Signed applications and consent prompts: How Windows is to become more secure

Microsoft has announced two new security initiatives for Windows. Specifically, “Windows Baseline Security Mode” and “User Transparency and Consent” are intended to better protect the operating system from unwanted changes by applications – i.e., malware – in the future.

The innovations are part of the company-wide Secure Future Initiative (SFI) and the Windows Resiliency Initiative. According to Microsoft, applications should no longer overwrite user settings, install additional software, or change core operating system functions without the user's knowledge.

Runtime integrity protection active by default

Windows Baseline Security Mode activates runtime integrity safeguards by default. The system will then only allow signed applications, services, and drivers. This is intended to protect against manipulation or unauthorized changes. Users and IT administrators can define exceptions if necessary. Developers will receive APIs to query the status of protection functions and check for exceptions.

The second initiative, User Transparency and Consent, introduces consent prompts similar to those found on smartphones. Windows will therefore ask for permission in the future when apps want to access sensitive resources such as the file system, camera, or microphone. The installation of unwanted software should also no longer be possible without explicit consent. Users can review and change their decisions at any time.

Phased rollout planned

Microsoft plans a phased rollout of the new security measures – according to the announcement in partnership with developers, businesses, and partners. Initially, users and IT departments will gain better insights into app access. In parallel, tools and APIs will be provided for developers. The exact timeline is not yet known.

(fo)