Microsoft preps defence against the dark arts for enterprise customers

Application Guard aims to defeat malware served up from web sites

Microsoft is developing a technology for Windows 10 designed to combat the threat of malware served up from web pages penetrating corporate defences and slurping sensitive data.

Known as Windows Defender Application Guard, the feature is set to become a part of Windows 10 Enterprise edition next year, and uses virtualisation to isolate untrusted web pages in a sandbox from where any malicious code cannot escape onto the corporate network.

Detailing the new capability on its Edge Developer Blog, Microsoft claimed that over 90 per cent of modern attacks use a hyperlink to initiate an attack in order to steal credentials, install malware, or exploit vulnerabilities.

Many of these get inside the corporate defence perimeter through social engineering, whereby an attacker creates a carefully crafted email to a known employee, fooling them into clicking a link to read an important document.

To combat this threat vector, Application Guard integrates with the Edge browser in Windows 10 and Microsoft’s Hyper-V virtualisation technology to isolate dodgy web pages.

Essentially, when an employee browses to a website that is not recognised or whitelisted by the system administrator as a trusted site, Application Guard steps in and shunts the session into an isolated sandbox, as explained by Microsoft on its blog:

Application Guard creates a new instance of Windows at the hardware layer, with an entirely separate copy of the kernel and the minimum Windows Platform Services required to run Microsoft Edge. The underlying hardware enforces that this separate copy of Windows has no access to the user’s normal operating environment.

From this sandbox, Application Guard blocks access to memory, local storage and other applications on the same system, as well as the rest of the corporate network, so any malware will be unable to access any sensitive resources.

However, Microsoft claims that users will not be inconvenienced if the non-trusted website turns out to be perfectly innocuous. They will be able to browse as normal, copy and paste content to other apps via the Windows clipboard, and print content from a sandboxed website.

Microsoft said that Windows Defender Application Guard will be rolled out to testers on its Windows Insider early access programme in the coming months, with general availability as part of Windows 10 Enterprise slated for next year. ®

Other stories you might like

Biting the hand that feeds IT © 1998–2022