Windows 10 To Adopt macOS-Like Security Preferences, Allow Users To Block Win32 Apps

Starting with the build number 15042, users with administrative rights will be able to block Win32 applications from running on the system, as discovered by Vitor Mikaelson. The option will be part of a new security feature that will allow users to choose what type of applications can run on their systems, much like a similar feature on Apple's macOS.

Win32 Apps And UWP Portability

Win32 apps or, as we used to call them before Windows 8, “programs,” are what makes Windows an operating system with a rich application ecosystem. However, the problem with Win32 programs is that they aren’t written as “Universal Windows Platform”(UWP) apps, which makes them much less portable.

Portability is desirable for Microsoft not just because it has other platforms on which it wants the UWP apps to run, such as Xbox and perhaps Windows 10 Mobile, but also because it wants ARM to make a comeback in the Windows world. Microsoft seems to have figured out how to make x86 applications work on ARM chips, but those apps will still have to be emulated, so the more UWP apps there are on ARM devices, the better.

Microsoft also has Project Centennial, which aims to package Win32 apps as UWP apps. This could make the transition from Win32 to UWP much easier, as long as developers are willing to package their old programs as UWP apps.

Blocking Win32 Apps For Security

Another big reason why UWP apps are desirable over Win32 programs is that they are much more restricted in terms of what they can do after they are installed on the operating system. This makes UWP apps more secure than most Win32 programs. For instance, UWP apps can usually only read the file system in the installed location of the app, as well as an application data folder and a temporary file folder. This is unlike Win32 apps, which usually have access to the whole file system.

From the image above, which is a screenshot taken from the Windows 10 15042 build, we can see that users will be given three options:

  • Allow apps from anywhere
  • Prefer apps from the Store, but allow apps from anywhere
  • Allow apps from the Store only

The first option seems to be the status quo we have today. The second option will likely prompt users when they install Win32 apps to warn them about the security risks. The third should be the most secure, but also the most restrictive, as it will only allow users to install apps from the Windows Store.

This feature seems similar to a feature macOS implemented years ago when it launched the Mac App Store. However, on macOS the second option is somewhat different, because it restricts the system to using only Store apps and signed apps from developers.

UWP Worries

Microsoft's ultimate goal of getting all Windows users to use only UWP apps does not sit well with some game developers, who think Microsoft will restrict them from the platform. Eventually, Microsoft will have to address these concerns, as they will likely only get louder as more people use UWP apps, or if Microsoft eventually makes the "Store only apps" preference the default for most users.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • UWP apps are garbage and Windows 10 the way is Microsoft pushing it has no future...
    Reply
  • The Microsoft App store is filled with garbage.
    Reply
  • ravewulf
    Some of the programs I use have the power to modify Windows itself for customization purposes which I'm betting is far too permissive for their taste, but given that I hate the direction they've taken the Windows UI, I really don't care.

    I also had to create a new "Program Files (Admin)" folder for things like MeGUI which don't work properly from the usual "Program Files" and "Program Files (x86)" folders in Win10 thanks to new security restrictions.

    On one hand I hope it really does cut down on malicious software installed by normal users, on the other hand it makes being a power user an extremely frustrating experience.
    Reply
  • Tom Griffin
    Simple question do any of you have Visual Studio 2015 and have you ever written software? UWP is an extension of the .NET stuff and you can do lots of nifty things with it. Yeah go ahead and make fun of me; have been a M$ programmer since 1977 and their BASIC compiler for the TRS-80 (that was a blast; using X=USR(0) to hop into assembly); did a 5 year stint at MicroFirmware we made Phoenix BIOS products that not only broke the 515mb HDD barrier but discovered the A:20 gate fault using EMM386; and faints the phantom FAT partitions in DOS 5.

    The framework makes it easier for me to asynchronous callbacks to web sites requesting HTTP information on remote GPS systems atm; VS 2010 was good 2015 rocks.
    Reply
  • shrapnel_indie
    However, the problem with Win32 programs is that they aren’t written as “Universal Windows Platform”(UWP) apps, which makes them much less portable.

    UWP apps are NOT universal. They LOCK YOU INto the Windows 10 platform. The only thing "universal" about it is it is supposed to allow you to use it on any Windows 10 (and its flavors for XBox, Tablet, or Phone) platform. As a developer, it locks you into their tools as well. Currently MS still is supporting Windows 7, 8, and 8.1... UWP will not run on those systems. period.

    Microsoft's ultimate goal of getting all Windows users to use only UWP apps does not sit well with some game developers, who think Microsoft will restrict them from the platform.
    Microsoft could get nasty again easily enough, especially if they think they can get away with it. How many remember the Windows Certified" program they had a couple decades or so back? Remember Microsoft had a tendency to NOT issue the certification if the developer also developed a version for another OS? It could go the same here... "Oh dear, I see you develop for Playstation..." "Oh dear, I see you develop for Linux...", etc. All they'd have to do is lock everything into their app store, and there goes GOG, UPLAY, ORIGIN, STEAM, etc... all in the name of "security".... yeah more like security in getting their hands in everyone else's publishing and developing business.

    The lock into a specific "owned" folder for the app won't fly very well in the business world either where one app may listen in on a server, grab files and then send them off to another app to process them into different formats. Anyone ever look at the Electronic Data Interchange formats out there? Anyone store their data files on some other drive than where the OS is installed?

    I also guarantee it will NOT stop malicious software. Java promised that in the beginning, now... it fails miserably, and in some cases even runs horribly slow. Apple's Walled Garden, even with its examinations and testing for approval to be included, still has security issues with the apps it offers. You can even see problems within the Android Store too.

    No, this is just another power-play from Microsoft disguised as "protection for the masses who are just too stupid to know what they want or to know what they are doing." And... anyone that isn't them is part of "the masses."
    Reply
  • shrapnel_indie
    19356544 said:
    Simple question do any of you have Visual Studio 2015 and have you ever written software? UWP is an extension of the .NET stuff and you can do lots of nifty things with it. Yeah go ahead and make fun of me; have been a M$ programmer since 1977 and their BASIC compiler for the TRS-80 (that was a blast; using X=USR(0) to hop into assembly); did a 5 year stint at MicroFirmware we made Phoenix BIOS products that not only broke the 515mb HDD barrier but discovered the A:20 gate fault using EMM386; and faints the phantom FAT partitions in DOS 5.

    The framework makes it easier for me to asynchronous callbacks to web sites requesting HTTP information on remote GPS systems atm; VS 2010 was good 2015 rocks.

    Yeah, I use VS2015... I've used VS since VS2005 and have seen the changes there too that say "programmers don't know what they're doing" (unless its them.) You have to bend over backwards to get VS to comply with how you want it to look, behave, and automatically include by default in your "solutions" and projects. Yeah UWP is an extension of .NET... but it is also a repackaging of the failed CX, CLI, and WinRT extensions.
    Reply
  • Dosflores
    19356544 said:
    Simple question do any of you have Visual Studio 2015 and have you ever written software? UWP is an extension of the .NET stuff and you can do lots of nifty things with it. Yeah go ahead and make fun of me; have been a M$ programmer since 1977 and their BASIC compiler for the TRS-80 (that was a blast; using X=USR(0) to hop into assembly); did a 5 year stint at MicroFirmware we made Phoenix BIOS products that not only broke the 515mb HDD barrier but discovered the A:20 gate fault using EMM386; and faints the phantom FAT partitions in DOS 5.

    The framework makes it easier for me to asynchronous callbacks to web sites requesting HTTP information on remote GPS systems atm; VS 2010 was good 2015 rocks.

    Yeah, I use VS2015, and it's great. I don't use the UWP API, though, although I guess it's great too.

    What's your point? UWP is great for developers, so it must be for users too? I guess most users want to do whatever they please with their computers, so they won't like not being able to buy any app from anywhere other than the Windows Store.

    Reply
  • John Nemesh
    Another effort by MS to FORCE users into their GARBAGE store! No thanks!
    Reply
  • ohim
    Like Android or iOS store is full of only useful stuff ... :) the only thing they have better is that they were the first with a store and major companies built apps on those, in rest there is a lot of garbage in those stores as well ...

    At this point the hate bandwagon is so high that people will complain about everything.
    Reply
  • Tom Griffin
    I did not mean to complain or anything like that; I was just saying I enjoyed programming. And the tools today seem to work rather well for my needs.
    Reply