Microsoft has demoed how Windows 10 can protect firms against attacks that can go undetected in Windows 7.
The firm demonstrated security features exclusive to Windows 10 at its Microsoft Ignite conference in Atlanta today – using the event to reveal a new safeguard that will be added to Windows 10’s Edge browser next year.
Yusuf Mehdi, Microsoft’s corporate VP of the Windows and devices group, took to the stage to announce Windows Defender Application Guard, which will add container-based isolation to the Edge browser.
“One of the biggest attack vectors over the last decade has been the browser,” he said.
“There have been a lot of software-based sandboxes to help protect the browser, but they still provide a pathway for malware and vulnerability exploits.
“I’d like to introduce Windows Defender Application Guard. This will make Microsoft Edge the most secure browser for the enterprise.”
Application Guard will ensure that when Edge accesses a website not designated as trusted, the browser will be launched inside a container, a virtualized environment isolated from the rest of the Windows OS.
If the site tries to download and run malicious code on the device, that code remains within the container, unable to permanently compromise the Windows device or the wider network, and disappears when the browser session shuts down.
Unlike the software-based sandboxes that are offered by other browsers, Microsoft says that Application Guard provides a hardware-based container, which Mehdi says offers greater protection to the device.
Enterprise admins can configure a list of trusted sites under a group policy and distribute that policy to any Windows 10 devices they wish to protect using Application Guard.
Ann Johnson, VP of Microsoft’s advanced cybersecurity group, demonstrated how Application Guard worked in practice.
In the demo, Johnson showed how a malicious site was able to redirect Internet Explorer to a malicious website that downloaded malware, which then disabled Windows 7’s firewall and other security settings, as shown below.
When the same site was visited using Edge with Windows Defender Application Guard, the operating system’s security settings were unaffected.
“Your user session was protected and when I close this browser session the malicious content, the attack, the entire session disappears, so there’s nothing left behind on the user’s machine,” said Johnson.
The cost of this security is some additional inconvenience for the user, as they won’t be able to take advantage of the ability for every site and service to remembers their log-in details, since cookies and cached data are destroyed at the end of every session.
Application Guard should be made available to Windows Insider testers in the near future, with the release of early Redstone 2 builds for Windows 10. After a period of testing, select users of the Enterprise edition of Windows 10 will be given access to Application Guard early next year.
However, in general Microsoft faces an uphill battle in selling Edge to users, with only a small proportion of those running Windows 10 using Edge to browse the web.
Johnson again chose to pitch Windows 10 against Windows 7 to demonstrate another feature in Microsoft’s latest OS, Credential Guard.
Credential Guard is a feature in Windows 10 Enterprise edition and Windows Server 2016 that offers additional security for login details by storing derived credentials — NTLM hashes and Kerberos tickets and the process that manages them — in a secured isolated container that uses Hyper-V and virtualization-based security.
In the demo, Knight showed how an attacker who had gained access to a corporate Windows 7 PC could go on to steal all the credentials on that machine.
In contrast, when the same attack was attempted on the Windows 10 machine with Credential Guard, the other credentials were inaccessible.
“It’s completely transparent to your end users. So you don’t have to rely upon your end users to do anything to get this protection,” said Johnson.
Microsoft also used Ignite to highlight that the number of computers running Windows 10 continues to rise, despite the end of the free upgrade to the OS.
Windows 10 is running on 400 million devices, said Mehdi, up from 300 million in May and just over 200 million in March.
Windows 10 adoption rate is “150 percent faster” than that for Windows 7, he added.
As an example of a major rollout of Windows 10, Mehdi cited the US Department of Defence, which plans to rollout the OS to four million devices by next year.
Despite the continued growth, Microsoft has already admitted that it won’t hit its target of one billion devices running Windows 10 by summer 2018.
The Microsoft device figures relate to the number of devices running the OS within the past 28 days.
That’s not just PCs but also phones, tablets, Xbox consoles, HoloLens headsets and Surface Hubs.
Microsoft also used Ignite to announce:
- An evaluation edition of the release to manufacturing (RTM) version of Windows Server 2016 is available for download today. Windows Server 2016 and System Center 2016 will be on the October 1 price list, and the product should be generally available by mid-October.
- All Windows Server 2016 customers will get the commercially-supported Docker engine for no additional cost.
- Microsoft is offering free Windows Server 2016 datacenter licenses to VMware users — with some restrictions — as part of a nine-month promotion for its latest server offering.
- The technical preview 2 of Azure Stack — Microsoft’s tailored operating system based on Windows Server which shares programming interfaces and services with Microsoft’s Azure public cloud — is available today.
- Adobe will offer its Adobe Create Cloud, Marketing Cloud and Document Cloud hosted on Microsoft’s Azure as part of a partnership deal.
- Windows Defender Advanced Threat Protection (ATP) and Office 365 ATP services now share intelligence to help detect and guard against attacks.
Read more on Microsoft and Ignite