Slashdot Mirror
Windows 10 Enterprise Getting 'InPrivate Desktop' Sandboxed Execution Feature (bleepingcomputer.com)
An anonymous reader quotes a report from Bleeping Computer: A recent Windows 10 Insider Feedback Hub quest revealed that Microsoft is developing a new throwaway sandboxed desktop feature called "InPrivate Desktop." This feature will allow administrators to run untrusted executables in a secure sandbox without fear that it can make any changes to the operating system or system's files. This quest is no longer available in the Feedback Hub, but according to it's description, this feature is being targeted at Windows 10 Enterprise and requires at least 4 GB of RAM, 5 GB of free disk space, 2 CPU cores, and CPU virtualization enabled in the BIOS. It does not indicate if Hyper-V needs to be installed or not, but as the app requires admin privileges to install some features, it could be that Hyper-V will be enabled. "InPrivate Desktop (Preview) provides admins a way to launch a throwaway sandbox for secure, one-time execution of untrusted software," the Feedback Hub questions explains. "This is basically an in-box, speedy VM that is recycled when you close the app!"
I'm a BSD/Linux head from way way back. No way would I run it for clients at a company over about 20 people. I do IT operations for a 90,000 user international 120 year old French company, I might know what I'm talking about.
-- I have a private email server in my basement.
Linux is a kernel. A.distribution is an operating system. Debian is certainly consistent across the versions, and so is SLED or RHEL. Linux is also consistent with itself in this regard, sometimes painfully so.
it's an administrator's job to know how to install and maintain software. Once a company decides to use a particular OS, it will be consistent across the company. Simple as that. The end user has to know only how to click on things and how to type in things, and that hasn't changed for a generation.
All the problems that you describe are certainly not corporate problems. They are problems of a distro-hopper who is not inclined to learn the concepts behind the technology.
or maybe just you are
Agreed. There is a hyper focus on more mobile for the customer experience but think of the power you could unleash turning that UX focus towards line of business enterprise applications. Stop building browser based applications and start building cross platform mobile apps.
I object to power without constructive purpose. --Spock
OK, serious question - how exactly are you managing the ever-shifting versions and their environments from XP-specific apps to ever-migrating methods of app data exchange?
I'm serious - bad as Linux is, at least you have some modicum of control over your destiny vs just blindly following MS, n'est pas?
But it has it up the wazoo.
Rowhammer, Spectre, Meltdown and all of their variants didn't just disappear. In fact they will likely get replaced by new versions of themselves in new operating systems. Each one of those can be used by malevolent software to break out of a sandbox.
Also the Windows API is vast and was not meant to have security in mind. For example usually every application can fill out forms in every other application. That way you can inject code. The timer message, which everyone can send, includes a "callback" field, which contains an address your software will very likely ignore all the security warnings around it and just call that address. If you put the address of the data of the input field you have just overwritten in, you get clean and simple code execution by seemingly harmless features.
But random idiots CAN'T figure out how to use a website, that's why a lot of people think the only thing on the web is Facebook, Twitter and Instagram.
-=This sig has nothing to do with my comment. Move along now=-
wait .. isnt that the only thing on the web?
Bromium is way new to the game.
Protip: The smart nerds have a Write-locked PE USB made that deploys a RAMFS and essentially ignores anything else inside the computer excepting network card.
Had an XP one for about 18 years now. Probably about time I made one for 7.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Virtualization isn't a complete security solution, but it certainly helps. Just like RAID isn't a complete backup solution, but it helps protect against one class of problem.
> This feature will allow administrators to run untrusted executables in a secure sandbox without fear [...]
Windows administrators don't fear anything. That's why they are Windows administrators!
Part of the reluctance to move to Linux is the lack of good developer tools.
Someone probably spewed coffee when they read that, but it's true. On Windows you can grab Visual Studio and build a GUI in WPF with a backend database incredibly easily. In C# there is a library for everything, but of course even if they work under Mono they won't have been tested properly. Need cloud? A couple of clicks and you are running on Azure.
Sure, Linux is great if you want to write C++ or Python and don't mind manually managing your Qt GUI and manually connecting your database to it. From a business perspective this makes no sense. They have to hire more expensive developers to do the same job more slowly.
It's easy to laugh at a deranged baboon screaming "developers developers developers" on stage, but the Microsoft development ecosystem is actually pretty good and not just because of Windows' popularity.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
That is the sort of zealotry and ignorant rhetoric that turns people away from the open source community, you do no one any favours with your blinkered approach to the world.
There are plenty of good tools. What there is a lack of is people who can or want to use them.
People don't seem to have trouble using Visual Studio. If they have trouble using the tools on Linux, then they're not as usable by definition. QED, coward. Not a Windows fan here, BTW. I use Win7 because I want to play games, but if I want to do serious things, I boot Linux.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
I use VS Code from Microsoft. I love it. It's light weight enough to be useful without a lot of work and powerful enough to get my job done. I used it when I had a windows 10 notebook, I used it on my ubuntu Dell notebook, and I use it now in my new role with my macbook pro.
This is exactly what every good administrator, and most good power users, have been doing for years now with VirtualBox or something similar. And with significantly less resources required on the computer to do it, I might add.
Typical Microsoft. Take something everyone already does. Add the ability to do it in Windows automatically, but require more resources than it already takes. Drive the sales of new hardware, computer manufacturers are happy, Microsoft is happy. If adoption isn't high enough, then they start interfering with the old ways users were already doing it.
And they wonder why they are constantly accused of not innovating.
If so, then they can hardly be called "private."
Cool, but I'm not renting my OS
I was running SUSE desktops for 40+ users mostly browser-based internal app and a custom C++ app, imaging via dd and PXE boot/tftp in 2003. It was possible, and we migrated from Windows XP over 2 months, working. All the usual OOO and stuff working , SMB shares from the preexisting Windows Server while we moved SMTP to a RHEL box
But constant complaints from management that they, they, didn't have the apps they wanted, like Office. And Outlook. Those we reverted back to XP, no big deal, except for the dev having to compile the C++ app more than twice, I dunno, ask HIM, he was a prima donna.
Mind you, the company annoyed their single, sole customer to the point of rejection, and I did not get my last paycheck cashed, but that was before systemd so no doubt it was another Linux desktop failure. /s
It can and is being done, but it requires almost as much learning as Windows does for enterprise deployment. Running everything on your Linux desktop in jail is a start, properly managing user rights, and SSH for administration, collapsing into very limited images, and deciding in advance on your shared resources and not changing them too often sure helps, but we are still in the position where no one loses their job buying IBM hardware and Microsoft software in enterprise situations.
Sure makes more sense than trying to use Apple in the enterprise for anything except creative roles.
deleting the extra space after periods so i can stay relevant, yeah.
Linux at the server level is a no-brainer. Even if you're running massive databases, nothing in the Microsoft orbit can claim to be so superior to open source , no, they can't. I live with a Cassandra system, and it is not the db engine that is the problem. They would have the same problems with MariaDB, MongoDB, Oracle, SQL Server, or DB2. We left Hadoop a while ago.
But the desktop user is different, and comparisons are pointless. Server side apps are different. That space is a real catfight between Microsoft and open source, and Microsoft is facing competition from the big cloud gang, though they are cloud-ing everything they can to keep up.
Claiming users can learn a different desktop, so Linux wins, kinda ignores the transtions from WIndows 3.x to NT to 2000 to 95/XP to Vista/7/8 to now Windows 10. Users *have* learned new desktops. If you leave the exit buttons on the right-hand side of window you solve 90% of that pain... The rest is manageable. Not much harder than dealing with KDE/Gnome/XFCE, and certainly simpler than moving to MacOS.
deleting the extra space after periods so i can stay relevant, yeah.
I disagree.
Linux has it's place, but as an end user desktop in a production environment it's severely lacking. Software support for it is immature at best for the vast majority of products, and arcane at worst.
When it comes to web servers, I'll take linux in nearly every application of it, but when it comes to a corporate internal network? You're using windows.
July 13 2000 was the first release of build 2250 of XP (over 18 years, now.) Official RTM was April 2001.
Try again when you actually worked in the industry at that time.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
"He doesn't have enough education to build anything himself."
YEA!!!! Now we're getting into libel.
Keep it up, your own hatred for me is about to consume you and trap you just how I want it to.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
You see, you arrogant little prick, there's a difference between something being good, and being what people want.
In this case, there is no difference. Nor is there any difference between you and a cowardly wanker.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Slow roll out. Active Directory. LanDesk Manager. Heterogeneous environment (same OS, same versions of clientware, same models of client hardware. Running IT/IS under ITIL methods. If you don't do enterprise IT then you might not be aware of all the tools out there to help.
-- I have a private email server in my basement.
Exactly. Doesn't matter which platform you use, enterprise is non-trivial when done correctly. One nice thing about the Microsoft environment is you can mostly buy your way out of any jam via M$ or consultants. Also everything works with Microsoft. I have 34TB of archived mail on Symantec Enterprise Vault. It mostly supports Domino, until you want to extract. Then it's to the cmd line and half the time it locks up the indexer. The "Sure we support Domino" often turns out to be "we have a ten year old script people say they've got working."
-- I have a private email server in my basement.
If the problem is, as the OP asserted, the availability and usability of the tools required, that's a problem which can be solved.
Can be solved != will be solved or has been solved, so your comment is irrelevant.
If the problem is that people flat out refuse to use anything and everything, no matter what, that isn't Windows or VS because it isn't Windows and it isn't VS or Outlook or whatever,
If that were the problem, you'd have a point. It isn't. Visual Studio is not only broadly considered to be the best IDE for developing Windows software, but one of the best native IDEs period — usually, the best.
IME the latter problem is the most common by far.
Your opinion is irrelevant when compared to the opinions of many, more more people than you, who say otherwise.
Not that I expect you to be able to admit to being wrong, ever.
That's because you're unfamiliar with my posting history. I have done many times. But I bet you're too cowardly to find that out using google.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"