Do you remember when Microsoft said Windows 10 is "...the last Windows?"
We sure do. It is obvious now that the Redmond software giant has walked back on that claim, as it has since released Windows 11. And apparently, for Windows 11, yet another OS installation could be in your future.
According to a recent post on the
Microsoft Security Blog, the latest security update to Windows 11 will include a new enhancement known as Smart App Control. For users of the OS to take advantage of the feature, Microsoft states that "Devices running previous versions of Windows 11 will have to be reset and have a clean installation of Windows 11..."
Smart App Control for
Windows 11 looks to expand upon the application and code-signing model that Microsoft introduced with Windows Vista. The first iterations of application signing were much-maligned due to inconsistencies in developers adhering to the signing functionality at the time. Today it is less of a problem, and there are some easy bypasses for developers. The reason for the reinstall of Windows requirement is related to a core OS change that allows the feature to interact directly with hardware. Most notably the TPM module, a key component in security hardware and even software today, and a requirement for Windows 11 installs. There may be other headaches as well, though.
The Smart App Control feature works with the existing code-signing platform and an AI platform that generates a trust model via the Microsoft cloud. If it works as expected, we could see the end of the "run anyway" prompt for unsigned applications the AI model deems "safe." From an "enthusiast" standpoint, though, this feels like a double-edged sword. Many things like overclocking tools and open-source applications that are very useful are often unsigned. Those applications could be automatically considered safe by the AI models, but sometimes overclocking software can get marked as "dangerous" because they tend to modify hardware configurations.
These annoyances aside, there are a large number of significant improvements in security for this update. One major change is additional protection for the Local Security Authority. While there was an update to Microsoft Defender for this at the
enterprise level recently, consumers had to sit tight. The update also includes improvements to Microsoft Defender SmartScreen for phishing detection, and Credential Guard will be on by default.
It does seem like
Microsoft's latest major update to Windows 11 is quite possibly one of the largest security updates we've seen for Windows in a very long time. Though most of these changes we view as good things, it is annoying to have to reinstall if you want the whole package.