I didn’t pay enough attention to the security announcements that came out of this week’s Windows 11 hybrid work event. Because at least one of the new security-related features that I didn’t write up does deserve a mention.
It’s called Smart App Control.
“Smart App Control is a major enhancement to the Windows 11 security model that prevents users from running malicious applications on Windows devices that default blocks untrusted or unsigned applications,” Microsoft vice president David Weston explains. “It goes beyond previous built-in browser protections and is woven directly into the core of the OS at the process level. Using code signing along with AI, our new Smart App Control only allows processes to run that are predicted to be safe based on either code certificates or an AI model for application trust within the Microsoft cloud. Model inference occurs 24 hours a day on the latest threat intelligence that provides trillions of signals.”
Smart App Control is interesting because it will be enabled by default on new Windows PCs in the future. But if you upgrade to whatever version of Windows 11 that enables this feature on an existing install, you will have to use Reset this PC to reset Windows 11 and clean install it. That is, I believe, unprecedented.
The problems with Microsoft’s other security announcements this past week, of course, are that we don’t know when these updates will occur, which customers will be impacted, and whether they require a commercial Microsoft 365 account or upgrade. That doesn’t excuse ignoring it, I guess, but it makes it hard to know which features will apply to all Windows 11 users. Including this one, actually.
Tagged with Security