Posted on Tuesday, September 27 2016 @ 16:35 CEST by Thomas De Maesschalck
Microsoft revealed details about the Windows Defender Application Guard for Microsoft Edge, a feature that will be part of the next major update to Windows 10 sometime in 2017. It will be rolled out to Windows Insiders later this year and promises to make browsing safer by running Edge in a lightweight virtual machine. As ARS Technica
reports over here, this is a quite exciting security development but it will be restricted to the enterprise environment because there are some important compatibility and ease-of-use constraints.
However, doing this has certain complexities. Currently, virtualized sites can't store persistent cookies, for example, because virtual machines get destroyed when the browser is closed. This may be acceptable for a locked-down enterprise environment, but it isn't a good fit for consumers.
There are also compatibility constraints. VBS installs the Hyper-V hypervisor. This requires a processor with hardware virtualization support, and it also requires I/O virtualization (such as Intel's VT-d) to protect against certain known attacks. This means that some systems in the wild won't support it. There are also software concerns; only one hypervisor can be installed at a time, which means that a machine that's running Hyper-V cannot also run VMware Workstation or Virtual Box, say, or software that uses virtualization behind the scenes, such as the Bluestacks Android-on-Windows software.
