As the company describes the feature, it should enable Windows Defender to prevent files in specified folders from being modified (including encryption) by untrusted applications, which means that the new security measure would provide powerful defense against ransomware-style attacks.
When the new feature ships, it will be disabled by default, but users will be able to enable it and specify which folders they want to be protected.
The feature will come pre-loaded with a number of whitelisted programs that should be considered trusted and would have authority to make modifications.
Any application not on the white list would prompt Windows Defender to stop the app from making changes, add the program to the blacklist to prevent future attempts and alert the user that the attempt was made.
By default, even when not enabled, the new feature would prevent changes to files residing in Windows Library folders, including My Documents, Pictures, Movies and Desktop. Once enabled, any other folder can be added to the list.
While all that sounds great in theory, Microsoft’s boast that it can prevent a ransomware attack should be taken with a grain of salt. After all, Microsoft made a similar claim when it began blocking automatic macro script execution in MS Office, and hackers were able to quickly find a way around that, so the same is likely to prove true in this case.
Even so, it’s a step in the right direction, and a clear sign that the company is making improved data security an increasing priority.
While it’s true that it’s easier to destroy than to create, the fact that industry heavy-hitters like Google and Microsoft are taking such an active stance against these new kinds of threats is a good sign indeed.
We’ll provide additional details as they become available.