Microsoft has published a technical manual describing its new features Device Guard in Windows 10, to assist with setting up anti-malware technology on the device you will need to use it on.
We first learned about the new Device Guard in April when the company introduced it to the RSA 2015 conference in San Francisco. At the time, it appeared that the technology controls critical parts of each protected device's operating system, which is walled off from all other devices. applications and the rest of the Windows operating system.
The main protection technology is IOMMU (PDF) but also other mechanisms that protect the computer's processor by ensuring kernel-level guarding. IOMMU technology works by locking down the hardware that can touch the system memory, to prevent malicious drivers and devices from entering the operating system and the applications used.
Η Microsoft αναφέρει: “Η ίδια τεχνολογία hypervisor που χρησιμοποιείται για να τρέξει εικονικές μηχανές στο Microsoft Hyper-V χρησιμοποιείται για να απομονώσει τις βασικές υπηρεσίες των Windows σε ένα virtualization που βασίζεται, στη λειτουργία ενός προστατευμένου δοχείου.”
"This isolation removes the vulnerabilities of these services from both user and kernel functions and acts as an impenetrable barrier to most malware in use today."
Device Guard is targeted at businesses and other large organizations.
“Historically, UMCI (its user integrity function code) was only available on Windows RT and Windows for Phone devices, which made it difficult for these devices to be infected with viruses and malware," says a post on TechNet.
"In Windows 10, these same successful UMCI standards are available. Historically, most malware is unsigned. By developing code integrity policies, organizations will be able to protect themselves directly against unsigned malware, which is estimated to be responsible for more than 95 percent of attacks. ”
So simply put, if the "container" used by Microsoft in Device Guard becomes infected, the rest of the system will remain protected, at least in theory. It would be quite interesting to see the virtualization technology of Windows 10 on PCs and not just servers.
Meanwhile, Microsoft will also have to deal with the malware that gets signed to our computers. It can be a rare species but it exists.