Microsoft is all set come up with a new feature, called Windows Defender Application Guard, to battle malware and protect Edge users.
Web browsers turn out to be big security risks to computer users, despite the use of all kinds of antivirus programs. It’s to be noted that 90 percent of phishing emails reportedly use browsers to initiate attacks on computers. As we know, hackers use phishing emails to gain entry into a system or an organizational network that they want to hack.
Microsoft is soon coming up with this new feature called Windows Defender Application Guard, which works by isolating Microsoft’s Edge browser from the rest of the files and processes that run on a system, thereby blocking malicious files from taking control of a system or a network.
A post made by the Microsoft Edge Team on the Microsoft Windows blog says- “…many businesses worldwide have come under increasing threat of targeted attacks, where attackers are crafting specialized attacks against a particular business, attempting to take control of corporate networks and data. For the most security-conscience businesses, we are introducing a new layer of defense-in-depth protection: Windows Defender Application Guard for Windows 10 Enterprise. Application Guard provides unprecedented protection against targeted threats using Microsoft’s Hyper-V virtualization technology.”
How it works
When a user navigates to an untrusted website in Microsoft Edge, which is enabled with Windows Defender Application Guard, the browser launches a new session that runs in a virtualized container on the user’s system. Thus, if there is a malicious code on the website, it gets deployed into the computer and not on the user’s system and remains isolated from the OS and everything else. The container gets destroyed when the user quits his Edge sessions and the malicious code also goes with it.
Here’s what the post on Microsoft Windows blog says about it- “when an employee browses to a site that is not recognized or trusted by the network administrator, Application Guard steps in to isolate the potential threat…Application Guard creates a new instance of Windows at the hardware layer, with an entirely separate copy of the kernel and the minimum Windows Platform Services required to run Microsoft Edge. The underlying hardware enforces that this separate copy of Windows has no access to the user’s normal operating environment.”
The post also explains as to what happens when the website in question is opened when the user clicks on a phishing mail link- “An attacker sends a well-crafted email to an innocent employee of the company enticing them to visit a link on a site under the attacker’s control. The innocent user, not noticing anything suspicious about the mail, clicks on the link to an untrusted location. In order to proactively keep the user and enterprise resources safe, Application Guard coordinates with Microsoft Edge to open that site in a temporary and isolated copy of Windows. In this case, even if the attacker’s code is successful in attempting to exploit the browser, the attacker finds their code running in a clean environment with no interesting data, no access to any user credentials, and no access to other endpoints on the corporate network. The attack is completely disrupted. As soon as the user is done, whether or not they are even aware of the attack having taken place, this temporary container is thrown away, and any malware is discarded along with it. There is no way for the attacker to persist on that local machine, and even a compromised browser instance has no foothold to mount further attacks against the company’s network. After deletion, a fresh new container is created for future browsing sessions.”
Microsoft is at present developing the feature, which will become available in the coming months. Experts and analysts feel that this would prove a giant leap as regards adoption of Microsoft Edge, especially by enterprises because through this feature Microsoft is offering enterprises a really good option to secure company assets.