Microsoft Tests a Secured Edge Browser For Business (techradar.com)

← Back to Stories (view on slashdot.org)

Microsoft Tests a Secured Edge Browser For Business (techradar.com)

Posted by msmash on Friday May 5, 2017 @06:00AM from the sandbox-ftw dept.

An anonymous reader writes: Microsoft is in the testing stage of a new feature in its Edge browser for Windows 10 that is malware-proof as it partitions the browser window from the rest of the computer. This will be a welcome addition for users who are worried about the legitimacy of sites they want to visit. The new feature, catchily dubbed Windows Defender Application Guard, is part of the recently launched Windows Insider Previews. In order to access it you'll need to be a member of Microsoft's business service Enterprise, and have your settings calibrated so you're in the testing group called Fast Ring. Application Guard works by creating a virtual PC that is entirely separate from all storage, other apps, and the Windows 10 Kernel, meaning that the browser should be completely impervious to malware.

66 comments

Min score:

Reason:

Sort:

Is it only me that reads this as by Pope+Raymond+Lama · 2017-05-05 06:05 · Score: 4, Insightful

"Microsoft attests Edge browser is insecure by nature" as it does try to develop a separate "secure one"?

--
-><- no .sig is good sig.
1. Re:Is it only me that reads this as by DaveM753 · 2017-05-05 06:21 · Score: 1
  
  That's the way I read it, too.
2. Re: Is it only me that reads this as by bobmajdakjr · 2017-05-05 06:30 · Score: 1
  
  yep. microsoft will apparently never succeed at unified products. ex w8 unified, w10 unified, and now apparently the browser they never even finished.
3. Re:Is it only me that reads this as by Anonymous Coward · 2017-05-05 06:41 · Score: 0
  
  Because, I suppose in your mind, Chrome, Safari, and Firefox wouldn't benefit from the exact same isolation?
  That's just dumb.
4. Re:Is it only me that reads this as by jbmartin6 · 2017-05-05 07:13 · Score: 1
  
  Is that what any developer is attesting when they introduce a security improvement? The "secured" term is added by the submitter, TFA says "malware proof" which is just as bad but in a different way.
  
  --
  This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
5. Re:Is it only me that reads this as by Anonymous Coward · 2017-05-05 15:11 · Score: 0
  
  Einstein, 2 of the 3 already offer some form of it...
6. Re:Is it only me that reads this as by arglebargle_xiv · 2017-05-05 16:16 · Score: 1
  
  "Microsoft develops secure Edge browser that tries to lock out third-party malware and spyware". Makes sense, they've always hated competition.
7. Re:Is it only me that reads this as by greenfruitsalad · 2017-05-06 05:53 · Score: 1
  
  i read it as: "only enterprise customers can browse porn safely"
Edge-tanic by Anonymous Coward · 2017-05-05 06:06 · Score: 1

And we dub it Edge-tanic. Meanwhile, the rest of us wonder why only businesses get a malware proof browser.
1. Re:Edge-tanic by Mr+D+from+63 · 2017-05-05 07:23 · Score: 1
  
  Isn't this essentially just running an instance of Windows 10 S?
2. Re:Edge-tanic by Anonymous Coward · 2017-05-05 07:48 · Score: 0
  
  It's not malware proof itself, it's just not likely to get your computer infected.
3. Re:Edge-tanic by Anonymous Coward · 2017-05-05 16:43 · Score: 0
  
  Beyond the rather pointless quibbling that if the browser is on the computer, then by definition the computer is infected, there's little reason to believe that whatever "magic" MS decides to try to isolate Edge there will be a jailbreak because MS sucks at security. So does basically everyone (as Pwn2Own consistently proves, along with the number of current consoles that get hacked). At best, this will slow down or delay things. My guess is it won't do either as there's almost certainly a very long list of kernel exploits known to blackhats and the new new new (whatever depth this is) sandbox will just be a trivial matter, just like all IE, Chrome, etc.
  Seriously, I congratulate MS for at least trying. But the spin that this is malware proof is BS. Not sure how much MS per se is saying that, but they are toting it rather heavily, focusing in part on their "industry leading virtualization technology" and how "potential threats are not only isolated from the network and system, but will be completely removed when the container is closed". Too bad we saw VM (admittedly a different one) break out in Pwn2Own. Honestly, I don't trust that most VMs are serious about security. The notion has been mostly that VMs are new and software wouldn't intentionally attack them. Now that that's changed, I can only imagine we'll see the swiss cheese all these VM solutions really are at isolation.
4. Re:Edge-tanic by Anonymous Coward · 2017-05-05 19:33 · Score: 0
  
  Many people worry more for the spyware Microsoft builds into its software and actually prefer to get their malware from a honest criminal instead of MS.
yeah, no by slashdice · 2017-05-05 06:08 · Score: 5, Funny

That's like telling your wife you wore a condom every time you visited a whore house in Haiti.

--
Copyright (c) 1990 - 2014 Dice. All rights reserved. Use of this comment is subject to certain Terms and Conditions.
1. Re:yeah, no by Anonymous Coward · 2017-05-05 06:17 · Score: 2, Funny
  
  What do you suggest?
  Not visiting Haiti?
2. Re:yeah, no by dreamchaser · 2017-05-05 06:27 · Score: 2
  
  No, just bring your mistress instead of hiring prostitutes!
3. Re:yeah, no by Archangel+Michael · 2017-05-05 06:35 · Score: 2
  
  'That time I hired a call girl to do my taxes while I fucked my accountant' - McAfee
  
  --
  Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
4. Re:yeah, no by slashdice · 2017-05-05 07:52 · Score: 1
  
  1st RULE: You do not talk to your wife about FUCK CLUB.
  2nd RULE: You DO NOT talk to your wife about FUCK CLUB.
  3rd RULE: If someone says "stop" or goes limp, taps out the fuck is over.
  4th RULE: Only two guys to a fuck.
  5th RULE: One fuck at a time.
  6th RULE: No shirts, no shoes.
  7th RULE: Fucks will go on as long as they have to.
  8th RULE: If this is your first fuck at FUCK CLUB, you HAVE to fuck.
  
  --
  Copyright (c) 1990 - 2014 Dice. All rights reserved. Use of this comment is subject to certain Terms and Conditions.
So in other words... by MightyMartian · 2017-05-05 06:09 · Score: 2, Interesting

It's a copy of Edge running in a virtual machine. How else would it be "separate from the kernel"?

--
The world's burning. Moped Jesus spotted on I50. Details at 11.
1. Re:So in other words... by freeze128 · 2017-05-05 06:13 · Score: 4, Insightful
  
  You know what else is "separate from the kernel"? Every other web browser.
2. Re:So in other words... by the_skywise · 2017-05-05 06:33 · Score: 3, Insightful
  
  Well if you (and I know this is slashdot) RTFA...
  "Application Guard works by creating a virtual PC that is entirely separate from all storage, other apps, and the Windows 10 Kernel, meaning that the browser should be completely impervious to malware."
  Except.. .you still need to be able to download files and I presume those would be in shared spaces outside the VM and install web apps/plug-ins which have to be saved outside the VM too. (Presuming you destroy/recreate the VM if it gets corrupted as you'd still want to keep the apps, cookie settings, bookmarks, passwords etc between nuke and paves so they have to be stored outside the sandbox.) That's still the exact same security risk as browsers have now... they're just moving the access points.
3. Re: So in other words... by bobmajdakjr · 2017-05-05 06:34 · Score: 1
  
  lol nice. ahca wont cover that sick burn since op's bad thought was a pre existing condition.
4. Re:So in other words... by omnichad · 2017-05-05 06:40 · Score: 1
  
  Yup. Infecting the VM is just as bad, unless you want to sacrifice having any permanence of anything (settings included) in the browser.
5. Re:So in other words... by FatdogHaiku · 2017-05-05 07:01 · Score: 2
  
  I like the way Qubes OS is handling it.
  https://www.qubes-os.org/video-tours/
  It's almost like MS watched some of the videos...
  
  --
  You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
6. Re:So in other words... by Gabest · 2017-05-05 07:13 · Score: 0
  
  Virtual Machine is for pussies. Just use a separate Psychical Machine, if security is so important.
7. Re:So in other words... by ColdWetDog · 2017-05-05 07:27 · Score: 1
  
  Look, but don't touch.
  Sounds like you will only be able to work in the cloud.
  Microsoft has just invented the Chromebook!
  
  --
  Faster! Faster! Faster would be better!
8. Re:So in other words... by ColdWetDog · 2017-05-05 07:29 · Score: 5, Funny
  
  Psychical machine?
  A PC that is bat-shit crazy? One that can divine future events and talk to dead people?
  Your ideas intrigue me and I would like to subscribe to your newsletter.
  
  --
  Faster! Faster! Faster would be better!
9. Re: So in other words... by Known+Nutter · 2017-05-05 08:00 · Score: 0
  
  You mean Trumpcare, right? I didn't go through seven years of Obamacare to have Trumpcare forced into obscurity by "ahca" -- Trumpcare.
  
  --
  Beware of the Leopard.
Riiight... by ausekilis · 2017-05-05 06:13 · Score: 2

Because nobody has escaped a VM before. It may be difficult, but to say "impossible" is only challenging the hackers of the world.
1. Re:Riiight... by Luthair · 2017-05-05 07:59 · Score: 2
  
  At pwn2own someone(s) actually managed to break out of Edge and vmware - https://arstechnica.com/securi...
Browser in a VM... yes by Anonymous Coward · 2017-05-05 06:14 · Score: 0

This has been a security precaution that people have taken for a while, running their browser in a virtual machine, so if malvertising or some other browser based attack comes along, the VM gets scrozzled and easily rolled back to a snapshot, with the bad stuff kept well away from anything useful.
I am glad MS is doing this.
Still trying to force feed browsers... by evolutionary · 2017-05-05 06:16 · Score: 3, Insightful

MS never learns. they are still trying to force feed their browser and are probably going to get slapped by the EU commission and possibly a few others fro anti-trust violatios. Windows 10 S was a real interesting POS. "Get Windows 10 Professional to get default browser change ability". WTF. Time for Linux, unless you are a gamer I guess.

--
"Imagination is more important than knowledge" - Einstein
1. Re:Still trying to force feed browsers... by nuckfuts · 2017-05-05 06:21 · Score: 1
  
  Force feed? I wish I had a dime for every time I've had to opt out of installing Chrome.
2. Re:Still trying to force feed browsers... by Anonymous Coward · 2017-05-05 06:59 · Score: 0
  
  Google's attempts only double the pain. MS's attempts are still valid even if others do it too.
  What you've said is basically:
  "You dodge punches from MS? Well I dodge punches from lots of vendors too! Therefore MS is innocent".
3. Re:Still trying to force feed browsers... by ArchieBunker · 2017-05-05 07:58 · Score: 1, Insightful
  
  I'm not able to remove Safari from my iPhone. How is this different?
  
  --
  Only the State obtains its revenue by coercion. - Murray Rothbard
4. Re:Still trying to force feed browsers... by evolutionary · 2017-05-05 10:13 · Score: 1
  
  It's not Math: 2 wrongs don't make a right here. ;-)
  
  --
  "Imagination is more important than knowledge" - Einstein
5. Re:Still trying to force feed browsers... by Desler · 2017-05-05 11:17 · Score: 1
  
  iOS doesn't have the vast majority of marketshare in mobile?
6. Re:Still trying to force feed browsers... by Anonymous Coward · 2017-05-05 13:21 · Score: 0
  
  iOS doesn't have the vast majority of marketshare in mobile?
  Because Apple is Apple only. All the others are designed to run on many different devices.
7. Re:Still trying to force feed browsers... by Anonymous Coward · 2017-05-05 20:39 · Score: 0
  
  In 2018. See court case "Hipsters of California vs. Apple".
8. Re:Still trying to force feed browsers... by thegarbz · 2017-05-05 22:10 · Score: 1
  
  MS never learns. they are still trying to force feed their browser and are probably going to get slapped by the EU commission and possibly a few others fro anti-trust violatios. Windows 10 S was a real interesting POS. "Get Windows 10 Professional to get default browser change ability".
  Why? How can you violate anti-trust on a product with 0% market share?
9. Re:Still trying to force feed browsers... by Desler · 2017-05-06 03:59 · Score: 1
  
  Cool story. Doesn't change the fact that Apple has no monopoly on mobile phone OSes.
"Challenge Accepted" by kdekorte · 2017-05-05 06:21 · Score: 3, Insightful

Hackers around the world are now saying "Challenge Accepted...". With all the corporate VPNs that work via the browser, I'm sure this is going to cause some compatibility issues somewhere.
1. Re:"Challenge Accepted" by fustakrakich · 2017-05-05 06:32 · Score: 1
  
  "malware-proof"... What better challenge is there?
  
  --
  “He’s not deformed, he’s just drunk!”
New business model by WaffleMonster · 2017-05-05 06:21 · Score: 1

If you don't want to get owned like a poor end user by our insecure malware pay us more money and we'll give you a version that's secure.
Personally I think it's going to take more than adding another layer of indirection. https://en.wikipedia.org/wiki/...
Firefox is on a better track using language imposed constraints (e.g. Rust) to improve security.
Microsoft and Secure... by Anonymous Coward · 2017-05-05 06:23 · Score: 0

Are two words never to be used in any sentence unless "not" is between them.
1. Re:Microsoft and Secure... by thegreatbob · 2017-05-05 06:27 · Score: 2
  
  What about putting the 'not' immediately to the left of Microsoft? Or finishing a sentence with a 'not!' ?
  
  --
  There is no XUL, only WebExtensions...
People who write stuff like this... by Anonymous Coward · 2017-05-05 06:38 · Score: 0

should be given very long prison sentences.
Partitioning by Anonymous Coward · 2017-05-05 06:42 · Score: 0

If one wants to avoid malware, it is indeed a good idea to keep it away from the windows 10 kernel.
Malware Proof by KlomDark · 2017-05-05 06:52 · Score: 1

Sounds like "Fool Proof", which I always wondered if it truly meant something was: 1) unassailable by fools, or 2) legal proof that there are, in fact, fools.
1. Re:Malware Proof by timelorde · 2017-05-05 07:02 · Score: 1
  
  Reminds me of something I once heard:
  
  http://www.imdb.com/title/tt0562875/quotes
Businesses don't need to download files by rsilvergun · 2017-05-05 07:02 · Score: 1

in a lot of cases, which is probably why they're targeting business.

--
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
"for Business"? by jbmartin6 · 2017-05-05 07:10 · Score: 1

The summary adds the words "for business" to the article, apparently without justification. Yes, the preview is part of the Enterprise offerings at this point, but there's no reason not to assume the final version will be available to everyone.

--
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
MS Browsers are already very safe by Anonymous Coward · 2017-05-05 07:23 · Score: 0

In the same way that flying on broomsticks is safe. Most people don't try it, but it doesn't end well for those who do.
Strange market by joeflies · 2017-05-05 07:23 · Score: 1

Maybe the feature is "for users who are worried about the legitimacy of sites they want to visit" AND CLICK ANYWAYS?
Or maybe the summary is wrong, and it's really a feature for the security team, and not the user.
The problem with browsers and comanies... by acoustix · 2017-05-05 07:52 · Score: 2

is that there are too many software packages in use by organizations that require legacy support that won't work within many new browsers. My company has software that requires IE9 with outdated plugins that haven't been developed since 2003. It's the only software that the company makes avaivable to interface with their engines. And the same employees have requirements for newer versions of IE, Firefox or Chrome. Then there are the Java apps that won't run in Firefox or Chrome anymore even with the latest Java release installed.
It's a fricken nightmare anymore.

--
"A plan fiendishly clever in its intricacies"- Homer Simpson
1. Re:The problem with browsers and comanies... by zifn4b · 2017-05-05 09:35 · Score: 1
  
  is that there are too many software packages in use by organizations that require legacy support that won't work within many new browsers. My company has software that requires IE9 with outdated plugins that haven't been developed since 2003
  That rhetoric used to be true but not anymore. I hate to tell you, your company is the minority and it's becoming more of a minority every day. Several problems with your argument are IE9 runs on which version of Windows again? Oh the one that Microsoft doesn't support anymore. Sources:
  http://www.directionsonmicroso...
  https://support.microsoft.com/...
  I guess you hope you're on Windows 7 and have the extended support. For the rest of us, we're not in the dark ages anymore. It's 2017 for crying out loud. Quirksmode vs. HTML 5, you do the math. How do you deliver a mobile experience with Quirksmode? *cough*
  
  --
  We'll make great pets
2. Re:The problem with browsers and comanies... by Anonymous Coward · 2017-05-06 14:52 · Score: 0
  
  Every time I complained about company online training, they told me to make sure I was using Adobe Reader and IE6 until recently. Neither of which were going on my computer. They finally went to IE8 when IE9 came out.
  I'm not with them any more.
Now, if only they supported this in Windows Server by MobyDisk · 2017-05-05 08:04 · Score: 1

Windows Server and Windows IOT don't support Edge. Those releases only support Internet Explorer. So it is awesome that they are adding security, but can they please add it to all OS editions? It's silly that servers and small devices are still vulnerable.
Impervious to malware?? Nope by Anonymous Coward · 2017-05-05 08:52 · Score: 0

This just means that the browser is isolated so that if it has a flaw the malware can't access other things (unless it can manage to get out of the VM, which isn't completely unknown).
Admittedly, it's useful for some people, but not revolutionary.
This is similar to Citrix or Microsoft's existing RemoteApp technology.
Or I could roll my own with vmware with some effort.
Nothing is secure if everyone is inside the fence by Impy+the+Impiuos+Imp · 2017-05-05 08:55 · Score: 1

Microsoft is in the testing stage of a new feature in its Edge browser for Windows 10 that is malware-proof as it partitions the browser window from the rest of the computer.
Whew! So nobody can see my info except Microsoft, Microsoft's computers back at the ranch, their official keystroke reporter, screen snapshotter reporter, and anybody who pays for Microsoft advertising, including government agencies.
Finally some security.

--
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
In other words by Anonymous Coward · 2017-05-05 09:16 · Score: 0

Us as consumers get the un-secured version?
Great idea by senatorpjt · 2017-05-05 09:51 · Score: 1

This will work well, as long as you never access sensitive information through the web browser. Because nobody ever does that.
Seriously? by Anonymous Coward · 2017-05-05 14:19 · Score: 0

You assholes couldn't have done that before releasing it on the public? wtf?
AND by Anonymous Coward · 2017-05-05 16:13 · Score: 0

Microsoft Tests a Secured Edge Browser For Business... ...and nobody cares.
Secure Operating System First ? by Anonymous Coward · 2017-05-05 17:51 · Score: 0

Perhaps they might want to provide a secure business orientated operating system BEFORE they think about the browser ?
I work in a financial services environment, we don't trust Win10 because we cannot lock it down in the way that we can lock down Win7, not even enterprise edition allows us to provide the secure environment demanded by our clients and compliance auditors. And before you say Win10 is more secure, it's not about protection from viruses and trojans - trust me when I say we already have an environment protected from those, it's about security from data loss and staff meddling, Win 10 allows people to play around too much and its far too leaky in terms of data being transmitted back to MS.
That leaves me with a headache but it's one that I don't have to solve until 2019 so perhaps MS will release a secure business OS which can be fully locked down to guarantee no data leakage and allow businesses like mine to fully control the environment in the next couple of years.