Remember meForgot password?
    Log in with Twitter

article imageWindows 10 to keep you safe online with new browser sandbox

By James Walker     Sep 27, 2016 in Technology
Microsoft has announced a significant security enhancement coming to Windows 10 as part of the Redstone 2 software update next year. The company has further expanded Windows Defender to help you stay safe online, isolating the browser from your PC.
Called Windows Defender Application Guard for Microsoft Edge, the new feature was introduced at Microsoft's Ignite conference yesterday. The system uses Windows 10's built-in virtual machine security to sandbox the web browser, protecting your data if a site is compromised.
When enabled, Application Guard will place Edge into its own virtual machine. This leaves the browser isolated from the rest of the system. It runs in a clean, sandboxed environment. Malicious code executed in the virtual machine cannot affect your PC's filesystem. If a threat is detected, the virtual machine can be locked down without impacting the rest of Windows.
Edge already places its processes into secure sandboxes. This is an industry standard safeguarding technique adopted by all the major browser vendors. It ensures malicious code on websites can only alter the operation of the browser, restricting access to the operating system and user data.
Application Guard raises the level of this security. Edge runs almost entirely in a virtual machine, accompanied by a few critical Windows components required to run the browser. Because the whole browser is virtualised, the barrier between it and the rest of the system is much stronger. Edge can't get details of other processes on the PC, access local storage, retrieve passwords from Windows' credential vault or run installed applications. Most importantly of all, the operating system's kernel is completely sealed off.
"Application Guard’s enforcement includes completely blocking access to memory, local storage, other installed applications, corporate network endpoints, or any other resources of interest to the attacker," said Microsoft. "This separate copy of Windows has no access to any credentials, including domain credentials, that may be stored in the permanent credential store."
Application Guard is a credible way to sandbox a web browser. However, there are several flaws at present. Perhaps most significantly, Application Guard is only compatible with Microsoft Edge. While Microsoft currently has no plans to expand it to third-party browsers, it theoretically could create an API enabling Google, Mozilla, Opera and others to create their own sandboxed instances based on the technology.
Application Guard is also unable to handle persistent browser sessions. Because all virtual machines are destroyed when Edge shuts down, cookie data sent by websites is deleted after each session. This means you'll need to login to any secured servers every time you start the browser.
In part due to this, Microsoft will only be offering Application Guard to Windows 10 Enterprise customers. In its current implementation, the system is too limited to be of benefit to many consumers. Instead, Microsoft is focusing firmly on its core business audience, helping to secure corporate data and lower the risk of attack. It hasn't ruled out a future release on consumer devices though, recognising the underlying concept does make sense on these machines.
"Our mission at Microsoft is to empower every person and every organization on the planet to achieve more," said Microsoft. "With Windows Defender Application Guard, enterprise users can take advantage of the vast power of Internet sites and services while still protecting corporate and personal data. This capability makes Microsoft Edge the most secure browser for the Enterprise."
Application Guard will launch to Windows Insiders at some point later this year. It will be released publicly to Enterprise customers as part of 2017's Redstone 2 Windows 10 release, expected to arrive early in the new year. Microsoft announced this week there are now over 400 million Windows 10 devices in use, a substantial pool that Application Guard could benefit if expanded to be more consumer-friendly.
More about Microsoft, Windows, windows 10, microsoft edge, Browsers
Latest News
Top News