Microsoft has revealed details of an upcoming update to its Edge web browser which is designed to enhance security by relegating the software to a dedicated lightweight virtual machine.
Announced during the company's Ignite conference, Windows Defender Application Guard for Microsoft Edge is the company's latest attempt at one-upping its competition in the browser market. Designed to work exclusively with the Edge browser, which took over from the ageing Internet Explorer codebase with the launch of Windows 10, the update takes Microsoft's work on virtualisation and applies it to the browser in order to protect the underlying operating system. While theoretically the same technology could be used to protect other applications, including third-party browsers, Microsoft has not announced any plans to open the system up to such use.
Traditionally, Microsoft's browsers have been heavily integrated into the operating system with often disastrous results. Security holes in Internet Explorer, in particular courtesy the ActiveX scripting language, have been the cause of numerous Critical-level security updates for the operating system; when a malicious website takes control of the browser, it is also able to take control of the underlying operating system. The somewhat verbosely-named Windows Defender Application Guard for Microsoft Edge aims to fix that by launching a dedicated virtual machine, largely isolated from the main operating system, and running Edge in there instead.
'Unlike other browsers that use software-based sandboxes, which still provide a pathway for malware and vulnerability exploits, Microsoft Edge's use of Application Guard isolates the browser and employee activity using a hardware-based container to prevent malicious code from impacting the device and moving across the enterprise network,
' claimed Microsoft's Yusuf Mehdi of the tool in its announcement
. 'This robust security service helps protect enterprises from malware, viruses, vulnerabilities, and even zero-day attacks.
While those using Edge within the Application Guard virtual machine will be able to save files to the host operating system as normal, an unavoidable attack vector, any malicious software running in the browser itself will - in theory, at least - be able to attack only the virtual machine, which is destroyed when the user exits the browser.
Microsoft has promised to make Application Guard for Microsoft Edge available to Windows Insiders over the next few months, with a broader roll-out planned for 2017. A video demonstrating the technology is reproduced below.