Microsoft introduced Windows Defender Application Guard protection technology for the Edge web browser
Microsoft has previously announced special protective measures against malware and cyber attacks, which are based on the mechanism of virtualization Hyper-V. With the release of Windows 10, the company introduced a so-called Virtual Secure Mode (VSM) environment and two VSM-based security measures: Device Guard and Credential Guard (available for enterprise versions of Windows 10). Their main purpose is to isolate security-critical operations in a mini-OS that runs in a separate virtual machine with a high level of trust.
Such critical operations include verifying the legitimacy of the data of the UEFI firmware of the computer, the kernel mode drivers (Device Guard) and the execution of procedures that relate to user authentication (Credential Guard). A new security feature called Windows Defender Application Guard for the Edge web browser performs similar Hyper-V based isolation, but in this case only unreliable content sources in the web browser.
The figure below shows the VSM architecture that is based on Hyper-V. App Guard uses a similar architecture.
')
As you can see above, the main copy of Windows 10 (host) is separated from VSM by isolation at the hypervisor level. App Guard for Edge applies a similar approach. When a user visits an untrusted website in a browser, it does not open in the context of the host virtual machine, but in another, which is created specifically for such potentially dangerous operations as viewing content on unsafe websites.
Thus, if an attacker plans a cyber attack on an organization’s employees and uses a phishing link that can be used to organize a drive-by download attack, it will be opened in an environment isolated at the hypervisor level. In this execution context, the attacker will not be able to get any new information for himself, since this virtual machine has limited access to any user information located on the host. At the same time, the Edge user himself will feel that the tab process is running on the host system.
Windows Defender Application Guard for Edge web browser will be available to users of copies of Windows Insiders in the coming months, and for users of release copies of Windows 10 Enterprise next year.
Such critical operations include verifying the legitimacy of the data of the UEFI firmware of the computer, the kernel mode drivers (Device Guard) and the execution of procedures that relate to user authentication (Credential Guard). A new security feature called Windows Defender Application Guard for the Edge web browser performs similar Hyper-V based isolation, but in this case only unreliable content sources in the web browser.
The figure below shows the VSM architecture that is based on Hyper-V. App Guard uses a similar architecture.
')
As you can see above, the main copy of Windows 10 (host) is separated from VSM by isolation at the hypervisor level. App Guard for Edge applies a similar approach. When a user visits an untrusted website in a browser, it does not open in the context of the host virtual machine, but in another, which is created specifically for such potentially dangerous operations as viewing content on unsafe websites.
If you’re a The Windows Platform Services are required to run under the Microsoft Edge. This has been the case.
Thus, if an attacker plans a cyber attack on an organization’s employees and uses a phishing link that can be used to organize a drive-by download attack, it will be opened in an environment isolated at the hypervisor level. In this execution context, the attacker will not be able to get any new information for himself, since this virtual machine has limited access to any user information located on the host. At the same time, the Edge user himself will feel that the tab process is running on the host system.
Windows Defender Application Guard for Edge web browser will be available to users of copies of Windows Insiders in the coming months, and for users of release copies of Windows 10 Enterprise next year.
Windows Defender will be available for the next year.
Source: https://habr.com/ru/post/311242/
All Articles