Windows 11’s next act? Lock it down by default and make every app ask nicely first, tightening control, boosting transparency, and curbing unwanted changes.
We recently learned how Windows Notepad could be exploited by attackers to trigger remote code execution (RCE) attacks. Microsoft has often talked about how it is making Windows more secure through the deprecation of NTLM, releasing new Secure Boot certificates, and more. Now, the firm has detailed plans to strengthen user trust in Windows by improving its security.
Apparently, many Windows 11 customers have been complaining to Microsoft that they are fed up of apps overriding their PC settings, installing bloatware, and modifying “core” Windows experiences without their explicit permission. As we step further into the AI era, Microsoft wants to evolve Windows by building a consent-first model for all apps and AI agents. This will increase transparency for the user, allowing them to define restricted access and reverse decisions, when needed. However, this model might also limit developers, which is why Microsoft is working on ways that will offer a decent middle ground that works for both parties, more on that later.
Although Microsoft already offers several built-in security features in Windows through the Secure Future Initiative (SFI), Windows Resiliency Initiative, and Smart App Control (SAC), it is now working on two more improvements in this area.
The first is Windows Baseline Security Mode, which will enable runtime integrity safeguards by default. This will enforce an environment where only signed apps, services, and drivers are allowed to run, while giving IT admins granular control over these safeguards too. Developers will have the ability to detect the operational status of this mode and any exceptions, so that they can modify their app’s behavior based on what they have access to.
The second is User Transparency and Consent, in which Windows will prompt you on certain cybersecurity matters, just like a smartphone. So, for example, if an app tries to access your camera, Windows will send you an alert, enabling you to allow or deny permissions to the associated software. Microsoft believes that this will improve the security and privacy posture of the OS, while also giving you more confidence about its interaction with other software.
Microsoft has emphasized that these security measures do not imply that Windows won’t be as open anymore. Instead, it simply establishes principles that put the end-user in control of the software that they are running.
The Redmond tech firm will roll out these security updates in a staggered manner, while listening and adjusting its approach based on feedback. It has highlighted positive sentiment regarding these upcoming changes from various firms including 1Password, Adobe, CrowdStrike, Electronic Arts, OpenAI, and Raycast. No timeline has been communicated yet regarding the rollout of these security enhancements, so there’s no knowing when the first phase will kick off.