Tuesday, 27 September 2016

Microsoft's new trick for Edge gives the browser a major security boost

Microsoft's new trick for Edge gives the browser a major security boost

Microsoft is planning to make its Edge browser much more secure for businesses with the next major update to Windows 10 (hopefully due to land early next year), which will introduce virtualisation tech to help keep workers safe from any malicious sites.

This new feature is called Windows Defender Application Guard, and it basically means the Edge browser is running in a lightweight virtual machine to prevent any nastiness from reaching the host PC.

So any website which isn't on an organisation's trusted list will automatically launch in an isolated browsing session (which will be clearly marked with a red icon so users know when they are in a secure session). IT admins can of course decide which sites are trusted and will launch in Edge normally.

This protected session, or virtual machine, effectively puts up a barrier between the website being browsed and the host PC, so any malicious content won't be able to access local apps or storage, or attack the kernel of the system. It should keep users safe from not only viruses, but also vulnerabilities and the likes of zero-day exploits.

In the spiel for the YouTube video detailing the new feature, Microsoft announced: "The threat landscape has changed significantly. 90% of phishing attacks use a browser to open and initiate an attack.

"Microsoft Edge with Windows Defender Application Guard mode enabled on the Edge browser will protect enterprises from advanced attacks that can infiltrate your network and devices via the Internet, creating a safer, worry-free browsing experience for customers."

Hardware support

Note that the virtualisation technology used does need to be supported by your processor, so older PCs may not be able to benefit from Application Guard – which is all tied into Microsoft's push to only support Windows 10 with future generations of CPUs.

It's certainly an exciting development on the security front for browsers, and consumers may well wonder when they might benefit from such protection. At the moment, that isn't clear, but there are issues which stand in the way such as the aforementioned hardware requirements, and also things like cookies (which can't be permanently stored when using these virtual browsing sessions).

We can but hope for a wider expansion of this sort of protection in the future, but initially Windows Defender Application Guard will only be available to those running the enterprise version of Windows 10.

Edge should get these new capabilities in preview soon, so Windows Insiders will be able to test out the system before long, and as we mentioned Application Guard should be fully released at some point early in 2017.

Microsoft also announced some other new security measures at its Ignite conference, including intelligence sharing between Windows Defender Advanced Threat Protection and Office 365 Advanced Threat Protection, aiming to bolster the strength of both of these services which keep watch for freshly emerging threats.

Via: Ars Technica

http://ift.tt/2cHss7h

No comments:

Post a Comment