Latest MS Security Tool Requires Windows Reinstall
Microsoft is releasing a major security update to Windows 11 that could theoretically block malicious applications completely. It's such a fundamental change in the operating system that it will require a reset and clean installation of Windows.
At the moment, most of the built-in security on Windows uses two main approaches. One is to scan any files or links the user wants to open or download, then alerts the user if they match any know threats. This is referred to as file and link scanning. The other is to scan files on the hard drive to look for anything suspicious. This is usually done in an automated fashion (schedule scan) or a manual scan initiated by the user.
Smart App Control goes beyond all of that as it's built directly into Windows "at the process level", meaning it can control which applications are running at any given moment.
Smart App Control Uses AI Model
An application can get approved in two ways.
One is that it has a code certificate (a digital signature) that proves it comes from a trusted source. The other is that Microsoft gives it the thumbs up after assessing it through an artificial intelligence model. Microsoft says this model is updated "24 hours a day [based] on the latest threat intelligence that provides trillions of signals." (Source: microsoft.com)
The feature will be included automatically on all new Windows 11 machines. It's not clear yet if users can switch it off, though it would certainly be unpopular if that's not the case. As solid as this feature looks in principle, it's going to be incredibly frustrating if it blocks legitimate applications that it has mistakenly labeled a risk - especially if the user has no way to disable it.
Clean Reinstall
For machines already running Windows 11, the feature is too much of an overhaul to install through a normal update. Instead, the user will have to reset the computer and carry out a clean installation of Windows 11. (Source: pcworld.com)
That's certainly less of a hassle than with some previous versions of Windows and it's relatively straightforward to do without losing any personal documents. However, it's still a big ask for casual users, particularly the ones who might benefit the most from automated security features that work in the background without any need for active configuration.
What's Your Opinion?
Is this a smart feature to add? Do you trust it will correctly identify rogue and legitimate applications? Would you be willing to do a fresh Windows install to get the feature?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
Smart App Control
Speaking from experience, the only time I've ever seen Smart App Control appear on the screen is when it's incorrectly labeled a file I want to execute as a threat. So, unless they've made really important changes to its ability to properly detect malicious behavior, I can't see it being useful. Also, having to reinstall Windows is like pulling teeth for most people.
Poor service from Microsoft
Given the state of correctness days, and the fact the Microsoft likely has tens of thousands of programmers,but not more, there is no reason why Microsoft can't automate a clean install to completely reinstall all the users' programs, etc., absent any infected ones. Analyze the customer's computer, then upload all necessary dated to reinstall, reinstall Windows 11 from scratch,then reinstall all the programs, etc.
This would prevent catastrophic losses for many authorized users who lack IT support. Only reason I can think for MS not to is they "don't have to." Time for the FCC to step up and represent the little guy.
Clean install is a no starter for me
I have probably close to 200 games alone on my PC not to mention the rest of my applications.
Reinstalling all of that would be a nightmare.
Not to mention, as you say, what happens when it misidentifies something?
They really are making migrating to Windows 11 unattractive for many.
Simply not losing documents really isn’t redeeming.
Exactly!!!
Exactly!!!
Clean Install = No
I got a new laptop a few months ago, and I just started using it full time a few weeks ago, because that's how long it took me to get it configured the way I want it. I go many years between buying a new laptop for the very reason that I do not want to "start over" with a clean install any more often than absolutely necessary.
All for it provided that...
I'm all for it provided that it can be configured by the admin on the PC. These days a fresh install is pretty damn simple, and I've documented the hell out of all of my required applications and have got the latest setup files in a share on my NAS. I try to perform complete wipe/fresh install at least annually - so yes, I'm all for this type of service.
You're lucky. For most
You're lucky. For most individual users and small companies, etc., it would be a nightmare at best and a catastrophe if anything goes wrong. Plus all the public agencies that scrape along, technologically.