• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.
  • The forums have been upgraded with support for dark mode. By default it will follow the setting on your system/browser. You may override it by scrolling to the end of the page and clicking the gears icon.

Microsoft Readies Security Feature-Update for Windows 11 Needing an OS Reinstall to Use

thanks Microsoft for giving me even more reasons to NEVER DOWNGRADE to Win11.
i'll keep with Win10 all tweaked with faster performance
 
Man talk about a tonne of doom & gloomers.

For those of us in the Enterprise space, this is great. Whilst a form of this has been available for a while using Smartscreen lists at an OS level, this gives a much higher layer of application validation before run. But for everyone petrified of it, there will be an option to disable it, because if they enforced it it wouldn't survive anti-trust in the EU.

On a larger scale however I will say this however, this is how modern operating systems are made (look at iOS, Mac & Android for comparison, much of the same). If you don't like this, stop whining & move to Linux.
Or you know, we can keep Enterprise stuff for Enterprise and leave the stuff you use at home (and not work) out of it.

I know, a novel idea.
 
Or you know, we can keep Enterprise stuff for Enterprise and leave the stuff you use at home (and not work) out of it.

I know, a novel idea.

There's literally a big opt out button, lol.
 
They have reinvented the wheel, seems a fancy version of Applocker, which for some reason they dont want to let consumers use so they have devised this instead wtf.

Granted its not exactly the same but on a basic principle Applocker (and SRP) can be configured to only allow trusted signed binaries to run from specific locations, the features have been available for a decade plus now but never enabled on consumer windows.
 
There's literally a big opt out button, lol.
Until there isn't one.

I don't understand how "lol there's an opt out button" is a counter to "keep Enterprise stuff out of home (and not work) out of it".

An "opt out" is only an option until there isn't one and we all know how trust worthy MS has been over the years with opt out options. Kind of like being able to opt out of certain updates until you can't (ala W11).
 
Until there isn't one.

I don't understand how "lol there's an opt out button" is a counter to "keep Enterprise stuff out of home (and not work) out of it".

An "opt out" is only an option until there isn't one and we all know how trust worthy MS has been over the years with opt out options. Kind of like being able to opt out of certain updates until you can't (ala W11).

Because if there isn't they get a anti-trust suit from the EU. But see my original post, this is how modern operating systems are designed as there are significant security benefits from maintaining some degree of supply chain trust. If you don't like this, stop complaining and move to Linux.
 
  • Like
Reactions: SL2
This must change the bootable part of the OS, those fun little hidden partitions we know and love


It's not something they'll force on people, unless they hate existing
 
In other news: Drinking beer is still legal, but will it be tomorrow? [/s]

I'm so tired of all this FUD. We all hate Windows but we can't live without it, so bitterness and conspiracy theories keeps growing. Still, TPU is nowhere as bad as NBR forums back in the day lol..
 
Given their resources, Microsoft really needs to bite the bullet and release a gaming version of Windows.
 
Until there isn't one.

I don't understand how "lol there's an opt out button" is a counter to "keep Enterprise stuff out of home (and not work) out of it".

An "opt out" is only an option until there isn't one and we all know how trust worthy MS has been over the years with opt out options. Kind of like being able to opt out of certain updates until you can't (ala W11).
Next up 15 opt-out buttons for your opt-out ala Edge.

but I'm with you on the work machine for work.

Home machines for not work, and hence this might be a stretch too far for homes, that said since I do keep more than one home pc I do like one of them to be as safe as possible for online banking, etc so it would get put on 1 of 3 of mine plus the 1 laptop I have from work will definitely get this, my IT guy in work is going to f$%$£in LOOOOOve this , not.
 
Given their resources, Microsoft really needs to bite the bullet and release a gaming version of Windows.
Hi,
I'd say kick 11 business/ enterprise off 11 pro version
First thing businesses would do is remove any gaming/ social apps off their installs so pro is the wrong version for them bottom line.
 
OK, never knew that. I don't have a Microsoft account & I have seen a small number of user(s) also claiming not to have one. It looks like I a maybe forced to open an account saving me storing multiple windows keys.

I have one but not used it for many years, they cannot stop spam hitting it so is make me think they would do any better with any thing else.
 
I can now say for certain Microsoft is going to get a huge backlash for this.
What are you doing Micro$oft?! First you blocked people now you want them to reinstall, reinstall really? That settles it i am going Linux the moment it can run all my games you can go downhill for all i care.
 
I can now say for certain Microsoft is going to get a huge backlash for this.
Nope. Most of the consumer/home user userbase won't give a shit about it because they quite simply don't give a shit about the OS internals, as long as their machines boot up correctly.

Enterprise is more tricky, but most medium/big-sized companies likely order prebuilts and laptops with exact same configuration in the dozens, hundreds or thousands. Just make a disk image and clone it.

And both large enterprise and small businesses don't want to get into the new stuff right off the bat. Enterprise would only do so for security reasons, and small businesses straight out stay away from it if not needed.

The only backlash I'd expect is what was mentioned before, EU or FTC. And even then, between the clean install requirement and the switch to toggle it off, Microsoft is probably in the clean.

What are you doing Micro$oft?!
They're a corporation, they're in it for the money. Writing "Micro$oft" is stating the obvious.

First you blocked people now you want them to reinstall, reinstall really?
And yet here almost everyone is complaining about how this is turning into 1984. Which, yeah, I can see the logic for people to think that.

So, no, I doubt the reinstall is gonna be a real issue. If anything, I think most here are quite happy that they need to do that before Smart App Control even works.

That settles it i am going Linux the moment it can run all my games you can go downhill for all i care.
Yeah, sure, whatever. You do you. :rolleyes:
 
That settles it i am going Linux the moment it can run all my games you can go downhill for all i care.
I already do this on my tower with Ubuntu 12.04 and Steam Play (Proton,) which works really well with a lot of games, even a lot of unsupported games work really well. I've been doing this for years and it has only gotten better. Most of the games I play are on my Steam account, so it makes it real easy for me. So please, come join us. :)
 
Nope. Most of the consumer/home user userbase won't give a shit about it because they quite simply don't give a shit about the OS internals, as long as their machines boot up correctly.

Enterprise is more tricky, but most medium/big-sized companies likely order prebuilts and laptops with exact same configuration in the dozens, hundreds or thousands. Just make a disk image and clone it.

And both large enterprise and small businesses don't want to get into the new stuff right off the bat. Enterprise would only do so for security reasons, and small businesses straight out stay away from it if not needed.

The only backlash I'd expect is what was mentioned before, EU or FTC. And even then, between the clean install requirement and the switch to toggle it off, Microsoft is probably in the clean.
O.o , reinstalling Windows to install an "update" will undoubtedly anger some people, especially since a possibly large portion of the people running Windows 11 are on new hardware. Microsoft is going to have to make the install of Windows 11 22H2 (or as I'm going to call it Windows 11.1) as painless as possible for normal consumers.

Of course that is just the logistics of getting the update out, the intent of the update will of course lead to contention amongst everyone, not just those of us here.
 
If it's not a forced update, why do you even need to do it? If you don't want to install the update then just ignore it and carry on. Switching to Linux because of one update is a bit extreme, and much more of a hassle than reinstalling windows for one update.
 
Hi,
I'm so out of compliance from just the new 11 requirements "even on a couple machines that can be compliant" this update has zero chance of being installed :laugh:
 
If it's not a forced update, why do you even need to do it? If you don't want to install the update then just ignore it and carry on. Switching to Linux because of one update is a bit extreme, and much more of a hassle than reinstalling windows for one update.

If this is part of a major feature update than it will not be optional, ignoring Enterprise, Pro and Home will one day require the install of Windows 11 22H2 or later if Windows Update is left on. An example I can use of this happening on Windows 10 would be my 4830T laptop which was running Windows 10 Pro 20H2 and it just auto updated to W10 21H2 a couple of weeks ago.
 
reinstalling Windows to install an "update" will undoubtedly anger some people, especially since a possibly large portion of the people running Windows 11 are on new hardware
If it's not a forced update, why do you even need to do it? If you don't want to install the update then just ignore it and carry on. Switching to Linux because of one update is a bit extreme, and much more of a hassle than reinstalling windows for one update.

No one said you need to reinstall to update. I don't know who started that bullshit, but I'm saying it now:

You need a clean install (either build 22593 or later for Windows Insiders, or whatever build ends up being the RTM/GA for the stable channel) to use Smart App Control. If you don't do a clean install you don't get Smart App Control. That's it. You'll continue to receive updates normally regardless of whether your install is clean or if it comes from upgrades from Windows 98 (all the TPM and spec requirements bullshit aside).
Microsoft is going to have to make the install of Windows 11 22H2 (or as I'm going to call it Windows 11.1) as painless as possible for normal consumers.
Most normal consumers don't really care much for the feature (in fact, I'd bet it will have growing pains that will make it as hated as UAC was back with Windows Vista), don't really care for knowing how to install Windows at all, and they will get a new Windows install the moment they get a new device.

the intent of the update will of course lead to contention amongst everyone, not just those of us here.
And on that, I'll agree completely.
 
No one said you need to reinstall to update. I don't know who started that bullshit, but I'm saying it now:

You need a clean install (either build 22593 or later for Windows Insiders, or whatever build ends up being the RTM/GA for the stable channel) to use Smart App Control. If you don't do a clean install you don't get Smart App Control. That's it. You'll continue to receive updates normally regardless of whether your install is clean or if it comes from upgrades from Windows 98 (all the TPM and spec requirements bullshit aside).

Most normal consumers don't really care much for the feature (in fact, I'd bet it will have growing pains that will make it as hated as UAC was back with Windows Vista), don't really care for knowing how to install Windows at all, and they will get a new Windows install the moment they get a new device.


And on that, I'll agree completely.

I see what the problem was, I was missing context, I get what your saying now, the feature update doesn't require a reinstall only enabling the Smart App Control will, the feature update itself will install like normal.
 
Hi,
Features update guess I should of said
I look forward to the reg file to kill the annoying "activate smart app control messages" think @brink is on it like the green hornet :laugh:
 
So to anyone who has the feature on insider build or whatever, is there an exclusion list, because I can see this playing havoc on things like github builds of programs.
 
So to anyone who has the feature on insider build or whatever, is there an exclusion list, because I can see this playing havoc on things like github builds of programs.

Code sign the app as part of your build process. Atm the feature is a blunt hammer with no exception capability but appear to be being roadmapped.
 
So to anyone who has the feature on insider build or whatever, is there an exclusion list, because I can see this playing havoc on things like github builds of programs.
What Camm said.


There's a bit more depth of an explanation there, but the TLDR of it is:
1-For developers, this feature, once it's enabled rather massively, will encourage them to sign their software (software signing also means that it's possible to identify a developer in the real world)
2-The order of priorities is like this:
2.1: Check if the app is popular or well-known, if that's the case let it run (my understanding is that by this point Windows Defender or your antimalware of choice already said it's clean)
2.2: if the app isn't popular, check for a signature, if it's digitally signed it can still run, otherwise it's considered not trustworthy.
3-Smart App Control has an "evaluation" mode. In Microsoft's words:
Essentially, we're looking to see if Smart App Control is going to get in your way too often. There are some legitimate tasks that some corporate users, developers, or others may do regularly that may not be a great experience with Smart App Control running. If we detect during evaluation mode that you're one of those users, we'll automatically turn Smart App Control off so you can work with fewer interruptions.
4-Regarding manual whitelisting, there's none. It's turned on or off for everything, no exceptions.
5-About why Microsoft wants a clean install, I quote:
We want to be sure that there aren't already untrusted apps running on the device when we turn Smart App Control on.
 
Back
Top