Monday, May 4, 2009

Comparison of AppLocker and SAFER

There is functionality called SAFER (Software Restrictions) in Windows since Windows 2000 (AFAIR)…

If you are familiar with SAFER, you maybe wondered what is difference between software restriction policies and new AppLocker in Windows 7?

Well, main difference is something I wanted long time ago (and even had presentation where I was talking about it) – it’s combination of SAFER and ACT.

In ACT (Application Compatibility Toolkit), you can easily define rules for executables not only based on path\hash (like SAFER), however using all properties of executables – like version, publisher etc…

And that’s major change in AppLocker – now you can not only specify rules based on path and hash, however also using publisher… Which allows you to specify rules using publisher, version of file, product name…

Really nice and much more powerful compared to (restricted) software restrictions :)

Also (don’t exactly remember whether it was possible before), you can specify Allow\Deny rules for AD groups.

No comments: