AppLocker - opinions

I'd love to hear any impressions on AppLocker. It will be one of 2 things that make the difference between whether I choose the Pro or Ultimate version of Windows 7.

I'm going to watch some Youtube videos to get a nice visual rundown, but I still want to hear feedback & details from people I trust. How granular is the control over apps? Is it similar to that of a HIPS, or as simple as: "Do you want to allow this, or not?"

 

I'm not sure if you trust my opinion but here goes...

I've used it for a couple years now, and thus far I can't come up with a compelling reason to drop it in favour of a HIPS application. Some Pros and Cons:

• It's already built-in to the O/S (Win7 Ultimate or Enterprise) no 3rd party bugs
• Restricts via: Path, Hash or Publisher rules.
• Can Auto-generate rules within user-defined specific directories
• Works on a simple Allowed or Block ruleset, a mix of the two, or Allow with exceptions
• Allows or Blocks files of type: executables, scripts, dll's or Windows installers
• Rules can be tested (Audited) before they are applied
• Rules can be applied to specific users or account types
• does not offer the granularity of most HIPS. eg: no memory or registry protection, no parent to child restrictions, etc...)
• Alerts are not the most reliable nor detailed (although details of an alert can be found in the logs). Customization in this area is necessary but can easily be done through Task Scheduler. See: -http://www.wilderssecurity.com/showthread.php?t=306861&highlight=applocker

I would check out threads in these forums for more info (Advance search "AppLocker in Titles). MS also offers a nice Step-by-Step guide here: -http://technet.microsoft.com/en-us/library/dd723686(v=ws.10) that goes into more detail on how it works. Most definitely I recommend reading up on it to gain an understanding of how it works before using it.

 

Well said wat0114. Couldn't put any better than that. Excellent description/summary of applocker.

 

Thanks chaotic

 

wat... I made this post in the hopes that either you, Kees, Sully or Hungry Man (mainly) would chime in. People that rely heavily on built-in security, not 3'rd party software.

So the answer is I value your opinion quite a bit. Thanks for the input.

 

Thanks for the vote of confidence, lucid

 

I'm sure some people will disagree, but I personally think that SRP is a lot easier to set up (takes about 5 minutes). Here's a real good guide with screenies.

AppLocker is supposed to be more secure, but it appears to have quite a learning curve. Since I haven't ever gotten infected with LUA and SRP on XP, 2K3 and now Win 7, my laziness wins out here.

If you don't need BitLocker and can live with SRP rather than AppLocker you could save a few bucks and go for the Pro version.

 

I don't think the security that AppLocker provides is all that great and it's a big pain to set up (for me at least).

Depends how you like to manage your system. I don't like security systems that restrict me I like security systems that restrict programs and services. I feel restricted with AppLocker - I feel that I have to administrate myself, which doesn't make much sense to me.

If you're fine with that it can help in some situations to make attacks more difficult or outright fail.

 

I feel you there. And there's a line I walk between having a secure box, and inconveniencing myself. I won't let it get to the point where the latter happens. My goal is to make my setup as secure as possible while maintaining usability.

I just looked at an online tutorial of AppLocker, and I'm not too impressed. Oh how I wish there was something intregrated into the OS more like Comodo's D+... I actually like what BitLocker has to offer more.

But at this point I'm leaning toward the Pro version. I'm all about things being as streamlined as possible, and I don't think I'll have much use for the extra stuff in Ultimate. Money isn't the issue. I'd pay a little extra.

Now the question becomes... 64 or 32 bit?

 

64bit.

But yes, I don't use anything that inconveniences me. If a sandbox annoys me in some way and I can't fix it I won't use it. If a program is slowing things down, heating up the system, or even just ugly I won't use it.

Security is a priority but I've found that I can have a secure system without any major inconvenience (the most I do is compile a kernel, which happens mostly in the background. I'll probably automate it eventually.)