iconSimple Software-Restriction Policy

A security enhancement for Windows XP, 7, 8, 10 (Home or Pro)

See our downloads page for the latest release.

Detailed installation and usage instructions are on our Software Policy Minisite.

The controls are easy to useRansomware is one of the most serious security issues to ever hit the IT industry. A key reason for its severity is that its payload is largely unhindered by traditional security measures such as limited user working or signature-based antivirus scanning.

In order to counteract ransomware, we need to look to entirely different security strategies. An important component of such a strategy can be the implementation of a Software Restriction Policy.

In essence, a Software Policy lays down rules about where on disk programs can be run from. Thus, programs in 'Program Files' will be given the OK, but programs in 'Downloads' will not. Since this defensive mechanism does not rely on identifying a given program as malicious, it is in principle effective against all strains of malware. 

Software Restriction Policies are in fact a part of Group Policy, and have been around since the introduction of Windows XP. Thus they are nothing new, although they have been largely overlooked by both IT admins and home users until now.

One of the reasons for the low uptake has undoubtedly been that the Group Policy Editor controls for Software Policies are neither very convenient nor very easy to use. Even after you've figured out what is a very complex set of controls, you are faced with the issue that you cannot easily turn the policy on or off.

Our Simple Software Restriction Policy utility overcomes that. As the name suggests, it turns a complex piece of group policy editing into a simple matter of installing the utility and selecting a few options. What's more, if you need to suspend the policy, that is only a few clicks away and it takes effect immediately, no reboot needed.

A SRP has other advantages besides hardening the computer against malware. For example, it allows you to control the launching of programs from USB key or DVD, other routes by which unwanted software may find its way onto your computer.

Perhaps one of the best features of SSRP is that during normal use of the computer you hardly know it's there. No screen dimming, no continual nags. About the only time you need to interact with it, is if installing or removing software. In which case you can allow yourself 30 minutes to do the work, after which the policy will reinstate itself.

SSRP also offers a means of launching specified programs with limited rights. On legacy systems where the standard user is an Admin, this can very usefully restrict the damage that a compromised Web browser or email client can do to the system. (This feature is turned off by default since later Windows versions have their own means of achieving this, UAE. )