The problem here is, do user(s) still have they windows key going back that far. It maybe wise to track & backup your current key if a new install turns out to be true.

I'm not sure that going back to W7 is needed for people here that are used to do a clean install.

I mean, I've done the upgrade from W7 but that's just once for each computer thanks to GatherOSState.exe.

Installing W7 just to upgrade to W10 over and over again seems tedious, does anyone actually do that?

Edit: GatherOSState.exe lets you do a clean install directly, no upgrade needed. It's been too long since I did it lol.

 

[Deleted member 24505]

The problem here is, do user(s) still have they windows key going back that far. It maybe wise to track & backup your current key if a new install turns out to be true.

Windows usually saves it to your M$ account so there is usually not need to even enter it again.

 

[SL2]

Windows usually saves it to your M$ account so there is usually not need to even enter it again.

Or, keeps track of the HWID tied to the install for those that doesn't use MS account. At least for W10, dunno about W11.

 

[delshay]

Windows usually saves it to your M$ account so there is usually not need to even enter it again.

OK, never knew that. I don't have a Microsoft account & I have seen a small number of user(s) also claiming not to have one. It looks like I a maybe forced to open an account saving me storing multiple windows keys.

 

[SL2]

OK, never knew that. I don't have a Microsoft account & I have seen a small number of user(s) also claiming not to have one. It looks like I a maybe forced to open an account saving me storing multiple windows keys.

Dunno how that works, do you enter a key every time you install? I never enter any key, and it activates when I go online. No MS account.

 

[delshay]

Or, keeps track of the HWID tied to the install for those that doesn't use MS account. At least for W10, dunno about W11.

I would expect going forward W11 is supported, but what about older Windows keys???


EDIT: @Thread

I wonder if a new complete install kicks out those users that bypass W11 security feature? ie users without TPM.

 

[SL2]

I would expect going forward W11 is supported, but what about older Windows keys???

It is supported in W10, and IIRC, W8 as well. Which version of Windows are you using?

 

[ixi]

Reinstalling windows, me gusta, fresh n clean.

 

[delshay]

It is supported in W10, and IIRC, W8 as well. Which version of Windows are you using?

Mostly windows 7. ...But I have windows 10 & 8.0 disc & key also.

 

[SL2]

Mostly windows 7. ...But I have windows 10 & 8.0 disc & key also.

AFAIK, key handling, licensing and activation process haven't changed for either version so I doubt it will change for older versions.

 

[Bruno Vieira]

Smart App Control sounds like a nightmare to me and other devs whom often run self made programs or from other people, windows defender is already a pain. I hope I can just disable this thing all the time.

 

[genralramius]

This is the new Denuvo but it is M$ backed, so they want to make it harder to use open source apps. I think that you will need to pay a fee to be able to certify an app.
This is also going to be a nightmare for code developers as this will make it harder to run self made apps.

 

[Vayra86]

First TPM nonsense now this.

Do they even want to sell 11 or are they intent on making it fail with full certainty? The market share has already stalled completely, and for good reasons.

You don't want this, right? Why would you? The GUI has gone to complete shit, taskbar is worse than it ever was, it tries to be Apple but has none of its unique selling points, but all of its problems, and security apparently is full of holes.

I smell a Windows 8

 

[Bwaze]

So... Windows 12?

When was the last time an update required a reinstall? I imagine that means fresh install. That's really a bothersome requirement.

 

[SL2]

Do they even want to sell 11 or are they intent on making it fail with full certainty? The market share has already stalled completely, and for good reasons.

I dunno, I certainly don't expect Windows market share to go up no matter what they do.

 

[DeathtoGnomes]

The Smart App Control feature by default blocks untrusted or uncertified applications from running on your PC, and unlike browser-level protections such as Smart Screen, is baked directly into the OS, and monitors application code at a process level, to detect potentially malicious application behavior. It does this using a combination of code-signing by the application publisher and an AI model for trust within the Microsoft cloud. The OS keeps in touch with the cloud 24x7 (whenever the PC is up), to receive the latest threat intelligence and AI model updates from the cloud.

This is your telemetry hard at work. I wonder if there is a separate download you can install in offline mode. This cloud contact is BS and intrusive, its a step in the direction that m$ wants to go, complete cloud control, windows 11 as a service.

 

[Audioave10]

I still believe that it's all leading to a subscription service.

 

[SL2]

I still believe that it's all leading to a subscription service.

While not impossible, we've heard this for a decade by now.
I don't think it will happen, unless MS want's their market share to drop even more.

 

[Selaya]

Those Who Sacrifice Liberty For Security Deserve Neither.

in this case let me return you the favor, macroshit:
fuck you too.