Microsoft has published a technical manual describing its new features Device Guard in Windows 10 to help with setting it up technology anti-malware, on the device you will need to use it on.
We first learned about the new Device Guard in April when the company introduced it to the RSA 2015 conference in San Francisco. At that time, it turned out that technology controls critical parts of the operating system of each device that is protected, and which is fenced off by all other applications and the rest of the Windows operating system.
The main protection technology is IOMMU (PDF) but also other mechanisms that protect the computer's processor by ensuring kernel-level guarding. The IOMMU technology works by locking the hardware that can touch the system memory, for the prevention κακόβουλων προγραμμάτων οδήγησης και συσκευών που μπορούν να εισέλθουν στο λειτουργικό σύστημα και τις εφαρμογές που χρησιμοποιούνται.
Microsoft says: “The same technology Hypervisor used to run virtual machines in Microsoft Hyper-V is used to isolate core Windows services in a virtualization-based, protected-container operation.”
"This isolation removes the vulnerabilities of these services from both user and kernel functions and acts as an impenetrable barrier to most malware in use today."
Device Guard is targeted at businesses and other large organizations.
"Historically, UMCI (User Code Integrity Mode) was only available on Windows RT and Windows for Appliances τηλεφώνου, γεγονός που κατέστησε δύσκολο σε αυτές τις συσκευές να μολυνθούν με ιούς και malware,” reports a post on TechNet.
"In Windows 10, these same successful UMCI standards are available. Historically, most malware is unsigned. By developing code integrity policies, organizations will be able to protect themselves directly against unsigned malware, which is estimated to be responsible for more than 95 percent of attacks. ”
So simply put, if the "container" used by Microsoft in Device Guard becomes infected, the rest of the system will remain protected, at least in theory. It would be quite interesting to see the virtualization technology of Windows 10 on PCs and not just servers.
Meanwhile, Microsoft will also have to deal with the malware that gets signed to our computers. It can be a rare species but it exists.