SoylentNews is people
SoylentNews
Martin Brinkmann over at ghacks.net brings us info on Windows 10 security changes:
The company started to open up only recently and reveal additional information about Windows 10. It published a lengthy blog post today on the Windows For Your Business blog that details security improvements coming to the operating system.
Aimed at business and enterprise customers, it provides insight for consumers as well.
One of the changes discussed in the blog post is how Microsoft plans to change how users identify themselves on the system. Microsoft plans to eliminate single-factor authentication systems such as user/password log ins by building improved protection right into the operating system.
Yeah, I know we're way off normal in Linux usership around here but we still have relatives whose computers we have to fix, so...
(Score: 0) by Anonymous Coward on Thursday October 23 2014, @05:29PM
The issue is that if you only allow trusted code, then you will not get haxed as easily because some moron clicked on some email "screensaver".
It means, computers should not trust their users on what to do. Security problems tend to be concentrated between the computer and the chair anyway.
(Score: 2) by monster on Friday October 24 2014, @07:04AM
If the "screensaver" used a Microsoft provided signing service, it doesn't protect at all.
App signing has been around since XP at least and all it means is that it is slightly more difficult to get some malware to run on a system (unsigned would mean a warning, but signing certificates are easy to get if you fork the money), but it also means many false positives (a lot of software isn't signed, specially old programs) and a money grab to the developers, who now have to buy that signing service to not get said warnings.
What Microsoft should do instead is a category-based permission system, like smartphones. So this "screensaver" app requires: Install device drivers, access to system files, read private folders and access to the net? Let the user choose if that is reasonable for a screensaver, or even if she wants to deny some of them. Legacy software would require custom manifest files, but that's not all that different from the current situation with compatibility modes, so it would be doable.
(Score: 2) by urza9814 on Monday October 27 2014, @04:39PM
I can't tell you how much software I've installed that has included an instruction along the lines of 'If you get a security exception saying this program is not signed, tell it to install anyway'
So now they'll just include instructions saying how to disable the whitelist feature, and users will blindly follow along whether they're installing Free Puppy Screesaver 2000 or an Oracle database...
Not that I'm not a bit concerned -- at work we're using Windows XP laptops, and I don't have admin rights to mine (apparently *some people* have admin rights, there doesn't appear to be any logic in place on that.) It's also fairly common for us to pass around software like WinSCP or Notepad++ or portable browsers. Right now that works fine even without admin rights, because these programs don't need to be installed into the system itself. But if they change to only allow running signed apps?
Maybe it'll be a big enough problem that they'll give me a Linux system. I mean I'm doing all my work on *nix servers anyway...well, that's a nice dream at least...