Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows 10 Will Soon Run Edge In a Virtual Machine To Keep You Safe (arstechnica.com)

Posted by BeauHD on from the safety-first dept.

An anonymous reader quotes a report from Ars Technica: Microsoft has announced that the next major update to Windows 10 will run its Edge browser in a lightweight virtual machine. Running the update in a virtual machine will make exploiting the browser and attacking the operating system or compromising user data more challenging. Called Windows Defender Application Guard for Microsoft Edge, the new capability builds on the virtual machine-based security that was first introduced last summer in Windows 10. Windows 10's Virtualization Based Security (VBS) uses small virtual machines and the Hyper-V hypervisor to isolate certain critical data and processes from the rest of the system. The most important of these is Credential Guard, which stores network credentials and password hashes in an isolated virtual machine. This isolation prevents the popular MimiKatz tool from harvesting those password hashes. In turn, it also prevents a hacker from breaking into one machine and then using stolen credentials to spread to other machines on the same network. Credential Guard's virtual machine is very small and lightweight, running only a relatively simple process to manage credentials. Application Guard will go much further by running large parts of the Edge browser within a virtual machine. This virtual machine won't, however, need a full operating system running inside it -- just a minimal set of Windows features required to run the browser. Because Application Guard is running in a virtual machine it will have a much higher barrier between it and the host platform. It can't see other processes, it can't access local storage, it can't access any other installed applications, and, critically, it can't attack the kernel of the host system. In its first iteration, Application Guard will only be available for Edge. Microsoft won't provide an API or let other applications use it. As with other VBS features, Application Guard will also only be available to users of Windows 10 Enterprise, with administrative control through group policies. Administrators will be able to mark some sites as trusted, and those sites won't use the virtual machine. Admins also be able to control whether untrusted sites can use the clipboard or print.

5 of 172 comments (clear)

  1. The white flag is up for OS-level security by jaa101 · · Score: 1, Interesting

    So this is basically saying that we can no longer depend on the OS to protect us against privilege escalation attacks. The bad guys will have to concentrate on breaking out of VMs or, at least in this case, attacking through the access that the Edge VM has to system resources.

  2. Re:For limited values of 'you'. by vux984 · · Score: 5, Interesting

    Its rapidly becoming the case that the enterprise edition is the 'new' pro edition.

    Whereas with XP through 8, I just wanted to have pro to be able to run my own IIS, accept incoming RDP, not have to deal with the idiot simplified user permissions etc, with win8 pro came hyperV... etc In each case, Home edition was awful, while Pro was a good OS.

    With 7/8 Enterprise has some extra bitlocker stuff I think? And the VLA license management features that only an enterprise would need.

    But with 10, "pro" is garbage too, and all the features I actually want are now in Enterprise edition. (Turn off telemetry, more control over windows update, Edge in a Virtual Machine...)

    So im coming to the conclusion that us 'power users' that until now always wanted pro should now be looking for the enterprise edition.

    Of course enterprise is currently a lot more expensive than pro, with recurring subscription fees.

    But this is looking to be the carrot and stick approach; (and mostly for businesses -- us power users are just caught in the middle of it.) Home users are being corralled into Windows 10 Home (and Pro at this point is really just Home+) where their updates are managed and theyre expected to be all appy and cloudy and monitored with telemetry.

    While businesses (and people) who need to get shit done, and don't want their windows computers scheduling an update before an important meeting, and don't want to send telemetry to redmond,etc, etc... (i.e. people like me) -- should be using enterprise.

    Us power users should be looking to use enterprise. (Assuming as always that we wish to use windows at all, which in my case at least, while I love my linux -- I am not interested in the huge compromises necessary to make it my primary desktop.

    Ah but Windows 10 Enterprise is nasty for individuals to get a hold of what with Microsoft VLAs and the byzantine and downright hostile Software Assuarance licensing crapola.

    So when I read about something like this...

    Windows 10 Enterprise E3 / 7$ seat / month. And it sounds like its being aimed to be run like office 365... suddenly things start to come into focus...

    http://www.pcworld.com/article...

    " It's worth highlighting, though, that a business of one employee can take advantage of it, however. "

    Interesting right!? (I mean yeah, this is /. so the pitchforks are out in force... and I should switch to linux everything... but think about it rationally...)

    There is going to be the non-recurring windows 10 home edition and the home+ (aka pro), the spyware adware versions. And there is going to be Windows 10 enterprise, the only one businesses and power users will want but at $7/seat/month.

    So If one seat of Enterprise really is per user? and I can put it on my desktop, laptop, and a couple hyperv virtual desktops like i can Microsoft office... all for 84/year... and I can turn off automatic updates and do them when i want, and I can turn off telemetry...

    On the one hand... ugh... rent seeking subscription -- the business model for companies who really can't compellingly improve there product but still want the same revenue they were getting when each release was a must-have. And yeah.. Windows has reached that point I guess. "XP does all I need" people are still all over the place.

    On the other hand... $7/month for an actual good windows user experience with the kind of control I want over it, with continual support in the form of antivirus and security updates...ok... I'm listening.

  3. A VM is not security - idiots by dbIII · · Score: 4, Interesting

    There used to a disclaimer every time an older VM program ran, I think it was "bochs", which told the user that a VM is not security.
    It only gives you the illusion of it.
    In reality the VM software has to get it's hooks so deep into the hosts networking and other sensitive bits that you can never be sure that software running on the client can't get up to nasty tricks on the host.

    If you want security design for security instead of taking the lazy way out of using something completely different done by someone else and pretend that partial separation for totally different reasons is equivalent to security.


    It's just like expecting to enter a Ford Bronco is a horse race. The name makes it sound like it belongs but it's not the same thing and was never intended to be.

  4. A Good start by Anonymous Coward · · Score: 4, Interesting

    A good start. But I run the Windows virtual machine inside a virtual machine, because Windows 10 can not be trusted. I don't store any personal information on it, and use it just for games.

    Windows runs BETTER virtualized, because it has simpler hardware, that Microsoft programmers can understand.

    No running for driver CD's, or having Windows brick my machine.

    I can roll back updates just by copying a file.

    The way Windows should be run.

  5. Re: Micro$slop requires virtualization? Really? by mlts · · Score: 3, Interesting

    Virtualization != sandboxing. You can sandbox on Windows with SandboxIE, where all writes from the sandboxed app are redirected elsewhere. Doing this doesn't require a separate OS or filesystem, so it doesn't add that context shifting as overhead.

    You can also run your Web browser in a VM. You get better separation, but at a price, although with hypervisors becoming the norm and not the exception, running VMs may not have as onerous a penalty as they used to.

    I like a combination of the two. I like browser windows and tabs separated from each other, like what Chrome/Chromium does, but the browser should run in its own VM so if something does get out of the browser, it is in a completely separate user and machine context. Without the VM isolation, even if malware just has context of a user, that can allow files to be uploaded and ransomware to do its dirty work.

    Jails are another solution, but it can be argued that it might be best to completely isolate filesystems, especially if some software decides to do stuff like mkdir foo; cd foo loops, or just create tons of files in order to use up all inodes. Done on a VM, worst case, it means one dumps the VM and rolls back. Done on a desktop, it can mean work stoppage.