Simple Software-restriction Policy allows you to harden Windows machines by adding Linux-like execute permissions to them.
Windows by default does not prevent software from being run from any location on the computer which malware and unwanted software exploit.
For instance, programs may be run directly from USB Flash Drives, download folders or system temp directories.
Simple Software-restriction Policy changes that by locking down that functionality on the system. It ships with a default rules file which is a good start but may need tweaking.
After installation, you will notice that you cannot execute files anymore from download folders or most folders on the system for that matter.
It is still possible to run software from select locations, the program files folder for instance but executions from most locations are blocked.
The program's functionality is defined in the softwarepolicy.ini file. Open it in any plain text editor to fine-tune its behavior. This is not as intimidating as it sounds as the syntax is simple and instructions are provided for each entry.
Here is a short list of important sections in the ini file that you may find useful:
The two main features of the program are to lock-down the execution of programs on the system to safe areas and to run specified programs automatically with limited privileges.
The program ships with an unlock option with disables its protection which may be useful when certain applications or updates won't run properly when the application is enabled. A folder full of portable applications for instance may be a good target for an exemption as you won't be allowed to run the programs on the Windows machine otherwise.
Depending on how you are using your system currently, you may need to change certain behaviors after enabling Simple Software-restriction Policy's protection. It is for instance no longer possible to run downloaded executable files directly from the download directory unless you make modifications to the default configuration.
Simple Software-restriction Policy hardens Windows systems by limiting the locations that applications can be run from. In addition, it is allowing you to run certain programs with limited rights.
It is a useful program not only for your own systems but maybe also for systems of relatives or friends who are not computer-savvy.Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.