Adam Shostack  May 26, 2024

Microsoft could fix ransomware by rate limiting createfile(), the api that’s used to open files. Opening files is a crucial step to encrypting or exfiltrating the data, and very few apps need to open a lot of files at once.

I’ve heard that Microsofts reason for not fixing it is … because user experience shouldn’t change because of windows update… https://wandering.shop/@xgranade/112498285644883431

Xandra Granade 🏳️‍⚧️ (@[email protected])

I remember when Windows 10 mail was local only, before a Windows Update made it cloud-only. I remember Edge didn't have built-in ads, before an update put ads everywhere. I remember when the My Documents folder was local-only by default, until a new version of OneDrive pushed it all to the cloud by default. History suggests that this kind of product is too often a wedge to justify more abuse of personal information in the future.

The Wandering Shop
Show threadMartin SeegerMay 26, 2024
@adamshostack AFAIK it was tried with AV software doing that and the side effects were unexpectedly heavy.
Show threadAdam Shostack  
@masek That would be why you build it in the OS not a third party add on
May 26, 2024 at 8:23pmWeb