So yeah, it took them a global ransomware pandemic before becoming serious about it. But hey at least they’re working on it.
The long-standing approach that operating systems have used to protect files is a mix of file ownership and permissions. On multi-user systems, this is broadly effective: it stops one user from reading or altering files owned by other users of the same system. The long-standing approach is also reasonably effective at protecting the operating system itself from users. But the rise of ransomware has changed the threats to data. The risk with ransomware comes not with another user changing all your files (by encrypting them); rather, the danger is that a program operating under a given user’s identity will modify all the data files accessible to that user identity.
In other words, if you can read and write your own documents, so can any ransomware that you run.
Microsoft’s attempt to combat this is called “Controlled folder access,” and it’s part of Windows Defender. With Controlled folder access, certain directories can be designated as being “protected,” with certain locations, such as Documents, being compulsorily protected. Protected folders can only be accessed by apps on a whitelist; in theory, any attempt to access a Protected folder will be blocked by Defender. To reduce the maintenance overhead, certain applications will be whitelisted automatically. Microsoft doesn’t exactly specify which applications, but we imagine that apps from the Store would automatically be allowed access, for example.
Judging from the looks of it, this is something similar as to what Bitdefender did with their anti-ransomware module.
*screenshot is not mine
It’s nice that Microsoft is finally upping their game when it comes to security. I assume that this feature will be turned off once the user installs a third party AV. All that is nice but what about ransomware that doesn’t only encrypt my personal files but the nasty ones that encrypt the master boot record like the notorious Petya ransomware? I don’t want to dismiss what Microsoft is doing but it seems it will only protect my personal files from unwanted encryption but not the master boot record? I guess all things will be revealed when third parties start testing it. I would love the idea of not paying anymore for third party AV and just sticking to the out of the box protection but I’ll believe it when I see it. Right now, I’ll stick to what works well [here & here].
I think this ransomware pandemic is a nice reminder to everyone especially to the computer anti-vaxxers that while Windows Updates are obtrusive and annoying, they’re essential and it might save your business since most of the ransomware attacks are on PCs that aren’t up to date with their patches.