Today, Analysts gave mixed reviews to Microsoft’s latest security model for its Edge browser, labeling it as both a landmark move and an attempt to mask the underlying problems of Windows that the company has refused to address.
“This is one of those ideas where you say, ‘Why didn’t someone do this before?’” stated Patrick Moorhead, principal analyst of Moor Insights & Strategy.
Moorhead discussed about Windows Defender Application Guard, and reveals about a new security feature that will roll out to some enterprise customers next year. Only organizations that subscribe to Windows Enterprise E3 or E5- plans under which businesses pay an annual fee to run the operating system- will be offered Application Guard.
With Application Guard in place, Edge- the default browser for Windows 10- will run in a virtualized Windows environment when it’s intended at websites not on a list pre-approved by the IT staff. That will detach the browser from malware that normally burrows into a device via vulnerabilities, then steals credentials and pillages data.
Because Application Guard creates a disposable instance of Windows — and in a sop to former Vice President Al Gore, a “lock-box” version to boot- it not only prevents malware from reaching the real operating system, real applications, real code and the real device, but when the user is finished browsing and the tab is closed, it simply tosses the copy into an imaginary landfill.
The idea of quarantining the browser- easily the most in danger application on a device due to its duties is not new: Technologies like “sandboxes” have attempted to sequester applications for years.
Application Guard, however, is unusual in that when directed to an unlisted website, the Edge tab generates a virtual copy of a pared-back Windows using the device’s processor, then bricks up every opening between the copy and the real deal. Browser interaction with the rest of the physical device is forbidden, with the exclusion of printing. Moorhead made much of the hardware virtualization, and applauded it as a first for a mainstream browser. “This is a different way to virtualize,” he added, comparing it to the more usual approach of crafting a virtual machine using software, such as VMware’s line. In the virtual space thus created, “Malware can’t access your files, it can’t scrape passwords,” Moorhead stated.
