I SCREWED UP

Hinzugefügt: 2026-05-06

[00:00:00]I screwed up! Or at least in the last video I  made, I didn't really elaborate well enough, or I mis-explained some things about a feature  that I really do still think that everyone, or at least most people should enable. And  basically I was talking about how in the latest Windows update, you can now enable a feature that  you couldn't enable before if you had turned it off. Now you can, you can turn it on and off at  will, and that's called Smart App Control. Anyway, I seem to have gotten a lot of pushback in the  comments. Some of it was definitely my fault.

[00:00:28]I explained some things wrong. I didn't make  some things clear. And of course, there was a lot of people just saying, "no, I'm not going  to enable" it because they are just Microsoft haters. And look, I get it. People don't like  the big mega corp Microsoft, "micro slop, haha", everybody hates co-pilot. We get it, alright.  Can we get that out of our system and just focus on the feature, which is a security thing. Years  ago, I tweeted about an even more extreme feature, AppLocker, and how I basically set it up where I  could only run certain signed executables. And I would literally have to go in and manually create  rules about anything that was not signed. And actually it did protect me from getting hacked at  one point. So I'm a bit extreme about this sort of stuff. And the reason I so vigorously recommend  this Smart App Control feature for most people, not all obviously, I'm not saying if you don't  enable it, you're stupid. There's some exceptions I can get to. But the reason I recommend it for  most people and I use it myself is because it gets you like 95% of the protection that you  would get through manually whitelisting stuff through AppLocker and all that without having  to do all that. And it is not purely based on signatures. That's one of the things I really kind  of glanced over. Maybe I didn't explain it well.

[00:01:37]Because a lot of the comments were saying, "Oh,  this is going to kill open source. It's Microsoft just trying to kill open source. Only Microsoft  approved apps and products will be able to run", that sort of thing. No, that's literally the exact  opposite. The reason I use this over AppLocker is because you don't need to have the application  signed for it to run. Now, one of the major things people were saying was that they had tried  it and it was blocking all sorts of stuff. Try it again. There's no reason not to. Like I said,  you can turn it on and off whenever you want.

[00:02:09]It is better than it was before. Another thing  that a lot of people were getting tripped up on, I think is the word "reputation". And I was  saying if a file has positive reputation, I don't mean that app in general. Again,  I mean that like literal version of that app file particularly. Because every time a app  is updated and there's a new version released, it's a different file. And that particular file  gains a reputation. So when I say app, I really meant file, which is the EXE. I don't mean the  brand of that app. Like Microsoft is not going through and browsing the internet for the most  popular apps. It's not a popularity contest like, "Oh okay, notepad++. Yes, we all know that that's  a good app. That's a positive reputation. So we're going to approve any Notepad++ files" or anything  like that. No, it has nothing to do with the name of the app or who made it or whatever. In fact,  that wouldn't even work because if an app is not signed, then it could say that it's "Billy Bob's  app". But if it's not signed, there's no way to even prove that. So you can't even go based  on which app it says it is. It's every single individual file gets a reputation and it's not  like Microsoft is going in and deciding whether or not it's on some list of approved Microsoft apps  for whether or not it should be allowed to run.

[00:03:27]Whether or not it's allowed to run is purely based  on that particular file's behavior and whether it does anything that is malicious patterns.  So for the people who are saying stuff like, "It's going to kill open source," or "I'm not  enabling it because I use indie developers," and stuff like that, this feature is actually  a good thing because it means that you can run those apps. Also, one thing people were asking  is, "How does it decide? If you don't turn it on, then how does it even get that reputation for  the file?" And basically, it's doing it anyway, whether or not you have Smart App Control enabled.  It uses the people who don't have it enabled basically as guinea pigs to see, "Okay well,  this thing wasn't flagged by Microsoft Defender, so we'll just let it run. And if it ends up being  malicious, well, too bad for them". But by the time that it gets to be fully determined as safe,  then it'll run for Smart App Control. Now yes, more popular open source apps will get a positive  reputation for their files faster because more people run it and it'll build up that reputation  faster. But in terms of it being any more likely to be able to run has nothing to do with its  popularity. Now, another thing that I saw was people saying, "Well I can't run this because I do  pirated games." But again, that doesn't mean that it won't let you run the files. If it builds up a  reputation as being not malicious based on people running it, it might let you run it. It's not like  it knows that it's a pirated game. It has no idea what it is. It just looks at what it does. Now, if  it does block a pirated game that you're running, there are a couple of possibilities. First, it  might be a new file, or it could literally be a virus that you downloaded and are just thinking  it's a false positive. We all kind of know that pirated games are a common distribution  point for viruses. I'm not saying that it is, but it's a possibility. Another thing that I saw  is a lot of people were saying, "Oh, don't use this if you are a dev or you run games that have  to compile files" or something like that, which is not necessarily true. I literally make C# programs  all the time and it will have no problem running, oftentimes, a freshly compiled EXE that I just  made and debugging. Because it's smarter than just literally looking it up in a list, it's  actually analyzing the internals, if it can, and sees what DLLs it calls, what functions, if  it calls any suspicious stuff. And if it is sure, simply from looking at that, that it's not  doing anything weird, then it will maybe just let you run that. And it does in my case,  a lot of times. Now, again, if it's not sure, that's when it might check it and look in the  database and say, "Okay, do we have any additional data about this?" But it's not purely like a, "Is  this a known file thing? And if it's not, block it." That's not how it works, it's smarter than  that. Now, that is C#.NET apps, which they work a little bit differently. It's easier to inspect  what's actually going on in those. If you write C++ code and stuff, it is probably more likely  to block that. But again, then in that case okay, you're a person that probably shouldn't enable  it. I'm not saying literally every single person should enable it. For the vast majority of people  who are not developers, you probably should enable it. Now, I did see a couple of comments that made  me think. One was saying that it blocked apps that I know it doesn't block, like AutoHotKey. That is  possible that it was an old version or something, or that was earlier. But I use AutoHotKey every  day and it doesn't block it. Every once in a while, it does randomly seem to block apps that  it didn't before. And I think it refreshes its cache of what it considers trustworthy. Like if  I come back from vacation, sometimes it'll block apps. And I think it just has to refresh with the  servers. So if you first enable it, and then it's all of a sudden blocking a lot of stuff, wait a  minute, try running it again. It might work. Also, the very first time you run an app, it might  take a little bit extra time to launch if it has to hash the file to be able to check it.  But I really have not noticed it taking any extra longer to launch apps. But if it does all of  a sudden start blocking a lot of stuff, give it a second and restart the computer. It might work.  But again, if it legitimately keeps blocking an app that you know is safe and you do need to use,  just turn it off. I also saw a lot of comments that seem to suggest, "well I'm a power user. I'm  an advanced user. I don't need to enable this", or it's bad for advanced users. No, I actually  think it's just as good for you. And just because you have it enabled doesn't mean that you're  dumber or you are not capable of recognizing malicious stuff. Because in this day and age of  supply chain attacks, even for advanced users, it kind of serves as like an early alarm system.  Where if it blocks something that you don't think it should, maybe that is like an alarm, "Hey,  maybe I should take a second look at this before running it and deciding it's a false positive."  And it's rare enough that it blocks stuff that it does kind of make you say, "Whoa, it's blocking  something. Like something might be wrong here."

[00:08:11]So I still think at the end of the day, most  people should enable it. Just try it. And again, if it doesn't work out for you, you can just  turn it off again. So anyway, hopefully that clears things up. You guys can let me know what  you think. You could still think I'm wrong, I don't know. But I'm going to die on this hill.  Anyway, I'll put that link right there to the last video if you haven't seen it. But anyway,  hopefully this was helpful. So let me know what you think down in the comments. So thanks so much  for watching and I'll see you in the next one.