Microsoft looks at a Windows VM to sandbox rogue code

A feature revealed in the Windows Insider programme may appear in a future Windows 10 update for enterprises

Microsoft is believed to be working on a new feature in Windows 10 Enterprise that will protect users from rogue applications.

There have been a number of reports on the web over the past day about InPrivate, a feature that was discussed on the Windows Insider programme hub, which gives developers and early adopters access to new and up-and-coming Windows features as part of preview releases of the operating system.

In essence, Microsoft appears to be working on a way to isolate rogue applications by running them in their own Windows 10 virtual machine (VM). This approach should add another layer of enterprise security and reduce the need to roll out emergency patches for zero-day attacks.

As long as the Windows VM itself has no vulnerabilities that can be exploited, the rogue application should, in theory, be unable to affect the rest of the operating system and other applications running on the user’s PC.

The concept of virtualising apps for security has previously been used by Bromium, a company specialising in securing web browsers and applications. Its software uses a micro-VM to run a unique, single task. If the application’s behaviour deviates from what is expected, this is a signal that that malware might be present.

The information about what the malware is doing is sent in real time to the security team via a management console.

In a recent Computer Weekly article, Ian Pratt, co-founder and president of Bromium, said: “In a natural extension of what we are known best for, we are now applying virtualisation to shrink the security perimeter down to the application level, effectively putting a bubble around applications that access sensitive business data, providing confidentiality and integrity to that application.”

Read more about application security

Applying security software updates is an ineffective way to deal with application layer cyber attacks and businesses should change their approach, security experts advise.

Applications have an increasingly crucial role in our lives, yet they are also a real security threat, with hackers always finding new ways to bypass security defences.

Bromium takes a zero-trust approach to application security, which forces applications to run in a secure VM connected via its own VPN connection. The level of protection the proposed InPrivate feature adds will depend on how much security Microsoft plans to manage itself, and how much configuration will be required by administrators.

Any application running in a VM will incur a performance penalty. IT administrators could potentially maintain a whitelist of known enterprise applications that have been certified to run natively, without the extra layer of security offered by InPrivate.

Bromium’s approach is to monitor all application for rogue behaviour. If Microsoft adopted a similar approach, as well as the performance impact, enterprise users may find certain enterprise applications will no longer work as expected.

Read more on Application security and coding requirements

Data Center
Data Management