Win 10 Update - Controlled folder access


#1

So here is something new to combat ransomware (assuming the folder security doesn’t have an exploit) coming in the currently rolling out Win 10 Fall Creators Update. Fundamentally, it’s just a nice user interface on top of standard Windows permissions and a new default that locks down more folders to prevent any program with any access level from being able to rewrite your standard document folders.

Because that’s what MS have recommended over the years: that all saves and settings be put into My Documents or My Games in My Docs or My Saves in My Docs. There is also the SaveGames special location, but it’s rarely been embraced, and also the appdata stuff (which this seems to not include by default - which makes me think the expectation is not to whitelist every single app you regularly use). But it does look like this will cause issues for most games (at least those that don’t just use Steam cloud folders for all their stuff) if you turn it on and possibly won’t be as graceful as you’d want (as full-screen games hide action centre notifications like this that will require you to whitelist them before saves work (but loading shouldn’t be affected so you may not notice immediately unless you try to change a setting and it doesn’t stick).

Thoughts? Should MS have thought through a different solution to this issue (as folder permissions under Windows is typically pretty transparent to user compared to how *Nix OSs have forced users to engage with them) or is this a necessary change that we’ll just have to get used to (and game installers will need to start asking for whitelist permission on installation - assuming there’s an API to make that request)?


#2

Providing that this “feature” isn’t exploitable right away, I believe that everything that gives power and customisation options, albeit limited by a friendly “I mask every advanced options” interface, to the end user is a good thing. The topic of security is crucial in every software environment, and every developer must take into account the recommendation of the os when they decide to write code for the actual platform.

Having said that, I have to admit that this approach seems to introduce just another layer of protection atop every other single protection layers in the os. The need to vertical whitelisting a lot of folders seems very cumbersome, and that some sort of autofix general rule for previous installed Steam games will be very appreciated. Maybe Microsoft can implement a scan for non malicious applications and automatically add them to the whitelist, so the user doesn’t have to hassle to do this by themselves and just review the results.


#3

It wasn’t On for me by default, which defeats the purpose to some degree. People who aware of that sort of stuff are better protected anyway, and people who don’t – not gonna know it’s there.


#4

Ideally they’d split out a program-accessible user area from a purely user-accessible user area, but the current structure already exists. I guess that’s what SaveGames and AppData could have provided, but not many games use them and I believe a large part of the rationale behind putting that sort of data in Documents in the first place was because that’s what people back up and carry easily from system to system.

To me it seems that the least disruptive thing would be to create a new secure area that programs can’t access without explicit permission, but that only works if users move all their stuff there, which the majority wouldn’t. But with how they’ve done it, either whitelisting programs will be easy and people will start doing it as a matter of course, not paying attention to what’s asking (and of course malicious programs will masquerade as something benign), or it will be a huge pain in the neck that completely stumps non-expert users.

I guess @JayPi’s suggestion of a curated whitelist with presumably a more awkward manual whitelisting process is probably the best approach, but that kind of thing is tough on smaller unrecognised developers.

EDIT: @onsamyj You’re right, that does kind of defeat the purpose. Maybe they’re going to give developers time to adjust before enabling it by default in a later update?