New Security Features Coming to Windows 10
On June 29th, Microsoft announced several new security features coming to the Windows 10 Fall Creator’s Update.These updates are now available for Windows 10 Preview users on the Fast ring. Microsoft tries to thwart the ransomware attacks that took the world by storm in recent months.
Generally, such ransomware works by encrypting the user’s certain files, thus locking access to them until a ransom is paid. The WannaCry variant was often started by an unsuspecting user opening an infected e-mail attachment, which infected their PC with the ransomware, then spread it across the local network via an exploit to SMB. Windows has permission controls for users, which enables multiple accounts to use the same PC without accessing each other’s’ files. But a simple permission system is not enough against ransomware since the user either willingly opens the infected attachment, or it is spread via a trusted local network (the SMB exploit).
Microsoft’s Controlled Folder Security Measures
The proposed solution to prevent such attacks is protecting certain folders from being edited by any unknown applications. This is a part of Windows Defender, and it is called Controlled Folder. By default, built-in apps such as Documents, Desktop and Microsoft Office will be allowed to edit files in these folders. You will be able to add new applications to the whitelist and new folders to the protected list. In theory, this will prevent ransomware from encrypting files in these folders, and a notification will pop up about something trying to access them.
Windows Defender will get another security feature called Exploit Detection; since it doesn’t work yet in the insider build, we are sure it is a work in progress. According to Microsoft, more details will follow soon.
To protect against browser-based attacks and malware injections, Microsoft will also enable users to put the Edge browser in a sandbox - this is dubbed Application Guard. This small virtual machine is not like those used to run older versions of Windows - it does not emulate the full functions needed for an OS, only Windows 10’s features needed to run Edge.
This means it won’t be able to access anything outside of the browser, and even Edge’s data - such as cookies, bookmarks, and cache - won’t be allowed to reside outside the sandbox. Previously this data wasn’t kept by the system, but with Application Guard enabled, Edge will keep them between sessions.