Windows Defender Application Guard for Microsoft Edge is the next big update coming to Windows 10 and it's going to encapsulate the Edge browser inside a virtual machine, making it much harder for hackers and malware to attack your machine through a browser exploit. Essentially, it will isolate the browser from the entire system, quarantining it in case it becomes infected.
Microsoft has been driving towards a virtualisation strategy for some time now. Windows 10 introduced the practice when it launched, of sandboxing certain pieces of software so that should it is harder to compromise them and they can't be used as a point of attack on the rest of the system. That's going to continue with the Edge update, which is a smart move, since the browser is often used as an attack vector for a system takeover or ransomware attack.
To make sure that the virtual machine used in this case is lightweight, Microsoft doesn't run a full version of Windows within it – just the barebones features required to get online. The main virtualisation, Application Guard, will protect the Edge processes, but restricts them from accessing local storage and can't affect other processes either.[yframe url='http://www.youtube.com/watch?v=McP8ZGAInwI']
There will also be a secondary virtual machine running in the background of Edge. Known as the Credential Guard, it will isolate all login and sensitive information like passwords and stores them in a secondary virtual machine, making it very difficult for a hacker to gain access to one PC and use it to attack others on the same network.
While all of this seems like a good move by Microsoft in terms of protecting its users, the big downside is that it's an Enterprise only feature, for now. Microsoft recognises that consumers could also benefit greatly from these protections – as per ArsTechnica – but the problem is persistence and ease of use. These virtual machine contained browser features mean that cookies cannot be stored, which means logging in all of the time online. The virtualisation also reduces performance by enough that Microsoft isn't saying how much.
Perhaps consumers will get access to these features, even as an option, sometime in the future, but for now Enterprise users can expect to get their hands on it in early 2017. Insiders may gain access a little later this year, depending on what ring they are on.
Discuss on our Facebook page, HERE.
KitGuru Says: This does seem like a pretty smart plan to safeguard a system and of course it's mostly important to secure enterprise machines, but consumers, especially those who aren't very technologically literate, could likely benefit a lot too.