Microsoft Introduces New Feature to Protect Edge Users
posted Sunday Oct 2, 2016 by Scott Ertz
The Internet is a scary and dangerous place. Ads served by networks like Google appear to be legitimate, but take you to downloads to steal your information or destroy your computer. Links shared on Facebook and Twitter appear to be news articles, but are actually serving malicious content. If you aren't paying attention, it can be easy to screw up your machine, and web browsers are the source of all of that turmoil.
Microsoft has a new idea for how to protect users of their Edge browser. The feature is called Windows Defender Application Guard, and it consists of running the browser within a very lightweight virtual machine. Essentially, this means that the browser will run within your computer, but will not have direct access to it. Instead, it will run within another, virtual computer residing on yours.
The advantages of this technique are incredibly positive. The browser cannot access your computer without your express permission. This means that anything that happens within the browser will be contained within the virtual environment. Code designed to change your homepage, search engine, system registry, etc. all will, if allowed, change the virtual environment. As soon as the browser is closed, the virtual environment is destroyed, taking with it any malicious code and cookies.
Unfortunately, with all major security protections come tradeoffs. For example, since cookies are destroyed, it means that features like saving passwords will be destroyed, too. You would not be able to click "save password" on a website and have it save between sessions, because that information is saved in one of those cookies being destroyed. There are also performance tradeoffs that will have to be made, as the browser is not running directly on your hardware.
Clearly, this feature will not be for everyone, but it is a good option for places that require additional security, such as secure facilities like banks and doctors' offices. It will also be good for common area computers in libraries and schools where people tend to not worry about security and also forget to logout of services like email, social networks, etc.