Microsoft, in what seems to be an attempt to limit the spread of ransomware, is now testing a new build of Windows 10 that limits access to important documents and data. The recent wave of ransomware that hit the global scene has put everyone on edge and any measures to protect data are very welcome.
The NotPetya and WannaCry ransomware attacks that have been in the news recently are very different beasts. While both are built on existing malware and use certain Windows exploits that were stolen from an NSA (The US National Security Agency) server, their core function is different.
WannaCry infects your system, spreads on your network and then encrypts all your data. Once encrypted, you’ll be sent to a prompt that demands you add a certain amount of money to a bitcoin wallet in exchange for a decryption key. The data thus encrypted is virtually impossible to access without the key.
NotPetya is more cyberweapon than ransomware and is designed to destroy data by deleting the Master File Table (MFT) and Master Boot record (MBR). Both of these are akin to ledgers that record the exact location of every bit of data on your hard disk. If the ledgers are gone, the data on your disk is as good as meaningless.
Microsoft’s solution is only a partial one. In build 16232 of Windows 10, Microsoft introduced updates to the way permissions are handled. When a system has multiple users, one user can’t access the files of another user unless specifically shared. Microsoft is taking this idea forward with a system dubbed ‘Controlled folder access’ (CFA).
With CFA, you’ll be able to limit access to certain directories by marking them as ‘Protected’. Critical folders like the Documents, Pictures and Movies folder are protected by default. Access to these folders will be governed by Windows Defender and only whitelisted applications will have access. This means that if only Microsoft Word is allowed access to a folder, an application like VLC or Notepad will not have access.
It’s an interesting approach and is sure to prevent sloppier malware like WannaCry from damaging critical data. However, more sophisticated attacks like NotPetya will still damage your data. As ArsTechnica so rightly points out, exploits like Word macros and the like get legitimate applications to do their dirty work. Microsoft hasn’t explained whether and how such malware will be restricted.
Either way, CFA alone should provide a greater degree of protection to your data. More importantly, however, such protection only works if you’re on the latest version of Windows and are running a system on which updates are regularly installed.
It must be noted that Windows 10 has never been vulnerable to either NotPetya or WannaCry. In fact, the leaked NSA exploits primarily deal with Windows 7, and to a lesser extent, Windows XP.
Windows 7 is an 8-year old operating system and Windows XP is over 15 years old and it’s a wonder that Microsoft is still supporting them in the first place. We might sound like a Microsoft mouth-piece here, but please upgrade. It's in your best interest.
Published Date: Jun 30, 2017 12:02 pm | Updated Date: Jun 30, 2017 12:02 pm