Microsoft is constantly developing new ways to protect users from the computer threats that put their security at risk every day. In addition to the antivirus itself, which is installed as standard, Windows has many other internal security and protection measures that help us, at least, to make things more difficult for hackers. And, to all of them, now a new security measure is added: Win32 App Isolation.
Currently, the Microsoft operating system has several built-in security features. The oldest, inherited from the Windows Vista era, is User Account Control, or UAC, which forces us to verify that we do indeed want to run the program in question. Since then, Windows has received many other security improvements, such as Windows Defender and a multitude of shields for the Kernel, Microsoft Defender Application Guard, Smart App Control (exclusive feature of Windows 11) and even Windows Sandbox, the sandbox where we can execute what we want without risk of affecting our main PC.
Now, Microsoft has announced a new security measure that, very soon, will become part of all versions of Windows 11. We are talking about Win32 App Isolation.
What is Win32 App Isolation?
Microsoft has realized (35 years late) that programs running with normal user (non-administrator) permissions have access to all user data. And this is a danger. Therefore, to limit the reach of programs, Microsoft has developed this new security measure.
Win32 App Isolation works in conjunction with other security measures, such as Smart App Control, to protect process integrity and limit the data that the program has access to. According to Microsoft, this new security feature has three clear objectives:
- Make it difficult for hackers to cause damage to Windows.
- Offer users an isolated program-using experience (similar to apps in the Store)
- Make it easier for developers to strengthen the security of their programs.
When a program implements this new security measure, it can no longer access users’ private data. At least without permission. When a program needs to access a file or private data, it will ask for permission, like mobile apps, and we will have to be the ones to allow it or not.
The big problem
In theory, everything is perfect, and it is a more than necessary concept so that programs are safe and can be protected even against unknown vulnerabilities. However, for Win32 App Isolation to take effect in a program developers need to implement it.
And this is not going to happen. Microsoft programs (such as Office) will implement this for logical reasons. And some big developers, like Google or Adobe, will also add this isolation so that users can be safe. But beyond these, let’s not expect to see it on other shows. Especially in abandoned programs, which are no longer updated, nor in free programs where developers often spend a bit of maintenance.
Instead of this, Microsoft should have found a way to create something similar, but that affects 100% of the programs without depending on the developers.
