• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Editorial Microsoft Adds Ability to Block Win32 Apps from Install on Windows 10

R-T-B

R-T-B

Supporter
Joined
Aug 20, 2007
Messages
22,246 (3.44/day)
Location
Olympia, WA
System Specs
System Name Pioneer
Processor Ryzen 9 9950X
Motherboard MSI MAG X670E Tomahawk Wifi
Cooling Noctua NH-D15 + A whole lotta Sunon, Phanteks and Corsair Maglev blower fans...
Memory 128GB (4x 32GB) G.Skill Flare X5 @ DDR5-4200(Running 1:1:1 w/FCLK)
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 5800X Optane 800GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs, 1x 2TB Seagate Exos 3.5"
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64, other office machines run Windows 11 Enterprise
In a story headline that is sure to ruffle some reader's feathers, Microsoft has done exactly that: Added the ability to block installation of any app using the oldest remaining major API in Windows: Win32.

But hold on to your nerd-battlewagons, brave tech warrior. Microsoft is not enabling this feature by default. It is currently only in an experimental build, and per MS, it will not be on by default in any mainline build ever produced. It's simply there for "added security."

And yet, is this not a sort of admission of Win32's supposed inferiority from Microsoft? The fact that you can block this and not block the Windows Universal apps is in a way saying "here, these are safe. No, win32 is not."

Oh, and yes, if there is any question, this is an editorial in the fullest sense of the word. Enjoy.




What makes the Universal Windows platform safe? Is it the sandboxing inherent to the platform? Is it the finer grained permissions system the API provides? Yes, to a degree maybe. But I think the main tactic that Microsoft is taking to keep you safe is to take you out of the driver seat.

Think about that for a bit. That "Windows Store?" Is it any different from Apple's "App Store?" Who controls it? Who decides what gets in and what doesn't? What you see and what you don't? Here's a clue: It isn't the users. Even the word "App" is offensive to me personally, as a power user. I mean what the heck is an "app" anyways and where did my "applications" go? Was the word seriously too big to comprehend so they had to stupify it for the average user?

And yet, as I write this, I feel a tinge of remorse. I don't need this restraint. I don't need that MS-nanny-state watching over me. But I know a lot of people who do. Family. Elderly. People I love. People who mean well but don't know any better. Why should they? It took me most of my life to get here? Can I honestly ask them to devote the same dedication? Is that fair?

But still, this strikes me in an odd place. On one hand, I see it as good as I can turn this on for "problem users." On another hand, I can't help but see it as the first nail in the coffin of an API that puts you in the driver seat and makes you responsible for whatever you do there. Yes, that driver seat has power, and can do awesome things. It can also make you crash in a ditch and no amount of singing "Jesus Take the Wheel" will save you from something like a cryptolocker malware. I want to protect those people, but if MS ever pulls the plug on an API where I'm in charge and can wreck my computer properly, the next thing I'll be installing is the nearest OS that lets me break things again.

So, fellow user, I then turn the discussion to you. Where do you draw the line? When is too much taken away, and how much do we need to take away to protect those who are for lack of a better term "menaces on the highway?" What about those like me, who are menaces on the highway no matter what you do? Hmmm?

View at TechPowerUp Main Site
 
Last edited:
If you can get by with everything you need through the Windows Store, enabling this security feature will disable 99.9% of viruses out there for Windows.

Apps can do harmful things but if they do, Microsoft reserves the right to remove them from the store. In this regard, it makes your desktop as secure as, for example, an iPhone.

It won't work for most people which is why they have it disabled by default. I can certainly see why they're making it an option (it's cheap to add and it ramps up the security a near infinite fold).


I already know someone that literally operates off Microsoft Edge and this would be perfect for her because it shuts out most harmful things found on the internet.


Edit: Two words: group policy. This is something enterprise customers want so Microsoft is giving it to them. Group policy has a lot of crazy restrictive settings in it but most users are completely clueless to it. I don't think it is anything to get worked up about.

Win32 is literally Microsoft's bread and butter. It's not going away any time soon. To disable it is to forbid decades worth of software from running.
 
Last edited:
FordGT90Concept said:
If you can get buy with everything you need through the Windows Store, enabling this security feature will disable 99.9% of viruses out there for Windows.

Apps can do harmful things but if they do, Microsoft reserves the right to remove them from the store. In this regard, it makes your desktop as secure as, for example, an iPhone.

It won't work for most people which is why they have it disabled by default. I can certainly see why they're making it an option (it's cheap to add and it ramps up the security a near infinite fold).


I already know someone that literally operates off Microsoft Edge and this would be perfect for her because it shuts out most harmful things found on the internet.
Click to expand...

Yeah, if you can't tell by the editorial, I know a few who would benefit too.

I'm just concerned about the fact its possibly a step towards putting Win32 in a coffin. Albeit a small one. But we all start somewhere.

Right now, just a discussion starter more than a serious issue.

PS: I'm very tired today, so this is a bit more of a "wild and loose" editorial than my usual.
 
Oh, wow
M$ starting to make own app ecosystem in Windows now ?

Android and Apple has own app store
99% user using it just fine

and Windows starting to coerce user with it in Windows

so much for your 'security feature'
 
chaosmassive said:
so much for your 'security feature'
Click to expand...

That's my biggest issue with app stores really, is that I'm surrendering content control to a third party.

Some people need this. I certainly do not.
 
R-T-B said:
That's my biggest issue with app stores really, is that I'm surrendering content control to a third party.

Some people need this. I certainly do not.
Click to expand...

its kinda 'mother knows best' things
 
R-T-B said:
Yeah, if you can't tell by the editorial, I know a few who would benefit too.

I'm just concerned about the fact its possibly a step towards putting Win32 in a coffin. Albeit a small one. But we all start somewhere.

Right now, just a discussion starter more than a serious issue.

PS: I'm very tired today, so this is a bit more of a "wild and loose" editorial than my usual.
Click to expand...
I think worst case scenario is Microsoft enables it by default (like UAC) with major caution/warning telling users that disabling could expose the computer. I can't see them ever completely disabling it because the performance difference between UWP and Win32 is significant. They would lose too many customers if they didn't leave it.
 
Dual Boot W10 with W7 or WXP
 
That second picture in the OP reminds me of trying to run a Win16 application on Windows 64-bit.


Edit: Also, the PortableExecutable (PE) header Win32 uses is archaic (literally designed more than two decades ago). Microsoft should maybe pursue creating an alternative to Win32 that isn't a walled garden.
 
90% of the Games and Software out there are still using Win32 executables...
 
Totally agreed with the editorial, personally I have a phobia for apps, they take the control away from you. Taking about security risk, what about the apps of the Windows store that are in themselves a security risk, and if so, will Microsoft takes responsibility for that. In my newly install Windows got crippled by Windows apps, namely I cannot update the graphic driver, and I cannot restore Windows to an early point. It costs me A$150 to get it check out. And I am advised not to any of the Windows apps in the meantime, until Windows store got the fix. But they've never informed you that Windows store got corrupted in the first place, how are they going to inform you it got the fix?
 
FordGT90Concept said:
That second picture in the OP reminds me of trying to run a Win16 application on Windows 64-bit.
Click to expand...

Lol it is, I just picked it because I found it funny that an application called "Hope" was claiming it failed to run as win32. Went with my article's theme of "hope" for Win32's future slowly dwindling, in my very tired state of mind. :)
 
So, this is really happening. We've been talking about this with AVAST Software staff during our meeting last month. Microsoft is trying to lock the OS down to what Apple has and wants to limit ecosystem around their dumb universal whatever apps. Despite malware and stuff, this is the future I don't want. If I'd want stupid Apple and their Mac, I'd be using that. I'm on Windows for a reason. And that reason is universal modularity and freedom of what I bloody want to run and from where.
 
RejZoR said:
So, this is really happening. We've been talking about this with AVAST Software staff during our meeting last month. Microsoft is trying to lock the OS down to what Apple has and wants to limit ecosystem around their dumb universal whatever apps. Despite malware and stuff, this is the future I don't want. If I'd want stupid Apple and their Mac, I'd be using that. I'm on Windows for a reason. And that reason is universal modularity and freedom of what I bloody want to run and from where.
Click to expand...

I hear that!
 
There have already been write ups, about version of OS for institutions without dedicated or outsourced administrator. Microsoft is simply trying to match Google and Apple.
@RejZoR , you don't seem to know how that works. there are similar options in the Apple system. Only App Store, Signed Apps or anything.
 
Fierce Guppy said:
"Windows Store"? What is this thing of which you speak?
Click to expand...
Indeed, it's the first thing i uninstalled with Powershell, together with the Xbox App.
 
The problem with this is that it may be a way to gradually force you into the store.
In the past Telemetry was also opt-in. Then it was opt-out. Now you can´t turn it off unless you buy the enterprise version of Win10.

In a few months we will have the free Windows 10 Cloud OS with no Win32 app support. To be able to use Win32 apps you'll need to buy a home/pro license for $150 (if you don´t have one already). And some years from now it may be only available on enterprise versions.
I wouldn´t be surprised if some manufacturers start shipping their PCs/laptops with Win 10 Cloud only.

And BTW, looking at the current trends, it´s only a matter of time before the paid version of Windows becomes a subscription service too.
 
Last edited:
FordGT90Concept said:
If you can get by with everything you need through the Windows Store, enabling this security feature will disable 99.9% of viruses out there for Windows.

Apps can do harmful things but if they do, Microsoft reserves the right to remove them from the store. In this regard, it makes your desktop as secure as, for example, an iPhone.

It won't work for most people which is why they have it disabled by default. I can certainly see why they're making it an option (it's cheap to add and it ramps up the security a near infinite fold).


I already know someone that literally operates off Microsoft Edge and this would be perfect for her because it shuts out most harmful things found on the internet.


Edit: Two words: group policy. This is something enterprise customers want so Microsoft is giving it to them. Group policy has a lot of crazy restrictive settings in it but most users are completely clueless to it. I don't think it is anything to get worked up about.

Win32 is literally Microsoft's bread and butter. It's not going away any time soon. To disable it is to forbid decades worth of software from running.
Click to expand...
What about the apps from Windows Store that got the bugs? What more, Windows seem to be oblivious to them.
 
Tim Sweeney's gonna have a field day with this...

FordGT90Concept said:
I think worst case scenario is Microsoft enables it by default (like UAC) with major caution/warning telling users that disabling could expose the computer. I can't see them ever completely disabling it because the performance difference between UWP and Win32 is significant. They would lose too many customers if they didn't leave it.
Click to expand...

For which API, UWP or Win32? Care to elaborate?
 
You thought the anti-trust lawsuits over AV & Web Browsers was big, if Microsoft actually made this default, they would be dwarfed by magnitudes. Not to mention Enterprise would freak the fuck out and expedite moves to any platforms it can.

All this is ultimately is tin foil hatting.
 
MS is gonna get some flak soon... expect them to get burned gloriously.
 
You must log in or register to reply here.
Back
Top