Posted on 04/22/2015 5:53:04 PM PDT by SeekAndFind
Microsoft is making big efforts to increase the security of Windows 10 and turn the new operating system into a fully secure working environment, so several new features will be available in this regard when it comes out.
In addition to Microsoft Passport and Windows Hello, both of which were announced a few months ago, Redmond will also introduce a feature called Device Guard that would give organizations full control over the apps that are allowed to be launched on a device running Windows 10.
According to Microsoft, the new feature should provide advanced malware protection against new and even unknown malware variants and block all zero-day threats for Windows 10. Basically, no other apps than the ones you allow can be launched on a Windows 10 device. You can configure the feature to work with apps signed by defined vendors, apps from the store, or those developed by your company, Microsoft said.
Youre in control of what sources Device Guard considers trustworthy and it comes with tools that can make it easy to sign Universal or even Win32 apps that may not have been originally signed by the software vendor.
owever, Device Guard is supposed not to replace your antivirus but to work together with it. For example, antivirus solutions can still continue to block macros or other forms of malware while Device Guard would be in charge of restricting access to apps that arent allowed in your organization.
Microsoft explains how the duo would work:
Traditional AV solutions and app control technologies will be able to depend on Device Guard to help block executable and script based malware while AV will continue to cover areas that Device Guard doesnt such as JIT based apps (e.g.: Java) and macros within documents. App control technologies can be used to define which trustworthy apps should be allowed to run on a device.
Windows 10 is projected to launch this summer, with RTM expected to be reached in June, while general availability should be announced in August. Windows 10 will be offered as a free upgrade for Windows 8.1 and Windows 7 users, but enterprises would still have to pay for it.
Me too. Did you get the guy who asks you how many errors show up on your log, and then he says, “OH GOD” ?
I want a cruise missile that can do a tracert.
> yes it is
Shameless frickin' CLICK-BAIT, too.
good idea
SO TRUE!
That would make an awesome tag-line, too ! :)
Sounds like each application is in a vm.
Nothing is forever in the digital world.
I hope Microsofts Anti-Malware system works as good as my ZoneAlarm Security Suite and Malwarebytes.Haven’t had any problems with malware but if more computers were clean we wouldn’t be worried over malware infestations.
+1.
Can I say this is vary familiar? Or would that be too crass in a Windows thread? ROTFLMAO! Probably be better to not say it. Mums the word.
Soooo... AppLocker. AppLocker has been around for a while now. This is just old technology wrapped in a new name. It’s contingent upon companies to actually turn on the protections to make them work. Nothing is “native” in corporate Windows.
Yep - the only "fully secure system is not connected and in a physically secure place with only one-person having access.
“Might as well say “Could Make Monkeys Fly Out of Your Butt.””
We see that every day with every pronouncement that comes out of the current White Hut.
Familiar? Crass? Hell, after all these years, -I- could have written a blurb about only allowing authorized processes to run, in my sleep. LOL
But let's cross our fingers and hope it's more effective than past attempts, recognizing that it's an endless cat-and-mouse game, because the malware writers stay one step ahead; the best you can do with anti-malware is play defense.
That's why I liked tacticalogic's comment #22 about the cruise missile that does traceroute.
Sometimes the best defense is a good offense.
There are a number of outfits doing similar things. Bit9, Carbon Black, TripWire,...
But it's nice to see the technology that was around only in the high-end editions of Windows make it into the more common ones (if I'm interpreting this right).
Malware targets the user as a vulnerability, not the OS.
Yes.
The next version is always going to be immune to viruses.
I won't take anything Microsoft says about securing their operating system seriously until they get rid of the concept of things being executable based on their name.
Quite so.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.