> Microsoft should rate-limit the CreateFile() API
---
A friend of mine worked on (published?) a tool that puts canary files on the system in various places. When one of them is overwritten or removed, you know what's up. That seems more reliable than letting ransomware just trickle through the system instead of rushing through, more clear than a warning about some software touching all your files, and much less invasive to other software
The article also kinda glosses over that the criminals, in business cases, typically have domain admin. The whitelisting feature that the author proposes to use for backup software is going to make the limit ineffective
I realize you meant the above as a joke, but a configurable throttle on CreateFile would probably only be part of a Pro SKU. Ransomware is a much bigger threat in a business setting than for personal devices
But don't worry, Windows S2 has you covered! Now that you are in our walled garden, we don't limit things like that at all here; it's 110% safe and trustworthy and never ever ever gets compromised. You won't be able to install anything outside of our app store again, but who cares!
> Microsoft should rate-limit the CreateFile() API
---
A friend of mine worked on (published?) a tool that puts canary files on the system in various places. When one of them is overwritten or removed, you know what's up. That seems more reliable than letting ransomware just trickle through the system instead of rushing through, more clear than a warning about some software touching all your files, and much less invasive to other software
The article also kinda glosses over that the criminals, in business cases, typically have domain admin. The whitelisting feature that the author proposes to use for backup software is going to make the limit ineffective