Microsoft is bringing virtualization to its Edge browser with a security tool called Windows Defender Application Guard. The technology, announced this week at Microsoft’s 2016 Ignite conference in Atlanta, takes a virtualization-based approach to isolating browser-based attacks from the internet.
Windows Defender Application Guard will be exclusive to enterprise versions of Windows 10 and will be available for preview Oct. 1 via the Windows Insiders program, with general availability slated for 2017.
The virtualization approach to containing malware inside a browser is different from browsers Google and Firefox which rely heavily on sandboxing technology to keep malicious websites from launching browser-based attacks against targeted systems.
“This level of protection has never been more important, as the majority of attacks start in the browser,” wrote Yusuf Mehdi, corporate vice president of Microsoft’s Windows and Devices Group in a blog post outlining the technology.
Windows Defender Application Guard works by isolating any site an enterprise administrator hasn’t already whitelisted. Should a user click a link in an email or visit the site through some other means, Application Guard creates a virtual hardware-based container for the site to run in.
The virtual container is treated as a new instance of Windows at the hardware layer, describes Mehdi. That container is an entirely separate copy of the Windows’ kernel and only offers the minimum Windows Platform Services required to run Microsoft Edge. This separate copy of Windows has no access to a user’s normal operating environment.
Should Edge encounter a malicious attack Application Guard will block access to memory, local storage, installed applications and any other corporate network endpoints, Microsoft says.
“This separate copy of Windows has no access to any credentials, including domain credentials, that may be stored in the permanent credential store,” Mehdi said.
Once the Application Guard browser session is over the virtual container is destroyed. “There is no persistence of any cookies or local storage when the user is finished,” according to Mehdi.
This type of protection differs that of other browsers such as Firefox and Chrome that rely on sandboxing, essentially isolating the browser from the computer and any changes made by malware.