Opinion: User control is also the wrong way for Windows
Microsoft announces significantly stricter security measures for Windows – which are at least questionable to counterproductive, analyzes Moritz Förster.
(Image: heise medien)
Microsoft has announced comprehensive changes to the Windows security architecture that, at first glance, sound like progress – but reveal significant vulnerabilities upon closer inspection. In the future, two new mechanisms are intended to provide greater transparency and control: the “Windows Baseline Security Mode” and extended user permissions under the label “User Transparency and Consent”. However, both approaches raise central questions that Microsoft has so far left unanswered.
The new Baseline Security Mode is intended to allow only signed applications, services, and drivers to run by default. From the perspective of many security officers, this may be a sensible measure against malware, but it significantly restricts users' freedom to use their Windows PC as they wish – were it not for the opt-out model. Users and IT administrators can define exceptions for individual apps, thereby deliberately circumventing the protective function.
It is precisely because of this possibility that, from a security perspective, a potential backdoor remains: once a system is compromised, attackers can, in principle, manipulate or define these exceptions themselves. In the end, Microsoft cannot satisfy either side in the tightrope walk between security and user-friendliness. Looking beyond the obvious shows that Apple's comparable approach with macOS is only moderately well-received by users.
Microsoft's announcement also remains vague regarding the technical implementation. The company speaks of “Runtime Integrity Safeguards” without specifying how they differ from existing mechanisms such as Smart App Control. The latter uses cloud-based reputation checks and machine learning to block suspicious software before it starts. The Baseline Security Mode apparently aims to take a broader approach, monitoring services and drivers at runtime – but Microsoft has not yet disclosed how this check is to be carried out.
Fragmentation and legacy problems are pre-programmed
What is already certain, however, is that the situation will be particularly problematic for corporate IT and organizations with older applications. Unsigned legacy software will be blocked under the new regime unless administrators manually configure exceptions. This means considerable administrative effort for many IT departments – and the risk of a fragmented application landscape. Furthermore, developers who cannot or do not want to afford the resources for code signing will be effectively excluded from a large part of the Windows user base. This particularly affects open-source projects and developers who cannot or do not want to afford expensive code-signing certificates from Microsoft.
Microsoft plans a phased introduction without specifying concrete timelines or milestones. If the new security measures are to take effect quickly, a start as early as the Windows Insider Preview in mid-2026, for example in version 26H2 – or a future Windows 12 – would be conceivable. Which concrete APIs and tools the company will provide to developers to adapt their software also remains unclear. Microsoft merely refers to upcoming blog posts and feedback channels – a strikingly thin basis of information for such a far-reaching change in Windows.
Permission requests modeled after smartphones
The second new security pillar is just as double-edged: extended permission requests, as known from iOS and Android. In the future, apps will have to ask users for permission before accessing files, cameras, or microphones. While macOS and mobile operating systems have enforced granular permissions for years, Windows is indeed significantly lagging behind in this regard.
However, an old problem looms here too: Prompt Fatigue, the exhaustion caused by too many permission requests. Microsoft promises “clear and actionable prompts” but provides no details on how the operating system will avoid overwhelming users with pop-ups. It also remains open how the system will handle AI agents that are increasingly acting autonomously. Microsoft mentions “higher transparency standards” for such applications – without, of course, explaining their implementation.
Videos by heise
Performance degradation and data protection concerns
Moreover, the planned runtime checks are likely to negatively impact system performance, especially on computers with many installed applications. Or on already aging PCs in many offices. Every check costs processing time and, moreover, working time – an overhead that Microsoft has not yet quantified.
From a data protection perspective, the extended monitoring of app activities also raises questions. To ensure transparency, the operating system must continuously record which application is accessing which resources. This telemetry data could become problematic if transferred to the USA, especially in the context of the General Data Protection Regulation (GDPR). Microsoft does not comment on how this data will be stored, processed, or possibly transferred.
So, should everything remain as it was with Windows? No – but it was precisely the open system that led to the PC's success a long time ago. Users were allowed to install and run whatever they wanted. Unlike the previous computer world in companies. That security must play a greater role today is undisputed. But instead of achieving it through isolation and user control, a better design of the system itself and, above all, reliable updates would be the right way.
(fo)
