Starting with the build number 15042, users with administrative rights will be able to block Win32 applications from running on the system, as discovered by Vitor Mikaelson. The option will be part of a new security feature that will allow users to choose what type of applications can run on their systems, much like a similar feature on Apple's macOS.
Win32 Apps And UWP Portability
Win32 apps or, as we used to call them before Windows 8, “programs,” are what makes Windows an operating system with a rich application ecosystem. However, the problem with Win32 programs is that they aren’t written as “Universal Windows Platform”(UWP) apps, which makes them much less portable.
Portability is desirable for Microsoft not just because it has other platforms on which it wants the UWP apps to run, such as Xbox and perhaps Windows 10 Mobile, but also because it wants ARM to make a comeback in the Windows world. Microsoft seems to have figured out how to make x86 applications work on ARM chips, but those apps will still have to be emulated, so the more UWP apps there are on ARM devices, the better.
Microsoft also has Project Centennial, which aims to package Win32 apps as UWP apps. This could make the transition from Win32 to UWP much easier, as long as developers are willing to package their old programs as UWP apps.
Blocking Win32 Apps For Security
Another big reason why UWP apps are desirable over Win32 programs is that they are much more restricted in terms of what they can do after they are installed on the operating system. This makes UWP apps more secure than most Win32 programs. For instance, UWP apps can usually only read the file system in the installed location of the app, as well as an application data folder and a temporary file folder. This is unlike Win32 apps, which usually have access to the whole file system.
From the image above, which is a screenshot taken from the Windows 10 15042 build, we can see that users will be given three options:
- Allow apps from anywhere
- Prefer apps from the Store, but allow apps from anywhere
- Allow apps from the Store only
The first option seems to be the status quo we have today. The second option will likely prompt users when they install Win32 apps to warn them about the security risks. The third should be the most secure, but also the most restrictive, as it will only allow users to install apps from the Windows Store.
This feature seems similar to a feature macOS implemented years ago when it launched the Mac App Store. However, on macOS the second option is somewhat different, because it restricts the system to using only Store apps and signed apps from developers.
Microsoft's ultimate goal of getting all Windows users to use only UWP apps does not sit well with some game developers, who think Microsoft will restrict them from the platform. Eventually, Microsoft will have to address these concerns, as they will likely only get louder as more people use UWP apps, or if Microsoft eventually makes the "Store only apps" preference the default for most users.