Microsoft wants Windows 11 secure by default
From
Anonymous@Anonymous@Anonymous.org to
alt.comp.os.windows-11 on Thu Feb 12 18:59:19 2026
From Newsgroup: alt.comp.os.windows-11
Microsoft wants Windows 11 |secure by default,i could allow only properly signed apps and drivers by default
By
Abhijith M B -
February 12, 2026 0
Windows to allow only signed apps and drivers to run by default
Windows to allow only signed apps and drivers to run by default
Microsoft just announced a per-app permission system, just like Android,
for Windows 11, to make the OS |secure by defaulti. Soon, Windows is said
to allow only properly signed apps and drivers to run. This is still an experiment, and we don t know when it ll become the default behaviour, but
it s being considered, and we might see changes soon. Of course, you ll be
able to turn off all new security features.
For decades, Windows has walked a difficult line between openness and
security. While the platform s biggest win was always its flexibility, it
also made the OS vulnerable to malware. In a new blog published on February
9, 2026, Microsoft admitted that the balance has tipped too far in the
wrong direction.
Windows Platform Engineer, Logan Iyer, has acknowledged that users are increasingly seeing apps override system settings, add unwanted software, install background components, or modify core Windows behavior without
clear consent.
Windows laptop asking to backup PC
|Windows must both remain an open platform and be secure by defaulti, says Microsoft in its Windows Experience Blog for Security, adding that users
want stronger protections without sacrificing compatibility, and both the company s developers and ecosystem partners are all for it.
Microsoft promises that Windows 11 will evolve to make sure you re always
in control. Apps and AI tools will show you clearly what they re doing,
you ll be able to undo their actions, and they ll only get access to things
you ve specifically approved.
This is the company s |consent-firsti model, where Windows 11 users using millions of traditional desktop apps, cloud-connected services, and
background agents would have to first authorize AI agents in order to give
them the ability to automate tasks and access sensitive info.
Note that the company previously mentioned that AI agents can often
hallucinate and be prey for malware attacks, but hopes that this new
security model for Windows 11 will earn the trust of users, which is
something Microsoft is striving for.
Invoking agent from Ask Copilot in Taskbar
Invoking agent from Ask Copilot in Taskbar. Credit: Microsoft
That said, Microsoft hasn t given up on their commitment to app
compatibility, and mentions that they ll provide developers with all the
tools and instructions that they ll need to comply with the software
giant s biggest security leap yet.
Windows Baseline Security mode allows only signed apps to run
The biggest technical shift in Microsoft s new security plan is Windows Baseline Security Mode. Under this new model, Windows 11 will run with
runtime integrity safeguards enabled by default. What it means is that only properly signed apps, services, and drivers will be allowed to run on your system.
As of now, Windows still permits a wide range of unsigned and loosely
verified software to execute, especially if you approve a prompt or disable certain protections, which is something that Windows users often do. Sure,
the flexibility is convenient, but it is also one of the main reasons why malware continues to thrive in the most popular desktop OS.
Baseline Security Mode changes this at the foundational level.
According to the Windows Experience blog, Windows will actively verify the integrity and signature of software at runtime. If an app, background
service, or driver does not meet the required trust standards, it will not
run unless you explicitly allow it.
This is a major shift from today s default behavior. Currently, Windows
relies on a mix of optional protections, such as:
Smart App Control
Windows Defender Application Control (WDAC)
Hypervisor-Protected Code Integrity (HVCI)
Reputation-based blocking
App and browser control in Windows Security
Most of these are either disabled by default, limited to some devices, or
only active after a clean installation. Baseline Security Mode brings such ideas together and makes them part of the core operating system experience.
At the same time, Microsoft is not turning Windows into a closed platform. Exceptions will still be possible.
If you rely on legacy software, custom-built tools, unsigned drivers, or
niche utilities, you will be able to override the safeguards and allow them
to run. IT administrators and advanced users can define specific exemptions
for trusted apps.
Developers aren t left alone and get visibility into this system. Apps will
be able to check whether Baseline Security Mode is active and whether any special permissions have been granted. Software makers can then adapt their products instead of being blindsided by new restrictions.
If Microsoft gets this right, a majority of users will never notice it,
while harmful software will fall quietly.
It s worth noting that Microsoft is also changing how Windows communicates these security decisions to you, in real time.
Windows now asks permission as your phone does
Along with stricter rules for app and driver execution, Microsoft is overhauling how Windows handles permissions. The company calls this User Transparency and Consent, and it is clearly inspired by how smartphone operating systems do it.
For the first time, Windows is moving toward a consistent, system-wide permission model, under which apps will trigger |clear and actionablei
prompts when they try to access sensitive resources, including your files, camera, microphone, or if they install unintended software.
If this sounds familiar, it is because iOS and Android have worked this way
for years.
Android phone asking permission to access the gallery
On your phone, an app cannot access your camera, read your storage, or
install other software without asking, or at least showing an indication. Windows is finally adopting the same philosophy.
Note that Microsoft says these prompts are designed to be reversible. You
will be able to review, modify, or revoke permissions later from
centralized settings.
This is important because the Windows permissions system is scattered
across remnants of the Control Panel, Windows Settings, registry flags, and some app-specific options. Most users never fully understand what they have allowed. The new model makes it possible for you to see which apps have
access to sensitive resources and remove that access if needed.
Windows Baseline Security Mode will also be used for AI agents
Although Microsoft has said that they re scaling back Copilot in Windows,
it doesn t mean that they have stopped development of AI features for the
OS. As the company gives agentic access to more AI applications, even third-party ones, they have to make sure that those tools cannot scrape
your files, monitor your activities, or install components without your approval. We believe that Windows Baseline Security Mode and User
Transparency and Consent are both intended to |raise the bari for the
impending Agentic AI era.
Copilot on a Surface Laptop
Source: Microsoft
If developers eventually move to design apps with transparency in mind,
then the lesser the pressure on Microsoft, and, of course, more trust in Windows, which could tempt more among the one billion users to use AI in
their workflow and daily life.
These two systems together, Baseline Security Mode and User Transparency
and Consent, represent the biggest structural change to Windows security in years.
But they will not appear overnight. Microsoft is rolling them out in
stages, testing them with partners and developers before making them
universal.
What this means for developers, enterprises, and ordinary users
While Windows Baseline Security Mode and User Transparency and Consent
sound like major technical changes, Microsoft is being careful about how
they are introduced. The company is not flipping a switch overnight and
forcing every PC into a locked-down environment.
The company insists that this transition will happen through a phased
rollout, where the first stage is visibility for users and IT admins into
how apps and AI agents behave on their systems, what they access, and what permissions they use.
For developers, Microsoft says that their existing |well-behavedi apps will continue to work and software makers will be given proper runway to adapt.
The company is also preparing new tools, APIs, and documentation to help developers understand how their apps interact with the new security model
and how to comply with it.
The Windows ecosystem still relies heavily on legacy software and internal business tools that cannot be rewritten as and when needed, so a gradual
move is better for this new security feature coming to Windows.
That said, enterprises can save a ton of resources from Baseline Security
Mode and the new consent system, as IT admins will get better visibility
into what is running on employee devices, what permissions are being used,
and where there could be potential risks.
Security vendors and major software companies are also backing the
initiative. Microsoft s blog includes support from partners such as
1Password, Adobe, CrowdStrike, OpenAI, and Raycast, all of whom see value
in Windows evolving to be secure by default, with clearer consent models.
To be clear, Windows is not losing its identity as an open platform. You
will still be able to install almost any app. Developers can still
distribute software outside the Microsoft Store. Power users can still
override protections when needed. The difference is that these actions will
now be more visible and deliberate.
|freedom to install any app and openness to every developer.i
Microsoft is essentially trying to move Windows closer to the security
model of modern mobile platforms, without sacrificing the flexibility that
made it successful in the first place.
If the company executes this well, it could mark the end of an era of traditional malware.
--- Synchronet 3.21b-Linux NewsLink 1.2
