Windows – How to protect the data from certain apps in Windows 7

uacuser-accountsuser-profileswindows 7windows-registry

UAC helps protect the system from getting trashed by non-privileged apps. But how can I protect my data from getting trashed or misused by apps?

Example 1: An app silently modifies the tags in all my music files.

Example 2: An app reads my email client's contact list and sends it off somewhere.

Example 3: An app modifies my personal settings for Windows in the registry (e.g. disables the auto insert notification feature for optical drives).

The three examples above have all happened to me at various times. They can happen because any app running as "me" can do what it wants with any data created by "me". Essentially, my data is exposed to everything.

Surely, after so many versions since NT, Windows has a native means by which to control what apps can and can't access – whether that be folders on disk or keys in the registry.

I can't find anything built into Windows 7 that accomplishes what I'm after. Any ideas? Am I overlooking something?

Best Answer

  • Windows 8.1 has a feature which lets you create a user account that is used by a specific app, but Windows 7 does not have a convenient way of doing this for individual apps.

    You can create separate accounts with different filesystem and Registry permissions, then launch the app under the appropriate account by using the runas feature.

    Another alternative would be to use a program like Sandboxie which lets you install and run software in its own virtual sandbox, preventing access to the rest of your system.