undergroundwires
commented
4 months ago Is there any resource/docs/reference to any privacy implication with this feature? Any network communication evidence will also suffice.
Open drwetter opened 4 months ago
undergroundwires
commented
4 months ago Is there any resource/docs/reference to any privacy implication with this feature? Any network communication evidence will also suffice.
drwetter
commented
4 months ago As far as I understood it, if activated or running in evaluation mode(!) and the program doesn´t contain a valid MS signature, it queries the cloud service with a file hash (and more info) -- each time when an "untrusted program" is started. It has a local cache though so that doesn´t happen every time.
Details see the PDF (first link) . Chapter 2 is the summary and you should have a look @ chapter 6 also : More than the technical considerations, the internal documentation of SAC performed in this project raises two important questions. On the one hand, there is a real concern about the privacy of user’s information. On the other hand, there is a real concern about the position of Microsoft Defender Antivirus in the Windows 11 operating system. At first, concerning data disclosure, SAC is nothing but an automatic notification mechanism to the Microsoft cloud-based backend. It discloses metadata about the executable files executed on the user’s system but also information on the system itself (from Microsoft Defender Antivirus’ version and configuration to the operating system)
I am not a expert regarding that but I found it worth for you to have a look at it.
undergroundwires
commented
4 months ago I missed the first resource. Thank you for clarification. It's highly reputable, if they raise privacy concerns, then we should add it. I guess "Privacy over security" category is the right place. I wonder if we should recommend it on "Strict" or not recommend at all.
drwetter
commented
4 months ago No prob.
it seems not that easy to me. AFAIU if you completely switch that off you can't just switch it on again when you change your mind. A reinstallation would be required.
Better would be IMHO users should make an informed decision which means a hint would be appropriate that undo the setting means reinstallation
undergroundwires
commented
4 months ago Once the evaluation is complete, or if you manually switch Smart App Control on or off, you won't be able to return to evaluation mode unless you reinstall or reset Windows.
I interpret this as it can still be turned on/off but "evaluation mode" cannot be reactivated. It's not so worrying if that's the case. It would be rare someone to be "evaluated".
However Federal Office for Information Security in Germany states as you say, that it cannot be re-enabled.
Not risking it, it's best to exclude it from any recommendation level than.
undergroundwires
commented
4 months ago I did more research and come up with these docs. This can be changed before release. Your feedback would be appreciated:
Feature Description
I'd like to have a button for this, if possible. SAC is a feature which can provide additional security at the cost of privacy. (https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Smart_App_Control/Studie_Smart_App_Control.pdf?__blob=publicationFile&v=2) .
In a nutshell: Maybe for systems which need a higher level of protection against threats it might be useful. Otherwise you should better make sure it's not enabled or disabled. There's another switch for "just data collection". Some settings are supposedly final and can't be reset unless you reinstall the system.
Proposed solution
A switch which tries to set registry values, maybe like this: https://www.howtogeek.com/smart-app-control-windows-11-explained/ (don't know whether this works, just $searchengined this)
It should provide a concise description of the consequences which otherwise aren't easy to grasp.
Alternatives considered
--
Additional information
--