A software policy makes a powerful addition to malware protection. It is especially beneficial on Windows XP, which lacks the UAE feature of later versions. It may also be preferred to UAE on Windows 7/8 owing to its greater convenience and generation of fewer annoying pop-ups.
If you know about the Linux 'execute permission' bit then you'll understand what this is for. The mode of operation is somewhat different in that execute permission is granted to folders and subfolders rather than individual files, but the intention is the same, to stop undesirable or unknown software from launching unless you OK it.
Additionally, it is possible to specify that certain executables (typically browsers and email clients) are run with reduced rights. This is a valuable damage-limitation measure against browser plugin vulns, etc.
The protection can be turned off without a reboot whilst installing legitimate software, and will automatically reactivate after a specified time.
- Block unintended downloads from running
- Prevent auto-running installs from optical drives
- Disallow programs on USB media from launching
- Determine which software may be launched, and which not.
- Run specified processes with limited priveleges
Be the first to post a review of Simple Software-restriction Policy!