Microsoft has published a technical manual describing its new features Device Guard in Windows 10, για να βοηθήσει με την ρύθμιση της τεχνολογίας anti-malware, on the device you will need to use.
We first learned about the new Device Guard back in April when the company introduced it to the congress RSA 2015 in San Francisco. At that time, it turned out that technology controls critical parts of the operating system of each device that is protected, and which is fenced off by all other applications and the rest of the Windows operating system.
The main protection technology is IOMMU (PDF) but also other mechanisms that protect the computer's processor by ensuring kernel-level guarding. The IOMMU technology works by locking the hardware that can touch the system memory, for the prevention malicious drivers and devices that can enter the operating system and applications used.
Microsoft says: "The same hypervisor technology used to run virtual machines in Microsoft Hyper-V is used to isolate basic Windows services in a virtualization based on the operation of a protected container."
"This isolation takes them away vulnerabilities of these services from both user and kernel functions and acts as an impenetrable barrier to most malware in use today.”
Device Guard is targeted at businesses and other large organizations.
"Historically, UMCI (Code Integrity Mode User) has only been available in Windows RT and Windows for telephone devices, making it difficult for these devices to be infected with viruses and malware," says a post in TechNet.
"In Windows 10, these same successful UMCI standards are available. Historically, most malware is unsigned. By developing code integrity policies, organizations will be able to protect themselves directly against unsigned malware, which is estimated to be responsible for more than 95 percent of attacks. ”
So simply put, if the "container" used by Microsoft in Device Guard becomes infected, the rest of the system will remain protected, at least in theory. It would be quite interesting to see the virtualization technology of Windows 10 on PCs and not just servers.
Meanwhile, Microsoft will also have to deal with the malware that gets signed to our computers. It can be a rare species but it exists.
