Microsoft has recently announced special measures taken to be protected from malicious software and cyber-attacks based on the mechanism of virtualization Hyper-V. With the release of Windows 10, the company represented the so-called environment Virtual Secure Mode (VSM) and two protective measurements based on VSM: Device Guard and Credential Guard (available for enterprise versions of Windows 10). Their main point is to isolate the operations critical for security in mini-OS that works in the separate virtual machine with a high level of trust.
Check of data legitimacy in UEFI-firmware of the computer, drivers of the base regime (Device Guard) and performance of procedures that are referred to users’ authentication (Credential Guard) belong to such critical operations. A new protective function called Windows Defender Application Guard for Edge web-browser makes an analogical isolation based on Hyper-V, but only if web-browser features any unreliable sources of content.
VSM architecture based on Hyper-V is represented on the image lower. A similar architecture is used in App Guard too.
As it is mentioned above the main copy of Windows 10 (host) is separated from VSM with the isolation at the hypervisor level. A similar approach is used in App Guard for Edge too. When a user visits an unreliable website in any browser, it is opened not in the context of host virtual machine, but in the one created especially for potentially hazardous operations (i.e. looking through the content of insecure sites).
So, if an intruder plans a cyber-attack on the members of the organization staff and uses a phishing link for this purpose that can also be used for the organization of attack like drive-by download, it will be opened in the environment isolated at the hypervisor level. In such a context of performance, the attacker will not be able to receive any new information as the access to any user’s information contained on the host is restricted to this virtual machine. Besides, Edge will create the feeling that the tab process works in the host system.
Windows Defender Application Guard for Edge web-browser will become available for the users of Windows copies of Insiders program in a couple of months and for the users of released copies of Windows 10 Enterprise only next year.