Windows 10 Will Soon Run Edge In a Virtual Machine To Keep You Safe

An anonymous reader quotes a report from Ars Technica: Microsoft has announced that the next major update to Windows 10 will run its Edge browser in a lightweight virtual machine. Running the update in a virtual machine will make exploiting the browser and attacking the operating system or compromising user data more challenging. Called Windows Defender Application Guard for Microsoft Edge, the new capability builds on the virtual machine-based security that was first introduced last summer in Windows 10. Windows 10's Virtualization Based Security (VBS) uses small virtual machines and the Hyper-V hypervisor to isolate certain critical data and processes from the rest of the system. The most important of these is Credential Guard, which stores network credentials and password hashes in an isolated virtual machine. This isolation prevents the popular MimiKatz tool from harvesting those password hashes. In turn, it also prevents a hacker from breaking into one machine and then using stolen credentials to spread to other machines on the same network. Credential Guard's virtual machine is very small and lightweight, running only a relatively simple process to manage credentials. Application Guard will go much further by running large parts of the Edge browser within a virtual machine. This virtual machine won't, however, need a full operating system running inside it -- just a minimal set of Windows features required to run the browser. Because Application Guard is running in a virtual machine it will have a much higher barrier between it and the host platform. It can't see other processes, it can't access local storage, it can't access any other installed applications, and, critically, it can't attack the kernel of the host system. In its first iteration, Application Guard will only be available for Edge. Microsoft won't provide an API or let other applications use it. As with other VBS features, Application Guard will also only be available to users of Windows 10 Enterprise, with administrative control through group policies. Administrators will be able to mark some sites as trusted, and those sites won't use the virtual machine. Admins also be able to control whether untrusted sites can use the clipboard or print.

For limited values of 'you'.

[fuzzyfuzzyfungus]

Hooray! A security feature exclusive to Windows 10 Enterprise customers. That will substantially cut down on the actual difference this makes.

Re:For limited values of 'you'.

[ArtemaOne]

I can't get to Ars at work, so this is for Enterprise edition and not Pro? Makes it really something I don't care about, agreed.

Re:For limited values of 'you'.

[vux984]

Its rapidly becoming the case that the enterprise edition is the 'new' pro edition.

Whereas with XP through 8, I just wanted to have pro to be able to run my own IIS, accept incoming RDP, not have to deal with the idiot simplified user permissions etc, with win8 pro came hyperV... etc In each case, Home edition was awful, while Pro was a good OS.

With 7/8 Enterprise has some extra bitlocker stuff I think? And the VLA license management features that only an enterprise would need.

But with 10, "pro" is garbage too, and all the features I actually want are now in Enterprise edition. (Turn off telemetry, more control over windows update, Edge in a Virtual Machine...)

So im coming to the conclusion that us 'power users' that until now always wanted pro should now be looking for the enterprise edition.

Of course enterprise is currently a lot more expensive than pro, with recurring subscription fees.

But this is looking to be the carrot and stick approach; (and mostly for businesses -- us power users are just caught in the middle of it.) Home users are being corralled into Windows 10 Home (and Pro at this point is really just Home+) where their updates are managed and theyre expected to be all appy and cloudy and monitored with telemetry.

While businesses (and people) who need to get shit done, and don't want their windows computers scheduling an update before an important meeting, and don't want to send telemetry to redmond,etc, etc... (i.e. people like me) -- should be using enterprise.

Us power users should be looking to use enterprise. (Assuming as always that we wish to use windows at all, which in my case at least, while I love my linux -- I am not interested in the huge compromises necessary to make it my primary desktop.

Ah but Windows 10 Enterprise is nasty for individuals to get a hold of what with Microsoft VLAs and the byzantine and downright hostile Software Assuarance licensing crapola.

So when I read about something like this...

Windows 10 Enterprise E3 / 7$ seat / month. And it sounds like its being aimed to be run like office 365... suddenly things start to come into focus...

http://www.pcworld.com/article...

" It's worth highlighting, though, that a business of one employee can take advantage of it, however. "

Interesting right!? (I mean yeah, this is /. so the pitchforks are out in force... and I should switch to linux everything... but think about it rationally...)

There is going to be the non-recurring windows 10 home edition and the home+ (aka pro), the spyware adware versions. And there is going to be Windows 10 enterprise, the only one businesses and power users will want but at $7/seat/month.

So If one seat of Enterprise really is per user? and I can put it on my desktop, laptop, and a couple hyperv virtual desktops like i can Microsoft office... all for 84/year... and I can turn off automatic updates and do them when i want, and I can turn off telemetry...

On the one hand... ugh... rent seeking subscription -- the business model for companies who really can't compellingly improve there product but still want the same revenue they were getting when each release was a must-have. And yeah.. Windows has reached that point I guess. "XP does all I need" people are still all over the place.

On the other hand... $7/month for an actual good windows user experience with the kind of control I want over it, with continual support in the form of antivirus and security updates...ok... I'm listening.

Re:For limited values of 'you'.

[ArtemaOne]

I could live with $7 a month if I can suspend it for deployments and such. I don't want to pay $42 while I'm overseas and not touching it as cheap as that sounds. I'll look into it, thank you. Maybe they have a military/student discount.

Re:For limited values of 'you'.

I take this more to mean that there may be negative compatibility and usability implications, so they are letting enterprises have the feature first. There an IT pro can decide exactly what policies work for their organization and how much user pain it is acceptable to inflict. Once they figure out how to make it transparent to users it will likely be released more broadly.

*disclaimer* I work for Microsoft on Windows. But not on this feature. This post is my own opinion, not an official position.

Re:For limited values of 'you'.

[vux984]

No you think rationally. What are the huge compromises you speak of?

My accounting software is quickbooks. I also use Microsoft Office (mostly Excel and Word). Quickbooks integrates with Excel. None of that is on linux.

At work I do several things that are Windows or Windows / OSX only. (Filemaker Pro, Quickbooks, Navision, various industry tools, Visual Studio, etc) So its nice to be able to work from home sometimes with locally installed software instead of remoting to the RDP server. And we have hyperV at work, so its nice to be able to migrate/clone VMs back and forth to my home office in some cases.

Just admit up front you want to play games.

For sure. Games is a big deal as well. My HTPC is windows for the games.

And who is running IIS anymore?

Its perfectly fine for hosting b2b middleware like WCF services etc. I have no issues with it. I mean, I've got a debian box next to me with Apache and owncloud and so forth too... its not like I'm windows-only or anything. My laptop is OSX.

I pity people who can't make a living in IT without touching MS.

Its just tools in a toolbox. Use the right tool for the job. Linux is great, but its not the right tool for a lot of jobs.

Re:For limited values of 'you'.

[cerberusss]

Hooray! A security feature exclusive to Windows 10 Enterprise customers. That will substantially cut down on the actual difference this makes.

Actually that could influence a lot of Slashdot readers. There's plenty of slashdotters working for the man, because that's where a lot of interesting jobs are. Unfortunately, Microsoft not giving an API for sandboxing will probably mean that these slashdotters will have to use Edge, because lots of Windows sysadmins will outlaw other browsers besides Edge :-(

Re:For limited values of 'you'.

[fuzzyfuzzyfungus]

Yup, not Pro. It seems increasingly to be the case that "Pro" just means "Home; but can join the domain"; while all the actually pro features are Enterprise only.

Re:For limited values of 'you'.

[vux984]

You're not a 'power user' if you're looking for ways to buy yourself out of abuse.

The only 'abuse' I'm buying my way out of is the telemetry. And I agree that

The ability to manage my own updates is definitely something non-experts are terrible at, and need to have managed for them. I'm glad clueless idiots can't run around with unpatched systems anymore, not because they have any reason to avoid a patch... they just hit cancel every day straight for the last 3 years because they wanted to check facebook. And then completely disabled UAC because some antique label printing software needed them to run as administrator but rather than just 'run as administrator' they disabled UAC entirely...

Those people need their OS to just slap them forward.

And features like hyperV, RDP, and the reset of the stuff that pro/enterprise versions feature are all stuff the regular consumer doesn't know about, never mind actively uses.

You're Microsoft's bitch. Better have daddy's money on time. And get ready to get slapped around anyway, because that's how daddy keeps his bitches in line.

Cute, but the metaphor breaks down because while the consumer OS whether pro or home continually makes you feel like you are fighting for control -- paying enterprise customers get treated like... well...actual customers. The enterprise OS actually does what they want.

Re:For limited values of 'you'.

[Billly+Gates]

I am not a fanboy of WIndows 10 by a long shot but WIndows 10 pro does:
1. Have the ability to control Windows Updates including defer feature updates ala Debian style.
2. GPO support
3. Pro has the same Hyper-v and RDP options. If you go under settings go to developer mode to turn them on by default
4. IIS support
5. The ability to pick when updates are applied

Windows 7/8 have spyware too unless you want to be insecure. Chrome and your phone already do this anyway.

The only thing the enterprise edition has is to turn off spyware and appstore. For home use I see no reason to rent. I am not happy with 10, but besides the history tracking I see it no different than 8.

Re:For limited values of 'you'.

[Billly+Gates]

What are they?

Besides Telemetry I can not find any difference and this is repeated over and over like it is truth. What can the enterprise do that makes it worth renting my own computer over the pro?

Re:For limited values of 'you'.

[vux984]

I don't disagree with you. The trouble is that I'm finding pro is steadily becoming more 'managed by microsoft' than 'managed by me', and increasingly it's becoming an 'ad delivery platform'; given Microsofts positioning of Windows 10 as the 'last version of windows' and continually supported and updated for free... I read that as with Windows 10 "You're going to be the product now. Not the customer".

So while I get the 'features' like hyperV and GPO etc... I don't get enough control over stuff like the updates, telemetry, store, and each update i find new nonsense to turn off .. "like suggested apps" and lock screen advertising. And I know the enterprise version is generally exempt from this crud by default.

With the enterprise edition the relationship is still: "You are the customer."

Re:For limited values of 'you'.

[drinkypoo]

the consumer OS whether pro or home continually makes you feel like you are fighting for control -- paying enterprise customers get treated like... well...actual customers. The enterprise OS actually does what they want.

Pray that the deal is not altered any further.

Re:For limited values of 'you'.

[Billly+Gates]

Alright I want examples. If I am going to consult I can save customers money by using the pro version.

It seems slashdot as the last 5 years is turning into Stalins saying of repeat a lie enough and it will be truth. I see no reason why the enterprise version has more features.

From what I read here from slashdotters the pro version has no GPO support whatsoever, all commercials that take up full screen ads, all updates forced with no settings, etc. I have news? I own 10 pro! I see nothing of the sorts other than tinfoil hats getting +5s.

Yes the appstore puts on tiles that say try X and it yes I do not like the keystroke logger for telemetry. That bothers me! I have the ads off in settings in the pro and I defer updates for all but security by default and have a time set for when to install by default under 10 pro.

The only GPO out of 100 is a setting for a lock screen and disabling the telemetry. Big freaking deal.

I am open if I am wrong. I just hate the advice here that everyone needs to rent their own computers

Re:For limited values of 'you'.

[Billly+Gates]

Sure there are. %appdata%/lowrights is where apps like IE and Chrome are sandboxed with restricted privileges for threads

Re:For limited values of 'you'.

[vux984]

If I am going to consult I can save customers money by using the pro version.

I never said it would save money, per se. Although it might. Depending on how the per user enterprise licensing actually works out when it comes to VMs, desktops, laptops etc.

From what I read here from slashdotters the pro version has no GPO support whatsoever, all commercials that take up full screen ads, all updates forced with no settings, etc. I have news? I own 10 pro! I see nothing of the sorts other than tinfoil hats getting +5s.

I own it too, several copies (6+ at least in my household). I never said it didn't support GPOs or anything. And you are right, so far other than telemetry and some issues with updates, all the nonsense can be turned off. But I'm tired of rebooting my PC after a big update having to find some new crap that needs to be turned off on all my computers.

Out-of-the box my start menu was full of crud, it wanted me to sign up for a microsoft account, and cortanta wanted to shove msn celebrity news gossip down my throat, and suggest app store apps... when I was searching for files on my local computer. Ok, no problem, I turned all that crap off and every single personalization/advertising/privacy sucking setting I could find -- all 2 pages worth on the settings off, off, off, off, off.... and I installed spybot anti-telemetry to deal with the one item MS wasn't giving me the proper option for. I am mostly fine with automatic updates, so those weren't a deal breaker for me. And then I was happy with the desktop... a nice incremental upgrade over 7 with some cool features like hyperV and desktop workspaces etc.

Then a month later, another update, I come downstairs to find my lock screen is a full screen ad for some nonsense. So now I turn that off on all my computers. Then a month later, another update, and I click the windows logo and "Get Facebook - featured app!" has been added to my start menu. So now I have turn that off this new "Suggest featured apps to me on my startmenu" setting on all my computers.

The anniversary update likewise botched a few things -- reset Edge back to the default, and put the app store icon back on my taskbar. (Although the edge thing sounds like a bug... or at least that's their story...)

My complaint isn't that i can't turn this adware stuff off, because I can (so far). My complaint is that its being pushed on me turned on in the first place. And my understanding has been that enterprise customers are getting treated better and that these adware updates aren't being defaulted on for them. So they don't have to waste their time fixing this crap that NOBODY wants. And longer term there seems to be a pattern emerging, and coupled with the 'Windows 10 is the last version' and 'all future upgrades will be free....' I think it's reasonable to be suspicious that the consumer platform is steadily heading towards 'ad supported', so I'm looking at the enterprise platform where I'm still the customer. Maybe its not time to cut over from pro to enterprise just yet... but 2, 3, 4, 5 years from now? It seems pretty plausible to me.

A box inside a box...

[jxander]

Well, I already keep Win10 sequestered inside a VM, so now I'll be running a VM inside a VM?

How's that meme go? "Yo dawg ... "

Re:A box inside a box...

[freeze128]

This reminds me of a scene from Aliens:

Ripley: "These people are soldiers, Newt. They're here to protect you."

Newt: "It won't make any difference."

Re:A box inside a box...

[Billly+Gates]

Hyper-V in Windows 10 anniversary and server 2016 supported nested virtualization so yes it will work.

Can we use a VM for all programs?

[currently_awake]

It sure would be nice if our OS ran every single program and app in its own private VM, with individually tailored permissions.

Re:Can we use a VM for all programs?

[somenickname]

You could do this on linux if you wanted. Using a tool like firejail, you can run all your software in lightweight sandboxes (linux namespaces). It comes with custom profiles for 100+ desktop/server applications and it's easy to write more. I wouldn't recommend converting all of /usr/bin to run under firejail as this would certainly cause issues but, I run all my desktop applications with it and it's worked well.

Re:Can we use a VM for all programs?

[BlueStrat]

It sure would be nice if our OS ran every single program and app in its own private VM, with individually tailored permissions.

You could do this on linux if you wanted. Using a tool like firejail, you can run all your software in lightweight sandboxes (linux namespaces). It comes with custom profiles for 100+ desktop/server applications and it's easy to write more. I wouldn't recommend converting all of /usr/bin to run under firejail as this would certainly cause issues but, I run all my desktop applications with it and it's worked well.

I believe FreeBSD/PC-BSD have a robust jail system as well. FreeBSD also has 'bhyve' and 'iohyve' which together can now support recent Windows versions that require UEFI support emulation.

Howto here: http://pr1ntf.xyz/windowsunder...

Haven't attempted it myself so I have no personal experiences or information on Windows versions and compatibility other than the blog article linked above, but it looks fascinating.

Strat

Re:Can we use a VM for all programs?

[b783719]

I've been looking around for this. thanks!

Re:Can we use a VM for all programs?

[rahvin112]

The only permission choices you will get is whether they share all of your data with everyone that pays or just 99% of it.

Re:Can we use a VM for all programs?

[daboochmeister]

Isn't that what Qubes is all about? https://www.qubes-os.org/tour/...

Re:Can we use a VM for all programs?

[stub667]

Its happening now, although people are focused on containers rather than VMs (since you need really high density).

Snappy from Canonical (http://snapcraft.io) is a packaging format that does this today, supporting several Linux flavours and the embedded space.

VBS

So, what was once Visual Basic Script is now Virtualization Based Security? I guess we're running out of alphabet letters.

Re:VBS

[Opportunist]

No, I think it's apt. VBS was bloated, slow, a security concern and essentially useless once you outgrew it, which happened about the second day you used it.

And as it was, so it shall be.

Re:Micro$slop requires virtualization? Really?

[fustakrakich]

All applications should be sandboxed. The kernel should be sandboxed.

Safe ?

[stooo]

>> Windows 10 Will Soon Run Edge In a Virtual Machine To Keep You Safe

Correction : Windows 10 Will Soon Run Edge In a Virtual Machine as a desperate attempt to try to Keep You Safe

Re:Safe ?

[Opportunist]

Actually: Windows 10 Will Soon Run Edge In a Virtual Machine as a desperate attempt to try to Keep You Safe from all the other threats to your privacy.

Remember: It's hard to sell data everyone already has.

Re:Safe ?

[Rob+Y.]

More like Windows 10 will Soon Run Edge in a Virtual Machine partly to keep you safe and mostly to have an advantage to hype over Chrome and Firefox, which already keep you pretty safe, but y'know, you can never have too much security.

Why there's no provision to allow other apps to run this way is hard to fathom in any other context.

Re:Micro$slop requires virtualization? Really?

And if they can't program the app properly, what makes anyone think their hypervisor is going to be any better?

OS / Browser

[hunter44102]

remember the days Microsoft said they cannot separate the browser. now they are forced to from a security standpoint

Re: Micro$slop requires virtualization? Really?

[Jesus+H+Rolle]

Sand boxing is great and fun and wonderful. Virtualization just seems overkill, like taking your AR-15 into the morgue to make sure everyone's dead.

Re:How about not running it at all?

[MightyMartian]

That's my feeling. I see no reason to use it at this point, and we've already got Chrome and Firefox installed on all company workstations. We long ago abandoned MS's web browser solutions.

"Hashes"

[xxxJonBoyxxx]

I don't think the author of the article understands what a password hash is if they think that passwords can be decrypted from them.

This is a good thing

[Gumbercules!!]

I know this is Slashdot and it's essentially illegal to say "good" and "Microsoft" in the same sentence but, "good". I don't plan on using Edge any time soon but I still applaud any security based efforts made by mainstream OS vendors, that can help improve things. I know this won't stop idiots downloading "movie.torrent.exe" and running it but at least it will significantly cut down on drive by downloads of malware through hacked ad servers and out of date Flash. That's got to be a good thing.

The white flag is up for OS-level security

[jaa101]

So this is basically saying that we can no longer depend on the OS to protect us against privilege escalation attacks. The bad guys will have to concentrate on breaking out of VMs or, at least in this case, attacking through the access that the Edge VM has to system resources.

Re:The white flag is up for OS-level security

[rsmith-mac]

So this is basically saying that we can no longer depend on the OS to protect us against privilege escalation attacks. The bad guys will have to concentrate on breaking out of VMs or, at least in this case, attacking through the access that the Edge VM has to system resources.

No modern OS is immune to privilege escalation attacks. Even a formally verified OS would probably still be susceptible to them due to unexpected interactions. Never mind hardware based attacks such as race conditions and rowhammer. If someone is dedicated enough, and has enough resources, sooner or later they'd find a chink in the armor.

Instead you try to do the best you can, and then you layer on defense in depth on top of that. If someone is going to break in, then you can at least slow them down and force them to fight another kind of complexity.

Enterprise Edition Only But...

As a previous poster mentioned, the Virtualization Based Security (VBS) feature is in Enterprise edition only. If you look up the directions on implementing VBS and Credential Guard, it is much too complex for places without a dedicated sysadmin (and Windows Server 2016 + TPM). Although the feature is technically impressive, it would be nicer if it could be simplified for regular users.

Okay, but...

[Chas]

If you blow out the sandbox it's running in, you still lose all your browser data, and are now stuck without a browser unless you reload the OS or have already downloaded alternate browsers, which DON'T run sandboxed.

Good fuckin' going!

Re:Good idea.

[caspper69]

Judging from the EFI reference implementation source, I'd wager a hondo it's FreeBSD without pthreads, but that's just a wild guess.

Better security

[Esteanil]

I've got a more secure solution.
I'll only let Edge run on other people's computers.

Re:Better security

these days, it's windows 10 that ought to be sand boxed, and given no direct internet access, install some other browser and let it know about the way out proxy

excellent!

[Cederic]

Does this mean they'll finally fix network access for hyper-v hosted VMs when the host system is connected via wifi?

Just that right now it's a fucking shitfest.

Or maybe they're creating a whole new hypervisor for Edge, that will actually work.

Re:excellent!

[Billly+Gates]

It works fine on my surface pro 3. Maybe it is your hardware.

You did create an external switch called Internet right? Hyper-V is a type 1 hypervisor that runs underneath the OS so it needs a switch created first before it can share it with the host OS that runs on top of it

Re:excellent!

[Cederic]

https://blogs.msdn.microsoft.c... is a useful resource, that includes "Unfortunately, this approach does not always work."

No, no it doesn't.

I lost patience with the NAT approach. I'm not a Windows admin, a network specialist or a virtualisation expert so I decided to defer the day or two of learning and experimentation for when I have energy and time.

Or Microsoft could fix the shitty hypervisor. Seriously, when it's easier to download software from Oracle you know there's something broken.

Re:excellent!

[Billly+Gates]

First off Hyper-V is a type 1 hypervisor. It runs underneath the OS as the host OS (in contrast to Vbox and VMware Workstation) is really another guest that runs on top of hyper-V.

Basically the hostOS is the parent with more control of the children guests. it is like this as the hypervisor runs at ring -1 underneath the kernal at the cpu.

I disagree as last weekend I cursed at VMware Workstation for being shitty in i/o and vowed never to run a type 2 hypervisor again. You need to create a switch as the parent guest (orginal host) needs to connect to the internet and have it shared with the other children or guests.

I am not saying I am a fan as I have not run KMS/Qemu or VMWare Sphere yet but Hyper-V is soo much better on my workstation with less bugs in my experience than with both workstation and virtualbox products. Just create a switch that is external and add that to yoru Vms and you should be good. It is not a bug but a feature as it is underneath everything and needs to share with your host or parent OS to your nic. It seems weird at first but makes sense from an architecture standpoint.

If this is automated running Edge as a container makes sense as Hyper-V supports shielded guests. As I type this I am already running under Hyper-V as I have this enabled on my 10 PC. I ran benchmarks.No difference in performance really besides 2 - 3 FPS in games. A container similiar to Docker makes sense and I hope Chrome follows!

 

Re:excellent!

[Cederic]

Just create a switch that is external and add that to yoru Vms and you should be good.

I should, but I'm not. Welcome to Hyper-V.

A VM is not security - idiots

[dbIII]

There used to a disclaimer every time an older VM program ran, I think it was "bochs", which told the user that a VM is not security.
It only gives you the illusion of it.
In reality the VM software has to get it's hooks so deep into the hosts networking and other sensitive bits that you can never be sure that software running on the client can't get up to nasty tricks on the host.

If you want security design for security instead of taking the lazy way out of using something completely different done by someone else and pretend that partial separation for totally different reasons is equivalent to security.


It's just like expecting to enter a Ford Bronco is a horse race. The name makes it sound like it belongs but it's not the same thing and was never intended to be.

Re:A VM is not security - idiots

[Raenex]

Security is a spectrum, not a binary situation, and layered solutions provide benefits. So yes, a virtual machine providers security benefits, especially because virtual machines are used for security and violations that break that security are bugs.

Re:A VM is not security - idiots

[Billly+Gates]

Actually if it is hardened it can certainly help.

Windows 10 anniversary and server 2016 have safeguarded and hardened VM support in Hyper-V it calls shielded. I./O is limited accept through a layer and network hardening means it won't accept rogue IP addresses as routers which is a classic hacker scheme.

It is easy to spoof an IP address and advertise as a router to poison DNS as an example.

This would certainly help against this kind of attack.

Re:A VM is not security - idiots

[dbIII]

So yes, a virtual machine providers security benefits

Not really, and effectively zero if it exploits a bug in the VM. The point is these things have been designed without security in mind, they have been designed for a completely different purpose, so they can't ve described as "hardened" - not even the pathetic security catchup game being played with Hyper-V.

Re:A VM is not security - idiots

[dbIII]

Actually if it is hardened it can certainly help

The point is these things have been designed without security in mind, they have been designed for a completely different purpose, so they can't be described as "hardened", not even the catchup game years after design with your example.

Re:A VM is not security - idiots

[Raenex]

So you can guarantee being able to break out of the VM? I mean, you actually, personally, know that you could do this, and by what method, and could demonstrate it if called upon?

I'd say the author does - eg. Linkedin 2012 hack

[dbIII]

I don't think the author of the article understands what a password hash is if they think that passwords can be decrypted from them.

They can and are. "Salting" the passwords with extra complexity makes it a lot harder (to the point of impractical to crack if done right) and is the usual practice now to avoid situations like this when it was not done right:
https://techcrunch.com/2016/05...

What will keep me safe from Windows 10?

[QuietLagoon]

I mean, really, what will keep me safe from the egregious data harvesting of Windows 10? If I do not trust the operating system, then I do not trust anything the operating system does.

Re:What will keep me safe from Windows 10?

[stooo]

This will keep your windows 10 safe from spying : https://pbs.twimg.com/media/Ck...
The "Latex gap" has some drawbacks.

Or you could simply use Linux.

good buy steam / game mods / maps editors then

[Joe_Dragon]

good buy steam / game mods / maps editors then.

Re:good buy steam / game mods / maps editors then

[Dog-Cow]

Lots of people think Steam is a good buy. Your comment is a complete non sequitur, though.

Titles. Jesus!

[RightwingNutjob]

How about "Windows 10 Will Soon Run Edge In a Virtual Machine For Increased Security"? Ya know...something that doesn't sing the praises of the Benevolent Leader?

For real?

[Lisandro]

Thats pretty much throwing the towel and admiting "hey, we just can't get security right".

Re:For real?

No. This is called "defense in depth". It's a real thing, you should look it up. Placing all your eggs into one formidable wall is great, unless and until someone finds a way to breach that wall. And don't kid yourself, our defensive walls are getting breached every day, everywhere. Just look around.

The days of one single approach to security are over. The amount and variety of information breaches by hackers against organizations worldwide, dictate that. You will too, if you get off your complacent ass and wise up.

Re:For real?

[AHuxley]

The ads still have to get out, so does the marketing depending on the privacy settings.
With all the holes and compromise made to let tracking and ads work down to an OS level, expect a few easy ways in and out.

Re:For real?

[stooo]

Defense ? MS is more on the attack side of Security these days with all the rootkits and the data leaks they add everywhere.

Re:For real?

[Billly+Gates]

Edge != IE 6.

IE 8 and above had Chrome style security with sandboxing by default and lowrights mode in c:\users\user\%appdata% since 2009! No you did not misread that.

I still do not use Edge/IE 11 unless I am at work using a corporate site though :-)

But regardless people need to wake up that it is not 2004 anymore. Any browser that executes code needs to be in a VM sadly if you run from untrusted sources. Flash and javascript execute code which makes them insecure. Even with a sandbox and threading per process by each tab helps but it does not eliminate security risks regardless of browser.

A VM container that is hardened makes sense for any app that executes data sadly.

A Good start

A good start. But I run the Windows virtual machine inside a virtual machine, because Windows 10 can not be trusted. I don't store any personal information on it, and use it just for games.

Windows runs BETTER virtualized, because it has simpler hardware, that Microsoft programmers can understand.

No running for driver CD's, or having Windows brick my machine.

I can roll back updates just by copying a file.

The way Windows should be run.

A dictionary is not just for attacks

[dbIII]

No they CAN'T and AREN'T, you can brute force a hash or use rainbow tables to lookup possibilities but you CANNOT decrypt them as they are one way.

Solving with brute force IS a way to decrypt.
A dictionary is not just for attacks, it's also a book for looking up the accepted meanings of words such as decrypt instead of your own pet definition that I'm somehow supposed to know before you attack me for not reading your poorly educated mind.

Re:A dictionary is not just for attacks

[MachineShedFred]

So instead of just admitting that you're wrong, you're going to split hairs?

Fact: You cannot reverse a hash into the password the hash was created from. All you can do is compare the hash to a very long list of known hashes, and call that "decryption", which it isn't. It's a dictionary attack on the hash itself.

Re:A dictionary is not just for attacks

Solving with brute force IS a way to decrypt.

Except that in this case, it's not.

Due to hash collisions, you do not know if the brute force sollution is the original password.

It's the pigeonhole principle.

Re: Micro$slop requires virtualization? Really?

[mlts]

Virtualization != sandboxing. You can sandbox on Windows with SandboxIE, where all writes from the sandboxed app are redirected elsewhere. Doing this doesn't require a separate OS or filesystem, so it doesn't add that context shifting as overhead.

You can also run your Web browser in a VM. You get better separation, but at a price, although with hypervisors becoming the norm and not the exception, running VMs may not have as onerous a penalty as they used to.

I like a combination of the two. I like browser windows and tabs separated from each other, like what Chrome/Chromium does, but the browser should run in its own VM so if something does get out of the browser, it is in a completely separate user and machine context. Without the VM isolation, even if malware just has context of a user, that can allow files to be uploaded and ransomware to do its dirty work.

Jails are another solution, but it can be argued that it might be best to completely isolate filesystems, especially if some software decides to do stuff like mkdir foo; cd foo loops, or just create tons of files in order to use up all inodes. Done on a VM, worst case, it means one dumps the VM and rolls back. Done on a desktop, it can mean work stoppage.

SandboxIE

[JamesTRexx]

Bought it years ago after testing the hacked version on XP, sandboxed every program I installed on the machine, worked great for preventing game spyware installing into the core OS.

Re:It worked for Java

[Ash-Fox]

Running Java apps in a VM is safe right? Nothing bad can happen in a VM.

You forget that Java virtual machines originally gave full access to the system without prompting. Permission schemes were later implemented on top, but weren't introduced as a true scheme in the runtime itself, leading to continious methods of bypass as malicious individuals kept finding APIs that let them do things they shouldn't.

WDAGME? WinDAGME?

[ausekilis]

Who comes up with these acronyms? That guy needs to get fired.

Re: Micro$slop requires virtualization? Really?

[amacide]

so if something does get out of the browser

I cried a little on the inside... and then longed for the static HTML of the 90s... :-(

Re:Micro$slop requires virtualization? Really?

[Opportunist]

This.

That's the, what now, 4th? time that MS is promising that its browser will be sandboxed and virtualized and whatnot. Guess what: They managed to botch it every single time.

Wake me when they actually deliver, their promises are less credible than that of a politician or a religious figurehead.

Re:I'd say the author does - eg. Linkedin 2012 hac

[Opportunist]

OK, you cannot decrypt them per se. Let's agree that you can find a combination of characters that will produce the correct hash and hence be accepted as a valid version of the password.

That's good, I was worried

[Atrox666]

I could mistype something when I'm downloading Chrome and end up in trouble.

Re:Isolated Virtual Machine?

[wbo]

What makes you think they are using a type 2 hypervisor for this? Hyper-V is a type 1 hypervisor and is included as an optional feature in most client versions of Windows starting with Windows 8.

When Hyper-V is enabled, the currently installed instance of Windows is moved into a VM that runs under the hypervisor and becomes a management VM that is automatically started on boot. The management VM does not have access to the RAM assigned to any other VMs. It can potentially ask the hypervisor to suspend or shutdown a VM and possibly tamper with the disks assigned to the VM but only if the ACLs governing access allow it.

I highly suspect the VM hosting Edge will in fact be a Hyper-V VM since most of framework is already there. However this may cause problems with the DRM included in some AAA game titles that currently refuse to run if Hyper-V is enabled.

Good-but Enterprise only

[ErichTheRed]

Basically, all businesses are going to have to subscribe to Windows 10 Enterprise if they want the features they were used to getting from Pro in the past. Microsoft should just merge Home and Pro into one edition and call it Consumer or Ad-and-Telemetry-Supported or something. A lot of places, including my workplace, have been used to getting the features we need from the OEM license of the Pro version of Windows shipped with the PC. This is how Microsoft is going to work around the claim they won't be charging subscriptions, 365-style, for Windows. They aren't, oh, except for enterprise customers.

It is a good business model -- companies will pay for Enterprise if they want any hope of managing their Windows client OS fleet. Adobe is a good example of how this works out - they know they have very little competition in the video editing, photo and publishing space, so they switched to a subscription model years ago. If you can force your customers to keep paying over and over again for the same product, why wouldn't you? Microsoft is going to be the next IBM - the main reason the company hasn't gone under is the recurring mainframe revenue...they get millions and millions of dollars monthly from customers just to retain the right to run a mainframe. IBM has been in the process of eating itself for 15+ years, and they will never completely die because they keep getting this revenue stream - - no matter how many businesses they sell off.

Re:Good-but Enterprise only

[Billly+Gates]

What is wrong with the pro version?

I keep seeing that repeated here but only thing I can find it typing history isn't recorded.

My thinking is home users desperately need something like this if it uses shielded VM's that is in hyper-v in server 2016 and Windows 10 anniversary edition as corporations have Junipers and Cisco devices configured for things like rejected spoofed IP addresses and rogue IP's pretending to be routers to poison DNS etc. Home based routers lack these options.

A network shielded VM can help for sure even if it does not eliminate all holes for bad javascript applets.

Re:Good-but Enterprise only

[ErichTheRed]

"What is wrong with the pro version?"

The main complaint I have is that the Pro version lacks certain key features that Enterprises might like. There's no way to disable some of the telemetry/tracking in the Pro version, you can't run the LTSB in Pro, and it's looking like all the interesting stuff is being locked behind that Enterprise edition/subscription. Pro used to be just fine for most enterprises, but now way more companies are going to have to pay monthly for the license to use an OS that the OEM shipped you with the computer. The only time my employer ever used Windows 7's Enterprise edition was for machines they wanted BitLocker on, or multi-language support.

I agree that something like this should _definitely_ be targeted at home users. They're more likely than corporate users to be browsing sites with dodgy JavaScript, etc. Edge doesn't use applets or plugins, but there are plenty of ways in if you can get an application to execute code on a machine. As we've seen in patch after patch, all it takes is people hammering on code for months on end looking for a hole. I still have no idea where/how they find people to actually do the exploit analysis.

The problem would be trying to explain behavior like this to end users. Any site that relies on the users' ability to upload files, for example, wouldn't work properly in a sandboxed environment.

Re:Good-but Enterprise only

[Billly+Gates]

Thanks for your reply

So basically you can opt out of the defered updates of delaying 3 to 4 months of updates to 10 like in the pro to 10 years. That can be a plus for certain industries like hospitals that need to have a certified FDA approved image.

Anything else? Especially for home users or even medium sized businesses for renting computers. I kind of like the idea of different channels like the pro where you can be 1 version behind with security or go older for just security updates.

Basically like SELinux?

[HalAtWork]

They say it's not a virtual machine, just an environment that only allows a subset of APIs and capabilities required for the browser to work... Sounds like what SELinux policies do

Too bad...

[sudden.zero]

Windows 10 sucks!

Re: Micro$slop requires virtualization? Really?

[KingMotley]

And yet the static HTML of the 90s still has security issues, like the (malformed) GIF exploits of old.

Re:Isolated Virtual Machine?

[Billly+Gates]

I run Hyper-V at home and never seen this problem.

Which games have problem with this?

I run the entire Windows 10 in a VM

[thundercattt]

To keep me safe. #Debian

Re: Micro$slop requires virtualization? Really?

[alexborges]

No.

What is this "virtualizing" the "interface" kerfufelisch nonesense.... no no, my friend. You are severely mistaken. Sand Boxing is NOT "about" virtualizing. Sand boxing is about isolating upper layers from lower layers. This can be achieved by virtualization or through not virtualization. How about that?

Re:I'd say the author does - eg. Linkedin 2012 hac

[dbIII]

Which in English means decryption. WTF is wrong with you people? Being able to accept your own minor failings, especially incredibly trivial little ones, is part of being an adult.

Why so aggressive?

[dbIII]

So you can guarantee being able to break out of the VM

Now where did I say that? What's with the lies over something so trivial?
I wrote what I wrote and not what the strawman in your head is up to.


This is a very old and well understood problem ( http://www.csl.sri.com/users/r... ) and I suggest you learn about the implications instead of frothing at the mouth in denial.
When the VM has been designed without security in mind and with hooks deep into the host at the kernel driver level without separation then an exploit of the VM software can escalate to the host. You don't have to trust me on this - learn about the topic and you'll be able to see that much yourself.

Re:Why so aggressive?

[Raenex]

Now where did I say that? What's with the lies over something so trivial?

I'm not lying. I'm drawing an inference from your statements:

"A VM is not security - idiots"
"effectively zero if it exploits a bug in the VM"

If security was as bad as you make it out to be, then why can't you demonstrate a hole?

Read the paper to see how it should be and despair that the Virtual Machines we are talking about are nothing like how it should be.

Thanks for the link, and I will read the paper. But imperfectly designed security that actually achieves some security in practice is better than not using a VM at all. I'll keep on using VMs as another layer of security.

Re:Why so aggressive?

[dbIII]

I did not guarantee anything as you know - pretty fucking obvious lie.
The paper goes into what you, I and many others wish for but we have been delivered the opposite - an application with enough security to stop the honest tacked on as an afterthought.

Now work on that temper.

Re:Why so aggressive?

[dbIII]

I'm not lying. I'm drawing an inference from your statements

Then look up the word "IF". You know it already? Then you are NOT drawing an inference from my statements.

The virtual machine software we have directly interfaces with real hardware on a lot of levels - for example Virtualbox putting ethernet cards into promiscious mode. An exploit of the VM could very obviously exploit what the VM has full control over.
I really don't get why you are so angry when such things are discussed.

Re:Why so aggressive?

[dbIII]

If security was as bad as you make it out to be, then why can't you demonstrate a hole?

It has been demonstrated as by others - it is such a well known problem that Wikipedia has an article on it:
https://en.wikipedia.org/wiki/Virtual_machine_escape
Symantec have written about it:
https://www.symantec.com/avcenter/reference/Virtual_Machine_Threats.pdf
and there have been items in the news:
http://www.darkreading.com/risk/hacking-tool-lets-a-vm-break-out-and-attack-its-host/d/d-id/1131254?

Jails, zones and some other tools are things with security as a design consideration. The virtual machines we get to work with were designed for other reasons and do not really add anything other than an illusion of security.

Re:Why so aggressive?

[Raenex]

Now work on that temper.

projection

Re:Why so aggressive?

[dbIII]

So says the guy who marked someone a "foe" to the person who did not do the same to to person calling him a liar.
Pretty fucking passively aggressively weak isn't it? you poor little boy - someone challenges your ignorance and you pretend your response is all my fault. The world must be a very hard place for you to live in.

Re:Why so aggressive?

[Raenex]

So says the guy who marked someone a "foe" to the person who did not do the same to to person calling him a liar.

Projection sure is a bitch, isn't it? Turns you into a complete hypocrite and fool. Your handle was familiar, but I only remembered our previous entanglement later on. You marked me a foe (check your list) a long time ago, not the other way around. You called me a liar, not the other way around.

You're the angry one. All because I challenged your position.

Re:Why so aggressive?

[dbIII]

Can you do anything other than whine and get things wrong?
All it took for me to find those examples you pretended could not possibly exist was a google search - but it turns out I didn't even have to do that - there is even a wikipedia article FFS!

Re:Why so aggressive?

[Raenex]

Can you do anything other than whine and get things wrong?

That projection is still going strong. You say this after embarrassing yourself, accusing me of what you actually did, showing yourself the fool and the hypocrite.

All it took for me to find those examples you pretended could not possibly exist was a google search

Yes, I figured it was just a Google search, since you clearly demonstrated you didn't know of an open hole that exists today, despite claiming that a VM is not security. I know there have been VM security bugs in the past. I didn't need you to search that for me.

My point is that they have been fixed because VMs are being used for security. What I said: "virtual machines are used for security and violations that break that security are bugs" (bold added). All you did was confirm what I wrote.

I'm perfectly fine to acknowledge that the security of VMs could be designed better and are not bulletproof. I even thanked you for the PDF link (showing how angry I was, right?).

Re:Why so aggressive?

[dbIII]

You are bitching about all kinds of shit unrelated to the topic.
What does that tell you?

virtual machines are used for security

Idiocy, but not really yours - you have been fooled by marketing and are only spreading what you have been told.
If you had taken a look at wikipedia before using VMs for "security" then you would have known better.

Re:Why so aggressive?

[Raenex]

You are bitching about all kinds of shit unrelated to the topic. What does that tell you?

That you're projecting again, because that's what you are doing. I'm just responding to your bitching, showing what a hypocrite and fool you are.

Idiocy, but not really yours

Yeah, it's yours. I'll use working and practical security even if it has design flaws. When pressed, you cannot demonstrate a working exploit today.

Re:Why so aggressive?

[dbIII]

I can't help noticing that instead of addressing the examples I gave you decided to attack me instead.
Says a lot doesn't it?
I don't need to project do I?


Using a VM adds a new class of vunerability instead of security. If you want something for security use something designed for it instead of a totally different tool. You are suggesting something akin to hammering in a nail with a drinking glass - WRONG TOOL FOR THE JOB.

Re:Why so aggressive?

[Raenex]

I can't help noticing that instead of addressing the examples I gave you decided to attack me instead.

I already responded to your examples. I can't help it if you're daft or willingly ignorant.

Says a lot doesn't it?

Says that you act angry, make a fool and hypocrite out of yourself, and then act like I instigated your nonsense.

Using a VM adds a new class of vunerability instead of security.

It also adds a new layer of security. If somebody exploits a zero-day in an app, they then have to exploit a zero-day in the VM it's running in. It also prevents a huge swath of attacks from malware that abuse typical permissions found in garden variety desktop setups.

If you want something for security use something designed for it instead of a totally different tool. You are suggesting something akin to hammering in a nail with a drinking glass - WRONG TOOL FOR THE JOB.

Uh huh. That's why you can't demonstrate an exploit that is working today. Every security solution has had security bugs, even your "right" tools. I'm willing to bet none of the ones you mentioned (like jails, for example) live up to the ideals given in the PDF you linked. Linux and BSD are both plagued with monolithic kernels.

In the meantime, I'll keep on using VMs for security, and you can keep on gnashing your teeth.

Re:Why so aggressive?

[dbIII]

I already responded to your examples

A good analogy is that you responded to my proof that horses exist with a request for delivery of a very special pony.
Any chance of a real response instead of a pathetic goalpost shift?

Linux and BSD are both plagued with monolithic kernels

As is Microsoft Windows, OS X and nearly everything else. This is getting weird. Do you really know anything at all about the topic or did you just see my name and decide to try to bait me?

Re:Why so aggressive?

[dbIII]

In the meantime, I'll keep on using VMs for security

What does your boss think of such an unusual choice for such a task instead of something actually designed for security? That is of course assuming you are doing more than just running a single Window XP instance on your desktop for legacy software and are actually doing what you suggest you are doing.

Perhaps your superiors could tell you about zones, jails, containers or the many other tools actually designed for the job?

BTW - here are a few more of those things you say never happen:
http://link.springer.com/article/10.1007/s13042-013-0166-4

Re:Why so aggressive?

[Raenex]

A good analogy is that you responded to my proof that horses exist with a request for delivery of a very special pony.

No, that's a really dumb analogy. As I've already told you twice, I never asked for an old bug, as I knew they existed. I asked for a current bug. That this basic point eludes you this far into the thread means you are hopeless dumb or willfully ignorant.

As is Microsoft Windows, OS X and nearly everything else.

And they all suck when it comes to security exploits, because they are monolithic. Try reading the paper you linked and actually understand it.

Anyways, you're a waste of time. You've already embarrassed yourself enough with your hypocrisy and foolishness. No more replies from me.

Re:Why so aggressive?

[dbIII]

You should never have replied with your ignorant shit in the first place.
There are a lot of reasons to use virtual machines, but never security since a single machine with the same environment as the VM has exactly the same flaws apart from those extra ones that come from VM breakout to the host to make a mess of other VMs. Due to that virtual machines are less secure than the alternative of real machines.
At least you've given me something to laugh at.

Read the paper to see how it should be

[dbIII]

Read the paper to see how it should be and despair that the Virtual Machines we are talking about are nothing like how it should be.

Re:I'd say the author does - eg. Linkedin 2012 hac

[Opportunist]

At least someone got the joke.

Microsoft knows their browser coding skills

[allo]

strange, that they do not recommend to use a dedicated pc for edge.