back to article Microsoft preps defence against the dark arts for enterprise customers

Microsoft is developing a technology for Windows 10 designed to combat the threat of malware served up from web pages penetrating corporate defences and slurping sensitive data. Known as Windows Defender Application Guard, the feature is set to become a part of Windows 10 Enterprise edition next year, and uses virtualisation …

  1. x 7

    Ideal for browsing porn at work

  2. Anonymous Coward
    Facepalm

    So they got themselves a sandbox...

    Inside a sandbox... inside another sandbox... inside another sandbox...

    Repeat ad nauseam....

    1. Doctor Syntax Silver badge

      Re: So they got themselves a sandbox...

      "Repeat ad nauseam...."

      or until you run out of memory.

      1. Anonymous Custard
        Trollface

        Re: So they got themselves a sandbox...

        So it's sand all the way down?

        Makes a change from turtles I suppose...

  3. adnim

    Does microsoft do irony?

    "Microsoft is developing a technology for Windows 10 designed to combat the threat of malware served up from web pages penetrating corporate defences and slurping sensitive data".

    1. Anonymous Coward
      Anonymous Coward

      Re: Does microsoft do irony?

      Clearly consummate masters of the art.

  4. EnviableOne

    Redmond playing catchup again

    Sounds like Malwarebytes anti-exploit and it works on any browser

    1. Tom Chiverton 1

      Re: Redmond playing catchup again

      Sounds like Qubes OS

  5. hplasm
    Childcatcher

    Microsoft preps defence against the dark arts...

    I've seen this before...

    Look under the turban.

  6. fidodogbreath

    The Changeling

    Microsoft is developing a technology for Windows 10 designed to combat the threat of malware

    I'm looking forward to the moment when, like in that classic Star Trek episode, Application Guard realizes that Windows 10 is in error. At that point, it "must ... sterilize" in accordance with its prime function.

    "Captain's log, stardate 3541.9. The presence of Nomad aboard my ship has become nightmarish. Now, it apparently means to return to Earth. Once there, it would automatically destroy all life."

    (H/T to Memory Alpha)

  7. Anonymous Coward
    Terminator

    Microsoft technology guards against untrusted web pages

    "Microsoft is developing a technology for Windows 10 designed to combat the threat of malware served up from web pages penetrating corporate defences and slurping sensitive data.

    Does this mean Microsoft have finally admitted they can't design an OS that can't be compromised by opening an email attachment or clicking on a malicious URL.

    I recall reading something similar being mentioned online ages ago. You boot to a Virtual Machine do your browsing and on reboot that instance is erased and you start with a fresh version each time. Else do your browsing from a read-only USB device.

  8. EPurpl3

    They should make it work on any browser

    1. Anonymous Custard
      Headmaster

      Given how badly Edge works here with a lot of our websites and applications (due to its streamlined lack of support for various bits that they need to run properly) and how much we still have to rely on IE11, I'd certainly second that in the corporate environment.

      Of course I guess the websites and such should also be looked at, but we all know how that story goes in the corporate world.

  9. Anonymous Coward
    Anonymous Coward

    Yay

    Another scanner to slow peoples machines down.

    Microsoft this is why you're going to struggle in the coming years.

    Why buy a PC that has to dedicate nearly half its resources to keeping viruses out?

    Microsoft, you need a ground up rewrite of your OS. Screw backwards compatibility running loads of scanners, blockers and firewalls is now officially tiresome and it is costing your end users far too much.

    I am close to point blank refusing to troubleshoot slow PCs these days because there is simply nothing I can do in most cases because users refuse to work with certain features switched off.

    Some examples of the crap that its necessary to disable to prevent the machine getting hammered.

    Superfetch (compressed memory problems and disk usage)

    Windows Search (disk usage)

    Windows Suggestions (disk usage and bizarrely compressed memory issues)

    Notifications (disk usage and again bizarrely compressed memory)

    Disk Indexing (disk usage)

    Windows Defender (RAM, CPU and disk usage)

    Microsoft your OS is unoptimised crapware that requires the majority of your more recent experiments (because thats what they are) to be switched off.

    Theres also the crap you cant switch off:

    Cortana

    Telemetry

    Windows Update

    Pissing the end user off is one thing. But pissing off the people that support them is another entirely. In the near future many of us will stop supporting your products entirely, if they havent already.

    We've pretty much stopped recommending your stuff already.

    Id imagine its hard to find a person here that would stand up in a tech discussion and sing the praises of an MS product. The only obes that would are the ones that support nothing else. The ones that have probably paid a fortune to be a Gold Partner.

    Either develop something worthwhile or bow out gracefully and stick to selling vouchers to teenagers.

    If I could Id move the entire world away from Windows and if I had the wealth to do so. Id do it for free. Shit id pay people to leave Microsoft garbage behind if I could afford it.

    I already offer Linux support at a lower price than MS support to lure businesses away from Microsoft and because I know I can actively support a vastly increased number of Linux clients vs Microsoft because it is so much easier.

    No third party software required, no crappy VPN end points, no shitty remote desktop, no TeamViewMeIn nonesense. I can also support people transparently. I dont have to take over their entire machine to troubleshoot.

    Microsoft you're too detached and too far up your own corporate arse.

    You dont understand end users, you dont understand engineers and you dont understand why thats a problem.

    Im done.

    *flips table and storms out*

    1. Anonymous Coward
      Anonymous Coward

      Re: Yay

      A downvote? Seriously?

      Its not like I made up that list of problems...they all exist and are clogging up message boards and search results everywhere.

      1. Ragarath

        Re: Yay

        Yay, an AC that complains about downvotes whilst assuming that his or hers anecdotal evidence is fact.

        Indexing/Search yes they are the same where as you list them as separate, a very useful tool and on my supported machines configured as OOB never had an issue. There were issues with the older indexing service but the last time I saw issues with that was many years ago.

        Notifications, really? I've never had an issue with this. Are you sure there is no 3rd party tool causing this.

        Windows Defender - way better than most AV/Malware scanners at using resources.

        Superfetch - yea turn this off never liked it. If you are using an SSD it is superfluous anyway.

        From reading the rest of your post I assume you are just a Linux evangelist and thus don't know how to properly support different OSs. An OS is a tool. Linux has it's place so does Windows they are both good at certain things.

        And if you think Linux is immune from malware, good luck with that. The fact that you talk about viruses means you do not understand the attack vectors now-a-days. I can't remember the last time I had to deal with a virus. Infections are now social engineering or trojan horses. That is a program run by the user. This can happen no matter your OS.

        1. Anonymous Coward
          Anonymous Coward

          Re: Yay

          Im not just a Linux evangelist. Linux is the path of least resistance. I cant recommend BSD because it just isnt as easy for a regular none technical user and I cant recommend MacOS because the cost of entry and value for money sucks.

          Ive supported all flavours of Windows for over 20 years and in that time its only got worse. Shit, I even queued up for the Windows 95 launch at PC World in Slough...remember the days when people were excited for Windows releases instead of dreading them?

          Windows 2000 was the peak following win2k has been a general decline. Troubleshooting is now trickier because a lot of the time the problems are due to the products themselves not implementation.

          Sure previous incarnations of Windows have had their quirks but 20 years on im still seeing the same mistakes. Its not acceptable after 20 years of R&D.

          Yes, notifications cause excessive disk usage. Its not a third party problem. I should have been more explicit to calm the shills. Its a specific setting within notifications and its an issue that is very common.

          http://www.repairwin.com/how-to-resolve-hard-disk-usage-100-issue-on-windows-10-8-8-1/

          Search and indexing are not the same. You can disable indexing without disabling Windows Search. You can then schedule indexing to occur rather than it occurring constantly.

          Search is very configurable...just not for none technical people.

      2. Tom Paine

        Re: Yay

        Maybe the downvote was because this isn't "another scanner", as you'd know if you read the fine article?

      3. Anonymous Coward
        Anonymous Coward

        Re: Yay

        > A downvote? Seriously?

        Wear it as a badge of honor, given by UK's dimmest.

  10. Doctor Syntax Silver badge

    It's being tested by the insiders but if I read the article right it isn't going to go out to home users. So under standard W10 testing procedures the enterprise users are going to be the beta testers guinea pigs.

    1. TonyJ

      Well I guess you could argue that corporate customers have much more data to lose to the likes of the cryptolockers whereas home users are more likely to lose pics of their cats/kids etc.

  11. Tom Paine

    Sounds like Bromium...

    ...but restricted to only run on a single app.

    Bromium's expensive, but it works very well IME.

  12. CrazyOldCatMan Silver badge
    Mushroom

    Are they giving it..

    .. the codename of Ouroboros?

    Seems like it's going to be the classic situation of a feature eating it's own environment..

  13. bolac

    Buzzword security for the management

    A VM is not better than any other sandbox, when it comes to security. Especially in this case, where you need to render stuff on the screen, you will have to need some complex code that talks to the host OS.

    It is just a waste of resources.

  14. bombastic bob Silver badge
    Devil

    safe surfing seems to work pretty well...

    all of these scanners/plugins/OS-sandboxers/whatever and the REAL problems aren't being addressed.

    I usually recommend 'safe surfing' to people to combat viruses/trojans and it works pretty well.

    a) don't go online with an account that has 'admin' privileges. just don't.

    b) use a browser that allows you to DISABLE 3rd party scripting, or ALL scripting for that matter. Firefox with 'noscript' plugin is my choice.

    c) NEVER view e-mail as HTML. ONLY view as plain-text, don't allow images to preview in-line, and NEVER "just click on a link" [or worse, "open" an attachment to see what it is] if it's in an e-mail, even if you trust the sender. Yes, this means NOT using a web client for e-mail.

    d) do NOT use a Micro-shaft OS for web surfing unless you have no other choice.

    Follow these rules, and the likelihood that you get some zero-day infection from across the intarwebs is pretty small. [this doesn't mention the more obvious things like firwealling your connection and explicitly running virus scans on attachments and downloaded files before "opening" them with a GUI file manager or whatever].

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like