From the horse’s mouth
If you have heard the news over the last few month, you will have heard about ransomware activity in the form of the WannaCry and Petya ransomware variants getting at major installations including the NHS and the Victorian traffic-camera infrastructure.
But Microsoft has attacked this problem in a different way by providing application-level control for the next major update for Windows 10 – the Fall Creator’s Update. It is part of refining the Windows Defender security software that is part of the operating system for improved business-tier data security.
It is a very similar process to what Android and iOS do in relation to allowing the user to control what apps have access to what resources and features on their smartphone or tablet. It is also in contrast to how regular-computer operating systems work when it comes to controlling the level of access granted to a computer’s file system, where users or groups of users are typically granted particular levels of access to folders or files.
Here, once you enable the Controlled Folder Access function, applications can’t add, modify or delete files in folders where this control exists unless the app is part of a user-defined whitelist. The routine for adding an app to the whitelist will be very similar to what you do on your iPhone or Android phone when it comes to allowing that app you newly downloaded to have access to a particular resource on your smartphone and could occur during installation or when you first use that app after enabling Controlled Folders.
By default, this feature would be enabled for the Documents, Desktop, Pictures and Videos folder trees but you can enable this feature for other folders such as “ad-hoc” work folders created on the system disk or other fixed storage on your system. I am not sure is this is also to apply to removable storage like USB hard disks, USB memory keys or SD cards, or whether this can also apply to network and online storage like your NAS shares or your Dropbox folder.
A question that can also be raised is whether the Controlled Folder feature will also provide a way to limit access to other system resources by apps. Here, it could range from access to network and Internet resources to prevent spyware from “phoning home” or to limit access to your computer’s Webcam and microphone to limit use of these resources as a surveillance tool.