Risk Management

Some Things Never Change

The human race just turned the wheel over for another year and with it came a new decade. The author is aware that some people say the decade starts in 2021, but the author does not mean to debate that here. Considering the last decade, many things changed: we saw the rise of new attack methods, increasingly complicated attacks, and even the simplifying of some complex attacks into “Malware as a Service”.

Continue reading…

New Upcoming Feature in Windows: Controlled Folder Access and More…

Controlled Folder Access Dialog

This fall, just a few short months from the time of this writing, Microsoft will be releasing a minor update to follow the most recent Windows 10 Creators Update from earlier this year. It will include some new features, including a few that revolve around their built-in Windows Defender suite. With these changes to Windows Defender, Microsoft hopes to make their latest operating system more resistant to ransomware attacks which have become prolific over the last several years.

One of the features coming with the update is called Controlled Folder Access. Microsoft touts the feature as a direct response to ransomware. It will work via a whitelist approach, with Windows Defender only granting certain applications the privilege to access the data of a protected user account; otherwise, the application is not allowed to read, write, or modify any data a user might own such as documents, pictures, or videos.

The default folder list includes Documents, Pictures, Movies, and Desktop and are hard-coded into the feature with no option for removal, but additional folders can be added manually through the Windows Defender Security Center. There will also be an option to add custom software to the whitelist, but Microsoft states that most software should already be pre-whitelisted. If an application is not whitelisted and attempts to alter data within a protected folder it will be automatically blacklisted and the user will be notified. Although this feature has many benefits, Microsoft will have the feature disabled by default. It can also be enabled in the Windows Defender Security Center under Virus & threat protection settings, as seen below.

How to enable Controlled Folder Access in Windows Defender Security Center Diagram

Controlled Folder Access settings window, courtesy of Microsoft Blog.

Other features coming with the Fall Creators Update include a Cloud Clipboard which will allow copy and pasting between multiple Windows 10 devices; a Timeline feature, which will be similar to the app switcher found on many mobile phone operating systems; Pick Up Where You Left Off, which will be an application synchronization service that developers can use much like the Cloud Clipboard; and OneDrive Files On-Demand, which will allow access to files, even if they are only stored in the cloud and not locally.

Windows 10 is also getting a design language refresh. Microsoft is moving away from the Metro UI to offer a more consistent, depth-enabled interface with lighting and motion effects. It is being likened to Google’s own Material Design. Overall, a welcome change, but one that may be more resource demanding.

Will you be upgrading? What feature do you look forward to most? Leave a comment below!

No Man’s Sky and Risk Management

No Man’s Sky is a game recently developed by an independent studio called Hello Games. It was launched in August of 2016 for PlayStation 4 and PC.

The PlayStation 4 edition was released just three days ahead of the PC version and it received a lot of high praise. The game had been highly anticipated since 2014, when Sony first showed interest in it and had many gamers and publishers eager to get their hands on a demo. The game itself is a novel, remarkable breakaway from traditional space adventure games. There is no pre-determined enemy, no campaign one must follow, or a set storyline that drives the game. There is only one true objective: reach the center of the galaxy. Once at the center of the galaxy (a point no gamer is anticipated to experience within a single lifetime) the game starts over again with another universe where the player is free to explore all over again. All of this is achieved through rich, complex algorithms that build each planet (and the entire galaxy) procedurally. Put simply, the game is completely computer generated. The game is a computer simulation and the backstory plays into this.

With this much anticipation, and having been so well-received on PlayStation 4, it was surprising when three days later the PC edition came out and things started to turn south quickly for Hello Games. Suddenly, there were horror stories of people paying $60 for the game, only to have it crash before ever fully launching. Many people experienced incompatibilities with graphics cards and different chipsets. Some determined people were able to work around these issues and finally play the game, only to still experience terribly low frame rates and other issues with game play. Few people were actually able to play the game without an issue and there seemed to be no correlation as to what mix of hardware and software would allow one to experience the game the way it was meant to be played. Hello Games immediately released an “experimental,” untested patch for Steam users, but that left out people that had not purchased the game through Steam. Things could not look any more bleak for Hello Studios. Then Steam began offering refunds for the game, no matter how long the user had played or owned the game, due to the technical issues.

That leads us to the purpose of this article. Why did Hello Games not consider risk management before launching this game on PC?

A common concept in the security industry, risk management allows an organization to achieve their objective in the safest manner possible by understanding and evaluating risk factors and then putting the proper steps in place to mitigate those risks. Risk is the possibility of loss unrealized.

The risk, in the case of Hello Games, was a soft risk, but a risk nonetheless. The possibility (or occurrence) was high, as well as the consequences. The consequences, as we see now, were terrible for their sales and financial goals. People are upset about the game not functioning properly on PC, the lack of a patch to fix the issues developed in a timely manner, and are returning the game in high numbers. Gamers have also taken to Reddit and other forums to relieve their frustrations. Entire subreddits are now dedicated to this fiasco and are strongly aligned against the studio.

The factor that could have been determined and controlled by Hello Games was possibility. Development could have been delayed on the PC edition (or both editions for a simultaneous launch) until the game was more fully developed and tested. Admittedly, the PC platform is incredibly hard to develop for since there are hundreds of thousands of hardware and software configurations to consider, compared to console development where a developer or studio knows exactly the hardware and software for which they are developing. All of those different configurations increase the possibility of an incompatibility risk, but this is something Hello Games could have mitigated during their development cycles.

Had Hello Games paid more attention to the affect a bad launch would have had on their brand (unrealized loss), they probably would have taken control of the risk possibility for incompatibility and would have released a more highly developed game. This would have mitigated their risk, but it seems that Hello Games was more concerned with meeting a launch date with a simultaneous launch on PlayStation and PC.

Risk mitigation should be considered by every organization and even game studios, because everyone has risk. Hello Games should have considered it when deciding on when to launch their game to the general public. It could have mitigated a lot of the issues they are experiencing today (at the time of this writing). Even with all of the advancements in game play and technology, the launch of No Man’s Sky will now forever be remembered as a failure on PC, where the gaming community often remembers faults and forgives slowly.