It is somewhat disconcerting. These things could be a significant step forward for security, but what they feel more like is a company trying to push more of their business toward walled gardens and ad revenue. In other words, meet the new MS, same as the old MS.
@@mavrc To be honest, that's a big reason I daily-drive Linux for my home PC, despite all the cool things in Windows I'd love to get my programmer-y hands on. I have a very low tolerance for this sort of power imbalance. It's *MY* computer and it will do as I say. Maybe some day, once regulations (probably originating in the EU) catch up , similar to how the EU recently passed regulations which should force Apple to allow side-loading and user-replaceable batteries on iDevices. (To give some context for that aspect of my personality, I switched to Linux in response to Windows XP activation, and there was actually a period when I ripped out the update notifier on Lubuntu Linux and replaced it with a minimal hand-rolled one because someone removed the ability to disable the once-a-day "please reboot to apply a pending kernel update" pop-ups. I'm also only just now making plans to upgrade off a pre-UEFI machine.)
For App Signing, making code certificates easier to obtain would be nice (especially for open-source software). Requiring $250+ a year for code signing certificate makes it less likely for open source software developers to actually use code signing. Also, if code signing takes off significantly, it could be combined with the Web's way of Certificate Transparency. This ensures we have transparency (in the sense no apps are secretly signed). It can also be combined with CRLite so Smart App Control could be done mostly offline.
250$ a year to guarantee the safety of your software that is going to be used by hundreds, thousands, millions of people, is nothing. If you can't afford that and provide that security then either don't develop or start charging for what you make. the solutions are obvious.
@@HotCakeX Or … and just hear me out, software is already manually verified to *not* be malware if it gets through winget and if you think $250 a year minimum (with some going 300+ (hence I put it 250+ and $250/year is in some countries only) is cheap? Oh and if you want to offer a macOS version, that is another $99/year to get a certificate for macOS. This is not including different currency exchange prices as the prices I listed are US dollars
@@ckingpro Winget doesn't verify the developer the same way a Certificate Authority does. Winget only verifies hashes. also, nobody said software developing and releasing it to people in the world is supposed to be cheap. it's just a corrupt ideology that open source developers and linux community invented.
@@HotCakeX you are moving goalposts again. You claimed it makes your app safer when winget already verifies your app is safe. Also “corrupt ideology” … just wow.
Great to see Microsoft finally starting to innovate again after a 16 year snooze. Thank you, this is legitimately exciting. Now grow some dignity and remove those damned ads from the start menu, please.
What, they tried a lot of things , windows devs are just too stubborn. This new way of doing security perhaps might work. It wouldn't be possible without the investment in infrastructure like containers and virtualization on Windows .
open source developers have been too lazy and cheap, getting away with bad software and vulnerabilities. Companies that provide code signing certificate must validate each developer and that costs money. Nothing is too expensive when it comes to the security of people using a software on their personal computers and work environments.
@@HotCakeX I don't use code signing anymore because it's just a scam. Organized by Microsoft and its partners to charge companies or independent developers. If Microsoft really liked developers and its customers, it wouldn't force devs to use the Microsoft Store which is the only way to have a cheap code signing.
About Win32 isolation, does it mean I can isolate any executable without any code change? Like restricting file access for a suspicious installer downloaded from web? If so, then this is the Docker-like lightweight Windows app sandbox I've dreaming for years!
@@ckingpro Windows Sandbox is a great tool, but too cumbersome to have a fresh blank every time. Lighter weight, ready to go with isolation seems like the next logical step.
Yes, but it's only for developers to isolate their apps, not for consumers to be able to isolate any app they download, and the developers have to run the app without isolation first.
I honestly don't see the app isolation side of this taking off for general applications, and Notepad++ is a perfect example of why. The required file access for NP++ is unbounded - it should be able to open every single file on the system, wherever it is. If you set up the policy to say "by default it can access Documents, but you can grant it access to anything else on an individual basis", all you're doing is adding busywork for the user in exchange for no practical security benefit, because anyone who does use NP++ is going to grant that access, and if you install the app but don't use it then there's no security impact in the first place. This isn't even a technical user thing - people are going to want to open text files from USB drives and other non-C:\ fixed drives. If you don't allow additional resources to be granted access, you're basically asking the user to copy the file into the documents path, edit it, then copy it back. A more permissive policy that allows access to everything except system directories, program files, etc. might be alright, but that still adds friction and it's not the only problem with this approach. The prospect of "oh just get your users to return ETLs" is pie-in-the-sky thinking. I laughed when it was mentioned. Nobody is going to do that! It's funny that selinux policies were mentioned earlier on, because it has exactly the same problem. On top of that, nobody wants to debug why their app crashes in an obscure code path where it accesses some random registry key that wasn't spotted by the capability profiler, and nobody wants to debug this when the app supports 3rd party plugins. Sandboxing off other resources like COM, object namespaces, etc. is cool, because that's much less of a chore to manage, but prescriptive registry and file access policies are just too much of a maintenance hassle. If this ends up being mandatory for MSIX deployment, 99% of apps are not going to use it, and it'll suffer the same fate as UWP. There's some great stuff in here but the app isolation just seems like the same stuff Microsoft tried before but with a new name, new tooling, and the same practical usability problems. I'm willing to be proven wrong but I strongly suspect that this isn't going to meet the "don't annoy the user" and "make it easy for devs" goals that were espoused at the start of the talk.
@@acuteaura Assuming you work with notepad++ by going to it and using the File -> Open dialog, instead of going to the file in your file manager and Open With -> Notepad++
Ideally, this would work like it does in UWP, where the app doesn't have access to arbitrary files, but if the user opens the file via a file picker in the app, or if the user opens the app by clicking on that file, then access to that file is granted.
Literally peoples only issue with 11 design is a couple tiny things "I can't move the task bar" they are very likely to change this but you can use an app to do so. "I don't like the new context menu" - Then change it back. The main reason people dont like the new one is just because new software doesn't support it yet. Give it time, its actually a LOT cleaner and less cluttered. Other than that.. pretty much everything else is better. The settings has more things that dont require old control panel. File explorer and notepad now has tabs. New Terminal (which is incredible) is actually default now, not the shit-tier command prompt and powershell that didn't change for like 20 years. Blutooth is actually quick-accessible now via taskbar, instead of opening a whole window. Security is better. CPU Scheduler for alderlake and raptorlake is better. There's so many more things I can say but.. stop being a sheep and try 11. I thought I would hate it from everyone saying it was bad. But i moved over a few months ago and actually love it. It's a lot faster too.
@@trignite nope. installed and used it for about an hour. count about 10 things they worsen and only one improvement. not a great score. fuck this shit. it's 8 and their stupid decision to fix what's never been broken all over again
@@avibenavraham Are you parasites still shooting palestinian children just for throwing rocks at your tanks? Or forcefully sterilizing blacks who don't want to get kicked out of the land you stole? Are you still throwing radioactive materials from planes on top of palestinians in order to track their movements?
you will never stop the hackers ever Microsoft knows that. MS add useless stuff and create more bugs on every new update. Did you even listen to customers? we are tired of your useless stuff / simple OS like windows 7 is more functional than windows 10 and 11.
It would be a great sign to get all these things, and not have ads in the start menu, file explorer, and system settings screens.
It is somewhat disconcerting. These things could be a significant step forward for security, but what they feel more like is a company trying to push more of their business toward walled gardens and ad revenue. In other words, meet the new MS, same as the old MS.
@@mavrc To be honest, that's a big reason I daily-drive Linux for my home PC, despite all the cool things in Windows I'd love to get my programmer-y hands on. I have a very low tolerance for this sort of power imbalance. It's *MY* computer and it will do as I say.
Maybe some day, once regulations (probably originating in the EU) catch up , similar to how the EU recently passed regulations which should force Apple to allow side-loading and user-replaceable batteries on iDevices.
(To give some context for that aspect of my personality, I switched to Linux in response to Windows XP activation, and there was actually a period when I ripped out the update notifier on Lubuntu Linux and replaced it with a minimal hand-rolled one because someone removed the ability to disable the once-a-day "please reboot to apply a pending kernel update" pop-ups. I'm also only just now making plans to upgrade off a pre-UEFI machine.)
Get well Dia
For App Signing, making code certificates easier to obtain would be nice (especially for open-source software). Requiring $250+ a year for code signing certificate makes it less likely for open source software developers to actually use code signing.
Also, if code signing takes off significantly, it could be combined with the Web's way of Certificate Transparency. This ensures we have transparency (in the sense no apps are secretly signed). It can also be combined with CRLite so Smart App Control could be done mostly offline.
250$ a year to guarantee the safety of your software that is going to be used by hundreds, thousands, millions of people, is nothing. If you can't afford that and provide that security then either don't develop or start charging for what you make. the solutions are obvious.
@@HotCakeX Or … and just hear me out, software is already manually verified to *not* be malware if it gets through winget and if you think $250 a year minimum (with some going 300+ (hence I put it 250+ and $250/year is in some countries only) is cheap? Oh and if you want to offer a macOS version, that is another $99/year to get a certificate for macOS. This is not including different currency exchange prices as the prices I listed are US dollars
@@ckingpro Winget doesn't verify the developer the same way a Certificate Authority does. Winget only verifies hashes.
also, nobody said software developing and releasing it to people in the world is supposed to be cheap.
it's just a corrupt ideology that open source developers and linux community invented.
@@HotCakeX you are moving goalposts again. You claimed it makes your app safer when winget already verifies your app is safe. Also “corrupt ideology” … just wow.
@@HotCakeX 🤡
Great talk, David!
Great to see Microsoft finally starting to innovate again after a 16 year snooze. Thank you, this is legitimately exciting. Now grow some dignity and remove those damned ads from the start menu, please.
What, they tried a lot of things , windows devs are just too stubborn.
This new way of doing security perhaps might work.
It wouldn't be possible without the investment in infrastructure like containers and virtualization on Windows .
can pluton firmware updated from Linux too ?
I assume the James he was referring to at 2:08 is James Forshaw? :D
Get well, Dia
MSIX is good. But code signing is the problem for small project or Open Source one. Too expensive.
open source developers have been too lazy and cheap, getting away with bad software and vulnerabilities. Companies that provide code signing certificate must validate each developer and that costs money.
Nothing is too expensive when it comes to the security of people using a software on their personal computers and work environments.
@@HotCakeX “open source developers… getting away with bad software and [vulnerabilities]” just wow
@@HotCakeX I don't use code signing anymore because it's just a scam. Organized by Microsoft and its partners to charge companies or independent developers. If Microsoft really liked developers and its customers, it wouldn't force devs to use the Microsoft Store which is the only way to have a cheap code signing.
@@MrBrouilles Lol you have no idea what you are talking about. just stop embarrassing yourself any more.
@@HotCakeX Except for poor people.
About Win32 isolation, does it mean I can isolate any executable without any code change? Like restricting file access for a suspicious installer downloaded from web?
If so, then this is the Docker-like lightweight Windows app sandbox I've dreaming for years!
Could your use case be handled by the Windows Sandbox?
@@ckingpro Windows Sandbox is a great tool, but too cumbersome to have a fresh blank every time. Lighter weight, ready to go with isolation seems like the next logical step.
@@keyboard_g interesting idea! I see what the original poster meant better now
Yes, but it's only for developers to isolate their apps, not for consumers to be able to isolate any app they download, and the developers have to run the app without isolation first.
Great speaking skills David. Nice presentation.
Arak is my favorite ;)
I honestly don't see the app isolation side of this taking off for general applications, and Notepad++ is a perfect example of why. The required file access for NP++ is unbounded - it should be able to open every single file on the system, wherever it is. If you set up the policy to say "by default it can access Documents, but you can grant it access to anything else on an individual basis", all you're doing is adding busywork for the user in exchange for no practical security benefit, because anyone who does use NP++ is going to grant that access, and if you install the app but don't use it then there's no security impact in the first place. This isn't even a technical user thing - people are going to want to open text files from USB drives and other non-C:\ fixed drives. If you don't allow additional resources to be granted access, you're basically asking the user to copy the file into the documents path, edit it, then copy it back. A more permissive policy that allows access to everything except system directories, program files, etc. might be alright, but that still adds friction and it's not the only problem with this approach.
The prospect of "oh just get your users to return ETLs" is pie-in-the-sky thinking. I laughed when it was mentioned. Nobody is going to do that! It's funny that selinux policies were mentioned earlier on, because it has exactly the same problem. On top of that, nobody wants to debug why their app crashes in an obscure code path where it accesses some random registry key that wasn't spotted by the capability profiler, and nobody wants to debug this when the app supports 3rd party plugins. Sandboxing off other resources like COM, object namespaces, etc. is cool, because that's much less of a chore to manage, but prescriptive registry and file access policies are just too much of a maintenance hassle. If this ends up being mandatory for MSIX deployment, 99% of apps are not going to use it, and it'll suffer the same fate as UWP.
There's some great stuff in here but the app isolation just seems like the same stuff Microsoft tried before but with a new name, new tooling, and the same practical usability problems. I'm willing to be proven wrong but I strongly suspect that this isn't going to meet the "don't annoy the user" and "make it easy for devs" goals that were espoused at the start of the talk.
Notepad++ is the ideal app for file/folder picker portals instead of unbounded filesystem access though.
@@acuteaura Assuming you work with notepad++ by going to it and using the File -> Open dialog, instead of going to the file in your file manager and Open With -> Notepad++
Ideally, this would work like it does in UWP, where the app doesn't have access to arbitrary files, but if the user opens the file via a file picker in the app, or if the user opens the app by clicking on that file, then access to that file is granted.
Well, better late than never I guess.
✌️ "Promo SM"
nice try, ms, but no. return 10's sane design
Literally peoples only issue with 11 design is a couple tiny things "I can't move the task bar" they are very likely to change this but you can use an app to do so. "I don't like the new context menu" - Then change it back. The main reason people dont like the new one is just because new software doesn't support it yet. Give it time, its actually a LOT cleaner and less cluttered. Other than that.. pretty much everything else is better. The settings has more things that dont require old control panel. File explorer and notepad now has tabs. New Terminal (which is incredible) is actually default now, not the shit-tier command prompt and powershell that didn't change for like 20 years. Blutooth is actually quick-accessible now via taskbar, instead of opening a whole window. Security is better. CPU Scheduler for alderlake and raptorlake is better.
There's so many more things I can say but.. stop being a sheep and try 11. I thought I would hate it from everyone saying it was bad. But i moved over a few months ago and actually love it. It's a lot faster too.
@@trignite nope. installed and used it for about an hour. count about 10 things they worsen and only one improvement. not a great score. fuck this shit. it's 8 and their stupid decision to fix what's never been broken all over again
@@trignite agree with all of this, I think Windows 11, while it has its own issues, is massively underrated.
lot of dalvikvm politics
damn.... time to switch back to linux then i guess :^)
bye
bye
Why are you pronouncing Latin phrases with English pronunciation?
Cool. Also free Palestine!
It’s been free since 1948
Free palestine
@@avibenavraham if you define "free" as being under military apartheid rule and legally discriminated against
@@coolbugfacts1234 Jordan is under military occupation and apartheid? Wow, I had no idea
@@avibenavraham Are you parasites still shooting palestinian children just for throwing rocks at your tanks? Or forcefully sterilizing blacks who don't want to get kicked out of the land you stole? Are you still throwing radioactive materials from planes on top of palestinians in order to track their movements?
ZorinOS is looking like a better option everyday that passes.
Free phalestine falasine Palestine 🇵🇸
monkey said "cool"
you will never stop the hackers ever Microsoft knows that.
MS add useless stuff and create more bugs on every new update. Did you even listen to customers? we are tired of your useless stuff / simple OS like windows 7 is more functional than windows 10 and 11.
Lets get rusty
ok default to l1nux it is.