Microsoft asks Windows 10 Enterprise customers to test new anti-exploit tech
Credit to Author: Gregg Keizer| Date: Thu, 04 May 2017 12:58:00 -0700
Microsoft today asked enterprise customers to test a new anti-malware, anti-exploit technology in Windows 10’s baked-in browser.
Windows 10’s latest preview, tagged as build 16188 and released Thursday, includes Windows Defender Application Guard, a virtualization-based feature that isolates the contents of a tab in Edge, the OS’s default browser, from the rest of the system.
While Application Guard was announced in September, and went through limited testing in the months since, today marked its first appearance to all Insiders running Windows 10 Enterprise. Users must manually toggle on Application Guard from a setting dialog, then open a tab within Edge by selecting “New Application Guard Window” from the browser’s menu.
Application Guard is available only in the U.S. English version of build 16188 for Windows 10 Enterprise, and requires a PC that supports Hyper-V, Microsoft’s virtualization technology.
Like sandboxing — another anti-exploit approach browsers rely on — the virtualization of an Edge tab blocks viewed content and downloaded files from harming the system. Malware that gets into the virtualized “container” cannot access the user’s identity credentials, will find no data when it starts sniffing and cannot connect with other systems on the network. Think of it as a malware dead-end.
When the user is done browsing — closes the tab, shuts down the browser, logs out of the PC — the isolated tab is thrown away. Any malware that managed to get into the container is tossed, too.
Company administrators will be able to define “white lists” of sites — typically those that are, in Windows-speak, “trusted” by the network — which when opened, will appear in traditional tabs. If the user steers to a site that is not on the approved list, then Edge will open it in an Application Guard container.
Microsoft has pegged Application Guard to debut in Windows 10’s next feature upgrade, slated to ship in September. Yolando Pereira, a technical program manager on the Windows device security team, said the technology was to appear “in the upcoming release of Windows.” And during a presentation at the RSA security conference in January, Chas Jeffries, a principal program manager, also said Application Guard was set for the 1709 upgrade, currently codenamed “Redstone 3.”
Microsoft has said nothing about whether it will extend Application Guard to other editions of Windows 10 — Windows 10 Pro, for example, includes the necessary Hyper-V — expand it to applications other than Edge, or allow rival browser makers to isolate tabs using the technology.