Microsoft Device Guard will lock down Windows devices against dodgy apps

MICROSOFT HAS RELEASED a new build for Windows 10 Insider Programme participants, and made several announcements about the added security in the forthcoming operating system.

Testers can now pick up every update as it becomes available (the ‘fast ring’) or wait for the most stable builds (the ‘slow ring’). Today’s announcement is Build 10061 for ‘fast ring’ users.

The release contains new calendar and mail apps, improvements to the start, taskbar and Action Centre, tweaks to the task view and virtual desktop, and enhancements to Continuum, the software that allows seamless transition between form factors.

However, the big news is the innovations in Windows 10 that will protect users from nasties and give them more control over their data.

Scott Charney, corporate vice president of Trustworthy Computing at Microsoft, revealed details of the improvements at the RSA Conference in San Francisco.

Device Guard is a new enterprise feature that will allow organisations to lock down devices with extra malware protection. Only trusted versions of trusted apps will be allowed through, i.e. those signed by the vendor, the Windows Store, the organisation, or any combination of the three.

The software also comes with tools to sign Universal Apps, and apps that predate signing in the first place.

Device Guard virtualises (what was called sandboxing) the decision about a new app download, and decides whether or not to allow it through. This means that at no point is it a risk to the rest of the operating system. It isn’t an alternative to good malware protection, but offers extra peace of mind, according to Microsoft.

Companies including Acer, Fujitsu, HP, NCR, Lenovo and Toshiba have already signed up to Device Guard for Windows 8 devices.

The security measure augments the previously announced Windows Hello, which builds in biometric identification through face recognition or fingerprint scans on compatible equipment, and Microsoft Passport, a system that allows software and network administrators to incorporate biometrics into apps.

Passport and Hello will also work with Fido keys, USB sticks with encrypted credentials which can be used as an unlock mechanism for computers. Fido is already in use by Google and PayPal.