A feature in the Windows Insider Preview Build 15042 allows administrators to block the installation of any Win32 application that is not fetched from Microsoft’s software marketplace.
This configurable barrier is a new option presented in the beta Windows build. Users – with admin account permissions – will be able to allow only store-sourced apps to be installed; say they “prefer” apps from the store – meaning they’ll be warned if they’re about to install software from outside the store; or turn off the block entirely and allow the installation of any application. This doesn’t affect already installed apps.
It bears noting that the feature is only being offered in the test “Insider” builds and has yet to be confirmed for the general public build of Windows or the upcoming Creators Update release, which is expected in April.
The setting would have an obvious benefit to security by steering users away from potentially backdoored copies of popular applications. By limiting the installation of software to the Windows Store, Redmond could help to ensure that only properly screened apps are installed and eliminate the possibility of users being duped into running malware packages.
Starting with 15042, you can block installation of Win32 apps on ANY edition. Even Enterprise. pic.twitter.com/MHzpBkNLE3
— Vitor Mikaelson 🦄 (@vitorgrs) February 26, 2017
At the same time, it would also likely be disabled almost immediately in many cases. Gamers, for example, would not want software that blocks third-party services such as Steam, while business users may rely on third-party applications or opt for their own admin controls.
If the setting sounds familiar, it is because Apple has a virtually identical set of controls for OS X. The Mac “Gatekeeper” mechanism allows users to limit the installation of new apps to only what is available on the Mac App Store, rather than any app with a valid developer certificate. (Gatekeeper is far from perfect.)
Both services seek to reflect the “walled garden” security approach that has been favored for mobile devices. While smartphones and tablets are a relatively new ecosystem, however, desktop PCs have long enjoyed a more open approach that allows applications to be obtained through third-party services, or in many cases, directly from the developer. ®
Source: SANS ISC SecNewsFeed @ February 27, 2017 at 06:09PM