From: Anonymous@Anonymous.org   
      
   Microsoft wants Windows 11 ´secure by default,¡ could allow only properly   
   signed apps and drivers by default   
   By   
   Abhijith M B -   
   February 12, 2026 0   
   Windows to allow only signed apps and drivers to run by default   
   Windows to allow only signed apps and drivers to run by default   
      
   Microsoft just announced a per-app permission system, just like Android,   
   for Windows 11, to make the OS ´secure by default¡. Soon, Windows is said   
   to allow only properly signed apps and drivers to run. This is still an   
   experiment, and we donÿt know when itÿll become the default behaviour, but   
   itÿs being considered, and we might see changes soon. Of course, youÿll be   
   able to turn off all new security features.   
      
   For decades, Windows has walked a difficult line between openness and   
   security. While the platformÿs biggest win was always its flexibility, it   
   also made the OS vulnerable to malware. In a new blog published on February   
   9, 2026, Microsoft admitted that the balance has tipped too far in the   
   wrong direction.   
      
   Windows Platform Engineer, Logan Iyer, has acknowledged that users are   
   increasingly seeing apps override system settings, add unwanted software,   
   install background components, or modify core Windows behavior without   
   clear consent.   
      
   Windows laptop asking to backup PC   
      
   ´Windows must both remain an open platform and be secure by default¡, says   
   Microsoft in its Windows Experience Blog for Security, adding that users   
   want stronger protections without sacrificing compatibility, and both the   
   companyÿs developers and ecosystem partners are all for it.   
      
   Microsoft promises that Windows 11 will evolve to make sure youÿre always   
   in control. Apps and AI tools will show you clearly what theyÿre doing,   
   youÿll be able to undo their actions, and theyÿll only get access to things   
   youÿve specifically approved.   
      
   This is the companyÿs ´consent-first¡ model, where Windows 11 users using   
   millions of traditional desktop apps, cloud-connected services, and   
   background agents would have to first authorize AI agents in order to give   
   them the ability to automate tasks and access sensitive info.   
      
   Note that the company previously mentioned that AI agents can often   
   hallucinate and be prey for malware attacks, but hopes that this new   
   security model for Windows 11 will earn the trust of users, which is   
   something Microsoft is striving for.   
   Invoking agent from Ask Copilot in Taskbar   
   Invoking agent from Ask Copilot in Taskbar. Credit: Microsoft   
      
   That said, Microsoft hasnÿt given up on their commitment to app   
   compatibility, and mentions that theyÿll provide developers with all the   
   tools and instructions that theyÿll need to comply with the software   
   giantÿs biggest security leap yet.   
   Windows Baseline Security mode allows only signed apps to run   
      
   The biggest technical shift in Microsoftÿs new security plan is Windows   
   Baseline Security Mode. Under this new model, Windows 11 will run with   
   runtime integrity safeguards enabled by default. What it means is that only   
   properly signed apps, services, and drivers will be allowed to run on your   
   system.   
      
   As of now, Windows still permits a wide range of unsigned and loosely   
   verified software to execute, especially if you approve a prompt or disable   
   certain protections, which is something that Windows users often do. Sure,   
   the flexibility is convenient, but it is also one of the main reasons why   
   malware continues to thrive in the most popular desktop OS.   
      
   Baseline Security Mode changes this at the foundational level.   
      
   According to the Windows Experience blog, Windows will actively verify the   
   integrity and signature of software at runtime. If an app, background   
   service, or driver does not meet the required trust standards, it will not   
   run unless you explicitly allow it.   
      
   This is a major shift from todayÿs default behavior. Currently, Windows   
   relies on a mix of optional protections, such as:   
      
       Smart App Control   
       Windows Defender Application Control (WDAC)   
       Hypervisor-Protected Code Integrity (HVCI)   
       Reputation-based blocking   
      
   App and browser control in Windows Security   
      
   Most of these are either disabled by default, limited to some devices, or   
   only active after a clean installation. Baseline Security Mode brings such   
   ideas together and makes them part of the core operating system experience.   
      
   At the same time, Microsoft is not turning Windows into a closed platform.   
   Exceptions will still be possible.   
      
   If you rely on legacy software, custom-built tools, unsigned drivers, or   
   niche utilities, you will be able to override the safeguards and allow them   
   to run. IT administrators and advanced users can define specific exemptions   
   for trusted apps.   
      
   Developers arenÿt left alone and get visibility into this system. Apps will   
   be able to check whether Baseline Security Mode is active and whether any   
   special permissions have been granted. Software makers can then adapt their   
   products instead of being blindsided by new restrictions.   
      
   If Microsoft gets this right, a majority of users will never notice it,   
   while harmful software will fall quietly.   
      
   Itÿs worth noting that Microsoft is also changing how Windows communicates   
   these security decisions to you, in real time.   
   Windows now asks permission as your phone does   
      
   Along with stricter rules for app and driver execution, Microsoft is   
   overhauling how Windows handles permissions. The company calls this User   
   Transparency and Consent, and it is clearly inspired by how smartphone   
   operating systems do it.   
      
   For the first time, Windows is moving toward a consistent, system-wide   
   permission model, under which apps will trigger ´clear and actionable¡   
   prompts when they try to access sensitive resources, including your files,   
   camera, microphone, or if they install unintended software.   
      
   If this sounds familiar, it is because iOS and Android have worked this way   
   for years.   
      
   Android phone asking permission to access the gallery   
      
   On your phone, an app cannot access your camera, read your storage, or   
   install other software without asking, or at least showing an indication.   
   Windows is finally adopting the same philosophy.   
      
   Note that Microsoft says these prompts are designed to be reversible. You   
   will be able to review, modify, or revoke permissions later from   
   centralized settings.   
      
   This is important because the Windows permissions system is scattered   
   across remnants of the Control Panel, Windows Settings, registry flags, and   
   some app-specific options. Most users never fully understand what they have   
   allowed. The new model makes it possible for you to see which apps have   
   access to sensitive resources and remove that access if needed.   
      
   Windows Baseline Security Mode will also be used for AI agents   
      
      
   [continued in next message]   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)