Microsoft is working to release the final build of Windows 10 in few months time and the company has been regularly updating the preview version with new builds and also new features. Windows 10 is the next major iteration in the Windows and will come with whole lot of new features and improvements from a user perspective including the new start menu.
But the new features are not just limited to UI alone, Microsoft has announced new security feature called Device Guard which allows organizations to lock down system in case of malware attacks and prevent only signed applications to run.
According to Microsoft, Device Guard gives organizations the ability to lock down devices in a way that provides advanced malware protection against new and unknown malware variants as well as Advanced Persistent Threats (APT’s). It provides better security against malware and zero days for Windows 10 by blocking anything other than trusted apps, which are apps that are signed by specific software vendors, the Windows Store, or even the organization’s.
Using this feature, the administer is in control of what sources Device Guard considers trustworthy and it comes with tools that can make it easy to sign Universal or even Win32 apps that may not have been originally signed by the software vendor.
Device Guard can use hardware technology and virtualization to isolate that decision making function from the rest of the Windows operating system, which helps provide protection from attackers or malware that have managed to gain full system privilege. So in case of a malware app being executed, Windows makes a determination on whether that app is trustworthy, and notifies the user if it is not.
Windows 10 will come with stronger security options when compared to previous versions and would be able to protect the system from vulnerabilities. The advantage of using Device Guard over anti-virus and app control technologies like AppLocker, Bit9 is that the latter can be tampered by malwares, but device guard will be able to protect.
The company also mentioned that traditional AVs and apps will be used in combination with Device Guard and they will be able to depend on Device Guard to help block executable and script based malware while AV will continue to cover areas that Device Guard doesn’t such as JIT based apps (e.g.: Java) and macros within documents.
Many OEMs are already endorsing the use of Device Guard on their Windows 8 certified devices.
Device Guard will be one of the most important security related features on Windows 10 and we will have more on this once Windows 10 is released.