Windows 10 Will Soon Run Edge In a Virtual Machine To Keep You Safe (arstechnica.com) 172
An anonymous reader quotes a report from Ars Technica: Microsoft has announced that the next major update to Windows 10 will run its Edge browser in a lightweight virtual machine. Running the update in a virtual machine will make exploiting the browser and attacking the operating system or compromising user data more challenging. Called Windows Defender Application Guard for Microsoft Edge, the new capability builds on the virtual machine-based security that was first introduced last summer in Windows 10. Windows 10's Virtualization Based Security (VBS) uses small virtual machines and the Hyper-V hypervisor to isolate certain critical data and processes from the rest of the system. The most important of these is Credential Guard, which stores network credentials and password hashes in an isolated virtual machine. This isolation prevents the popular MimiKatz tool from harvesting those password hashes. In turn, it also prevents a hacker from breaking into one machine and then using stolen credentials to spread to other machines on the same network. Credential Guard's virtual machine is very small and lightweight, running only a relatively simple process to manage credentials. Application Guard will go much further by running large parts of the Edge browser within a virtual machine. This virtual machine won't, however, need a full operating system running inside it -- just a minimal set of Windows features required to run the browser. Because Application Guard is running in a virtual machine it will have a much higher barrier between it and the host platform. It can't see other processes, it can't access local storage, it can't access any other installed applications, and, critically, it can't attack the kernel of the host system. In its first iteration, Application Guard will only be available for Edge. Microsoft won't provide an API or let other applications use it. As with other VBS features, Application Guard will also only be available to users of Windows 10 Enterprise, with administrative control through group policies. Administrators will be able to mark some sites as trusted, and those sites won't use the virtual machine. Admins also be able to control whether untrusted sites can use the clipboard or print.
For limited values of 'you'. (Score:5, Funny)
Re: (Score:2)
Re:For limited values of 'you'. (Score:5, Interesting)
Its rapidly becoming the case that the enterprise edition is the 'new' pro edition.
Whereas with XP through 8, I just wanted to have pro to be able to run my own IIS, accept incoming RDP, not have to deal with the idiot simplified user permissions etc, with win8 pro came hyperV... etc In each case, Home edition was awful, while Pro was a good OS.
With 7/8 Enterprise has some extra bitlocker stuff I think? And the VLA license management features that only an enterprise would need.
But with 10, "pro" is garbage too, and all the features I actually want are now in Enterprise edition. (Turn off telemetry, more control over windows update, Edge in a Virtual Machine...)
So im coming to the conclusion that us 'power users' that until now always wanted pro should now be looking for the enterprise edition.
Of course enterprise is currently a lot more expensive than pro, with recurring subscription fees.
But this is looking to be the carrot and stick approach; (and mostly for businesses -- us power users are just caught in the middle of it.) Home users are being corralled into Windows 10 Home (and Pro at this point is really just Home+) where their updates are managed and theyre expected to be all appy and cloudy and monitored with telemetry.
While businesses (and people) who need to get shit done, and don't want their windows computers scheduling an update before an important meeting, and don't want to send telemetry to redmond,etc, etc... (i.e. people like me) -- should be using enterprise.
Us power users should be looking to use enterprise. (Assuming as always that we wish to use windows at all, which in my case at least, while I love my linux -- I am not interested in the huge compromises necessary to make it my primary desktop.
Ah but Windows 10 Enterprise is nasty for individuals to get a hold of what with Microsoft VLAs and the byzantine and downright hostile Software Assuarance licensing crapola.
So when I read about something like this...
Windows 10 Enterprise E3 / 7$ seat / month. And it sounds like its being aimed to be run like office 365... suddenly things start to come into focus...
http://www.pcworld.com/article... [pcworld.com]
" It's worth highlighting, though, that a business of one employee can take advantage of it, however. "
Interesting right!? (I mean yeah, this is /. so the pitchforks are out in force... and I should switch to linux everything... but think about it rationally...)
There is going to be the non-recurring windows 10 home edition and the home+ (aka pro), the spyware adware versions. And there is going to be Windows 10 enterprise, the only one businesses and power users will want but at $7/seat/month.
So If one seat of Enterprise really is per user? and I can put it on my desktop, laptop, and a couple hyperv virtual desktops like i can Microsoft office... all for 84/year... and I can turn off automatic updates and do them when i want, and I can turn off telemetry...
On the one hand... ugh... rent seeking subscription -- the business model for companies who really can't compellingly improve there product but still want the same revenue they were getting when each release was a must-have. And yeah.. Windows has reached that point I guess. "XP does all I need" people are still all over the place.
On the other hand... $7/month for an actual good windows user experience with the kind of control I want over it, with continual support in the form of antivirus and security updates...ok... I'm listening.
Re: (Score:2)
Re: (Score:2)
I am not a fanboy of WIndows 10 by a long shot but WIndows 10 pro does:
1. Have the ability to control Windows Updates including defer feature updates ala Debian style.
2. GPO support
3. Pro has the same Hyper-v and RDP options. If you go under settings go to developer mode to turn them on by default
4. IIS support
5. The ability to pick when updates are applied
Windows 7/8 have spyware too unless you want to be insecure. Chrome and your phone already do this anyway.
The only thing the enterprise edition has is to
Re: (Score:2)
I don't disagree with you. The trouble is that I'm finding pro is steadily becoming more 'managed by microsoft' than 'managed by me', and increasingly it's becoming an 'ad delivery platform'; given Microsofts positioning of Windows 10 as the 'last version of windows' and continually supported and updated for free... I read that as with Windows 10 "You're going to be the product now. Not the customer".
So while I get the 'features' like hyperV and GPO etc... I don't get enough control over stuff like the upda
Re: (Score:2)
Alright I want examples. If I am going to consult I can save customers money by using the pro version.
It seems slashdot as the last 5 years is turning into Stalins saying of repeat a lie enough and it will be truth. I see no reason why the enterprise version has more features.
From what I read here from slashdotters the pro version has no GPO support whatsoever, all commercials that take up full screen ads, all updates forced with no settings, etc. I have news? I own 10 pro! I see nothing of the sorts other
Re: (Score:2)
If I am going to consult I can save customers money by using the pro version.
I never said it would save money, per se. Although it might. Depending on how the per user enterprise licensing actually works out when it comes to VMs, desktops, laptops etc.
From what I read here from slashdotters the pro version has no GPO support whatsoever, all commercials that take up full screen ads, all updates forced with no settings, etc. I have news? I own 10 pro! I see nothing of the sorts other than tinfoil hats getting +5s.
I own it too, several copies (6+ at least in my household). I never said it didn't support GPOs or anything. And you are right, so far other than telemetry and some issues with updates, all the nonsense can be turned off. But I'm tired of rebooting my PC after a big update having to find some new crap that needs to be turned off on all
Re: (Score:2)
No you think rationally. What are the huge compromises you speak of?
My accounting software is quickbooks. I also use Microsoft Office (mostly Excel and Word). Quickbooks integrates with Excel. None of that is on linux.
At work I do several things that are Windows or Windows / OSX only. (Filemaker Pro, Quickbooks, Navision, various industry tools, Visual Studio, etc) So its nice to be able to work from home sometimes with locally installed software instead of remoting to the RDP server. And we have hyperV at work, so its nice to be able to migrate/clone VMs back and forth to my home office in some cases.
Just admit up front you want to play games.
For sure. Games is a big deal as well. My HTPC is windows for the games.
And who is running IIS anymore?
Its perfectly fine for hosting b2b middleware like WCF services etc. I have no issues with it. I mean, I've got a debian box next to me with Apache and owncloud and so forth too... its not like I'm windows-only or anything. My laptop is OSX.
I pity people who can't make a living in IT without touching MS.
Its just tools in a toolbox. Use the right tool for the job. Linux is great, but its not the right tool for a lot of jobs.
Re: (Score:2)
You're not a 'power user' if you're looking for ways to buy yourself out of abuse.
The only 'abuse' I'm buying my way out of is the telemetry. And I agree that
The ability to manage my own updates is definitely something non-experts are terrible at, and need to have managed for them. I'm glad clueless idiots can't run around with unpatched systems anymore, not because they have any reason to avoid a patch... they just hit cancel every day straight for the last 3 years because they wanted to check facebook. And then completely disabled UAC because some antique label printing software needed
Re: (Score:3)
the consumer OS whether pro or home continually makes you feel like you are fighting for control -- paying enterprise customers get treated like... well...actual customers. The enterprise OS actually does what they want.
Pray that the deal is not altered any further.
Re: (Score:2)
Re: (Score:2)
What are they?
Besides Telemetry I can not find any difference and this is repeated over and over like it is truth. What can the enterprise do that makes it worth renting my own computer over the pro?
Re: (Score:2)
Hooray! A security feature exclusive to Windows 10 Enterprise customers. That will substantially cut down on the actual difference this makes.
Actually that could influence a lot of Slashdot readers. There's plenty of slashdotters working for the man, because that's where a lot of interesting jobs are. Unfortunately, Microsoft not giving an API for sandboxing will probably mean that these slashdotters will have to use Edge, because lots of Windows sysadmins will outlaw other browsers besides Edge :-(
Re: (Score:2)
Sure there are. %appdata%/lowrights is where apps like IE and Chrome are sandboxed with restricted privileges for threads
A box inside a box... (Score:3)
Well, I already keep Win10 sequestered inside a VM, so now I'll be running a VM inside a VM?
How's that meme go? "Yo dawg ... "
Re: (Score:2)
Ripley: "These people are soldiers, Newt. They're here to protect you."
Newt: "It won't make any difference."
Re: (Score:3)
Hyper-V in Windows 10 anniversary and server 2016 supported nested virtualization so yes it will work.
Can we use a VM for all programs? (Score:2)
Re:Can we use a VM for all programs? (Score:4, Informative)
You could do this on linux if you wanted. Using a tool like firejail, you can run all your software in lightweight sandboxes (linux namespaces). It comes with custom profiles for 100+ desktop/server applications and it's easy to write more. I wouldn't recommend converting all of /usr/bin to run under firejail as this would certainly cause issues but, I run all my desktop applications with it and it's worked well.
Re: (Score:2)
I believe FreeBSD/PC-BSD have a robust jail system as well. FreeBSD also has 'bhyve' and 'iohyve' which together can now support recent Windows versions that require UEFI support emulation.
Howto here: http://pr1ntf.xyz/windowsunder... [pr1ntf.xyz]
Haven't attempted it myself so I have no personal experiences or information on Windows versions and compatibility other than the blog article linked a
Re: (Score:2)
Re: (Score:2)
The only permission choices you will get is whether they share all of your data with everyone that pays or just 99% of it.
Safe ? (Score:3)
>> Windows 10 Will Soon Run Edge In a Virtual Machine To Keep You Safe
Correction : Windows 10 Will Soon Run Edge In a Virtual Machine as a desperate attempt to try to Keep You Safe
Re: (Score:2)
Actually: Windows 10 Will Soon Run Edge In a Virtual Machine as a desperate attempt to try to Keep You Safe from all the other threats to your privacy.
Remember: It's hard to sell data everyone already has.
Re: (Score:2)
More like Windows 10 will Soon Run Edge in a Virtual Machine partly to keep you safe and mostly to have an advantage to hype over Chrome and Firefox, which already keep you pretty safe, but y'know, you can never have too much security.
Why there's no provision to allow other apps to run this way is hard to fathom in any other context.
OS / Browser (Score:3, Insightful)
"Hashes" (Score:3)
I'd say the author does - eg. Linkedin 2012 hack (Score:2)
I don't think the author of the article understands what a password hash is if they think that passwords can be decrypted from them.
They can and are. "Salting" the passwords with extra complexity makes it a lot harder (to the point of impractical to crack if done right) and is the usual practice now to avoid situations like this when it was not done right:
https://techcrunch.com/2016/05... [techcrunch.com]
A dictionary is not just for attacks (Score:2)
No they CAN'T and AREN'T, you can brute force a hash or use rainbow tables to lookup possibilities but you CANNOT decrypt them as they are one way.
Solving with brute force IS a way to decrypt.
A dictionary is not just for attacks, it's also a book for looking up the accepted meanings of words such as decrypt instead of your own pet definition that I'm somehow supposed to know before you attack me for not reading your poorly educated mind.
Re: (Score:2, Insightful)
Except that in this case, it's not.
Due to hash collisions, you do not know if the brute force sollution is the original password.
It's the pigeonhole principle.
Re: (Score:2)
So instead of just admitting that you're wrong, you're going to split hairs?
Fact: You cannot reverse a hash into the password the hash was created from. All you can do is compare the hash to a very long list of known hashes, and call that "decryption", which it isn't. It's a dictionary attack on the hash itself.
Re: (Score:2)
OK, you cannot decrypt them per se. Let's agree that you can find a combination of characters that will produce the correct hash and hence be accepted as a valid version of the password.
Re: (Score:2)
Re: (Score:2)
At least someone got the joke.
This is a good thing (Score:4, Informative)
The white flag is up for OS-level security (Score:2, Interesting)
So this is basically saying that we can no longer depend on the OS to protect us against privilege escalation attacks. The bad guys will have to concentrate on breaking out of VMs or, at least in this case, attacking through the access that the Edge VM has to system resources.
Re: (Score:2)
No modern OS is immune to privilege escalation attacks. Even a formally verified OS would probably still be susceptible to them due to unexpected interactions. Never mind hardware based attacks such as race conditions and rowhammer. If
Okay, but... (Score:2)
If you blow out the sandbox it's running in, you still lose all your browser data, and are now stuck without a browser unless you reload the OS or have already downloaded alternate browsers, which DON'T run sandboxed.
Good fuckin' going!
excellent! (Score:2)
Does this mean they'll finally fix network access for hyper-v hosted VMs when the host system is connected via wifi?
Just that right now it's a fucking shitfest.
Or maybe they're creating a whole new hypervisor for Edge, that will actually work.
Re: (Score:2)
It works fine on my surface pro 3. Maybe it is your hardware.
You did create an external switch called Internet right? Hyper-V is a type 1 hypervisor that runs underneath the OS so it needs a switch created first before it can share it with the host OS that runs on top of it
Re: (Score:2)
https://blogs.msdn.microsoft.c... [microsoft.com] is a useful resource, that includes "Unfortunately, this approach does not always work."
No, no it doesn't.
I lost patience with the NAT approach. I'm not a Windows admin, a network specialist or a virtualisation expert so I decided to defer the day or two of learning and experimentation for when I have energy and time.
Or Microsoft could fix the shitty hypervisor. Seriously, when it's easier to download software from Oracle you know there's something broken.
Re: (Score:2)
First off Hyper-V is a type 1 hypervisor. It runs underneath the OS as the host OS (in contrast to Vbox and VMware Workstation) is really another guest that runs on top of hyper-V.
Basically the hostOS is the parent with more control of the children guests. it is like this as the hypervisor runs at ring -1 underneath the kernal at the cpu.
I disagree as last weekend I cursed at VMware Workstation for being shitty in i/o and vowed never to run a type 2 hypervisor again. You need to create a switch as the paren
Re: (Score:2)
Just create a switch that is external and add that to yoru Vms and you should be good.
I should, but I'm not. Welcome to Hyper-V.
A VM is not security - idiots (Score:5, Interesting)
It only gives you the illusion of it.
In reality the VM software has to get it's hooks so deep into the hosts networking and other sensitive bits that you can never be sure that software running on the client can't get up to nasty tricks on the host.
If you want security design for security instead of taking the lazy way out of using something completely different done by someone else and pretend that partial separation for totally different reasons is equivalent to security.
It's just like expecting to enter a Ford Bronco is a horse race. The name makes it sound like it belongs but it's not the same thing and was never intended to be.
Re: (Score:2)
Security is a spectrum, not a binary situation, and layered solutions provide benefits. So yes, a virtual machine providers security benefits, especially because virtual machines are used for security and violations that break that security are bugs.
Re: (Score:2)
Not really, and effectively zero if it exploits a bug in the VM. The point is these things have been designed without security in mind, they have been designed for a completely different purpose, so they can't ve described as "hardened" - not even the pathetic security catchup game being played with Hyper-V.
Re: (Score:2)
So you can guarantee being able to break out of the VM? I mean, you actually, personally, know that you could do this, and by what method, and could demonstrate it if called upon?
Why so aggressive? (Score:2)
Now where did I say that? What's with the lies over something so trivial?
I wrote what I wrote and not what the strawman in your head is up to.
This is a very old and well understood problem ( http://www.csl.sri.com/users/r... [sri.com] ) and I suggest you learn about the implications instead of frothing at the mouth in denial.
When the VM has been designed without security in mind and with hooks deep into the host at the kernel driver level without separation the
Read the paper to see how it should be (Score:2)
Re: (Score:2)
Now where did I say that? What's with the lies over something so trivial?
I'm not lying. I'm drawing an inference from your statements:
"A VM is not security - idiots"
"effectively zero if it exploits a bug in the VM"
If security was as bad as you make it out to be, then why can't you demonstrate a hole?
Read the paper to see how it should be and despair that the Virtual Machines we are talking about are nothing like how it should be.
Thanks for the link, and I will read the paper. But imperfectly designed security that actually achieves some security in practice is better than not using a VM at all. I'll keep on using VMs as another layer of security.
Re: (Score:2)
The paper goes into what you, I and many others wish for but we have been delivered the opposite - an application with enough security to stop the honest tacked on as an afterthought.
Now work on that temper.
Re: (Score:2)
Now work on that temper.
projection [wikipedia.org]
Re: (Score:2)
Pretty fucking passively aggressively weak isn't it? you poor little boy - someone challenges your ignorance and you pretend your response is all my fault. The world must be a very hard place for you to live in.
Re: (Score:2)
So says the guy who marked someone a "foe" to the person who did not do the same to to person calling him a liar.
Projection sure is a bitch, isn't it? Turns you into a complete hypocrite and fool. Your handle was familiar, but I only remembered our previous entanglement later on. You marked me a foe (check your list) a long time ago, not the other way around. You called me a liar, not the other way around.
You're the angry one. All because I challenged your position.
Re: (Score:2)
All it took for me to find those examples you pretended could not possibly exist was a google search - but it turns out I didn't even have to do that - there is even a wikipedia article FFS!
Re: (Score:2)
Can you do anything other than whine and get things wrong?
That projection is still going strong. You say this after embarrassing yourself, accusing me of what you actually did, showing yourself the fool and the hypocrite.
All it took for me to find those examples you pretended could not possibly exist was a google search
Yes, I figured it was just a Google search, since you clearly demonstrated you didn't know of an open hole that exists today, despite claiming that a VM is not security. I know there have been VM security bugs in the past. I didn't need you to search that for me.
My point is that they have been fixed because VMs are being used for security. What I
Re: (Score:2)
What does that tell you?
Idiocy, but not really yours - you have been fooled by marketing and are only spreading what you have been told.
If you had taken a look at wikipedia before using VMs for "security" then you would have known better.
Re: (Score:2)
You are bitching about all kinds of shit unrelated to the topic. What does that tell you?
That you're projecting again, because that's what you are doing. I'm just responding to your bitching, showing what a hypocrite and fool you are.
Idiocy, but not really yours
Yeah, it's yours. I'll use working and practical security even if it has design flaws. When pressed, you cannot demonstrate a working exploit today.
Re: (Score:2)
Says a lot doesn't it?
I don't need to project do I?
Using a VM adds a new class of vunerability instead of security. If you want something for security use something designed for it instead of a totally different tool. You are suggesting something akin to hammering in a nail with a drinking glass - WRONG TOOL FOR THE JOB.
Re: (Score:2)
I can't help noticing that instead of addressing the examples I gave you decided to attack me instead.
I already responded to your examples. I can't help it if you're daft or willingly ignorant.
Says a lot doesn't it?
Says that you act angry, make a fool and hypocrite out of yourself, and then act like I instigated your nonsense.
Using a VM adds a new class of vunerability instead of security.
It also adds a new layer of security. If somebody exploits a zero-day in an app, they then have to exploit a zero-day in the VM it's running in. It also prevents a huge swath of attacks from malware that abuse typical permissions found in garden variety desktop setups.
If you want something for security use something designed for it instead of a totally different tool. You are suggesting something akin to hammering in a nail with a drinking glass - WRONG TOOL FOR THE JOB.
Uh huh. That's why you can't demonstrat
Re: (Score:2)
A good analogy is that you responded to my proof that horses exist with a request for delivery of a very special pony.
Any chance of a real response instead of a pathetic goalpost shift?
As is Microsoft Windows, OS X and nearly everything else. This is getting weird. Do you really know anything at all about the topic or did you just see my name and decide to try to bait me?
Re: (Score:2)
What does your boss think of such an unusual choice for such a task instead of something actually designed for security? That is of course assuming you are doing more than just running a single Window XP instance on your desktop for legacy software and are actually doing what you suggest you are doing.
Perhaps your superiors could tell you about zones, jails, containers or the many other tools actually designed for the job?
BTW - here are a few more of th
Re: (Score:2)
A good analogy is that you responded to my proof that horses exist with a request for delivery of a very special pony.
No, that's a really dumb analogy. As I've already told you twice, I never asked for an old bug, as I knew they existed. I asked for a current bug. That this basic point eludes you this far into the thread means you are hopeless dumb or willfully ignorant.
As is Microsoft Windows, OS X and nearly everything else.
And they all suck when it comes to security exploits, because they are monolithic. Try reading the paper you linked and actually understand it.
Anyways, you're a waste of time. You've already embarrassed yourself enough with your hypocrisy and foolishness. N
Re: (Score:2)
Then look up the word "IF". You know it already? Then you are NOT drawing an inference from my statements.
The virtual machine software we have directly interfaces with real hardware on a lot of levels - for example Virtualbox putting ethernet cards into promiscious mode. An exploit of the VM could very obviously exploit what the VM has full control over.
I really don't get why you are so angry when such things are discussed.
Re: (Score:2)
It has been demonstrated as by others - it is such a well known problem that Wikipedia has an article on it:
https://en.wikipedia.org/wiki/Virtual_machine_escape
Symantec have written about it:
https://www.symantec.com/avcenter/reference/Virtual_Machine_Threats.pdf
and there have been items in the news:
http://www.darkreading.com/risk/hacking-tool-lets-a-vm-break-out-and-attack-its-host/d/d-id/1131254?
Jails, zones and some o
Re: (Score:2)
Actually if it is hardened it can certainly help.
Windows 10 anniversary and server 2016 have safeguarded and hardened VM support in Hyper-V it calls shielded. I./O is limited accept through a layer and network hardening means it won't accept rogue IP addresses as routers which is a classic hacker scheme.
It is easy to spoof an IP address and advertise as a router to poison DNS as an example.
This would certainly help against this kind of attack.
Re: (Score:2)
The point is these things have been designed without security in mind, they have been designed for a completely different purpose, so they can't be described as "hardened", not even the catchup game years after design with your example.
What will keep me safe from Windows 10? (Score:2)
Re: (Score:2)
This will keep your windows 10 safe from spying : https://pbs.twimg.com/media/Ck... [twimg.com]
The "Latex gap" has some drawbacks.
Or you could simply use Linux.
Titles. Jesus! (Score:2)
For real? (Score:2)
Thats pretty much throwing the towel and admiting "hey, we just can't get security right".
Re: (Score:3)
With all the holes and compromise made to let tracking and ads work down to an OS level, expect a few easy ways in and out.
Re: (Score:2)
Edge != IE 6.
IE 8 and above had Chrome style security with sandboxing by default and lowrights mode in c:\users\user\%appdata% since 2009! No you did not misread that.
I still do not use Edge/IE 11 unless I am at work using a corporate site though :-)
But regardless people need to wake up that it is not 2004 anymore. Any browser that executes code needs to be in a VM sadly if you run from untrusted sources. Flash and javascript execute code which makes them insecure. Even with a sandbox and threading per proc
Re: (Score:2)
Defense ? MS is more on the attack side of Security these days with all the rootkits and the data leaks they add everywhere.
A Good start (Score:4, Interesting)
A good start. But I run the Windows virtual machine inside a virtual machine, because Windows 10 can not be trusted. I don't store any personal information on it, and use it just for games.
Windows runs BETTER virtualized, because it has simpler hardware, that Microsoft programmers can understand.
No running for driver CD's, or having Windows brick my machine.
I can roll back updates just by copying a file.
The way Windows should be run.
WDAGME? WinDAGME? (Score:2)
That's good, I was worried (Score:2)
I could mistype something when I'm downloading Chrome and end up in trouble.
Good-but Enterprise only (Score:2)
Basically, all businesses are going to have to subscribe to Windows 10 Enterprise if they want the features they were used to getting from Pro in the past. Microsoft should just merge Home and Pro into one edition and call it Consumer or Ad-and-Telemetry-Supported or something. A lot of places, including my workplace, have been used to getting the features we need from the OEM license of the Pro version of Windows shipped with the PC. This is how Microsoft is going to work around the claim they won't be cha
Re: (Score:2)
What is wrong with the pro version?
I keep seeing that repeated here but only thing I can find it typing history isn't recorded.
My thinking is home users desperately need something like this if it uses shielded VM's that is in hyper-v in server 2016 and Windows 10 anniversary edition as corporations have Junipers and Cisco devices configured for things like rejected spoofed IP addresses and rogue IP's pretending to be routers to poison DNS etc. Home based routers lack these options.
A network shielded VM can
Re: (Score:2)
"What is wrong with the pro version?"
The main complaint I have is that the Pro version lacks certain key features that Enterprises might like. There's no way to disable some of the telemetry/tracking in the Pro version, you can't run the LTSB in Pro, and it's looking like all the interesting stuff is being locked behind that Enterprise edition/subscription. Pro used to be just fine for most enterprises, but now way more companies are going to have to pay monthly for the license to use an OS that the OEM shi
Re: (Score:2)
Thanks for your reply
So basically you can opt out of the defered updates of delaying 3 to 4 months of updates to 10 like in the pro to 10 years. That can be a plus for certain industries like hospitals that need to have a certified FDA approved image.
Anything else? Especially for home users or even medium sized businesses for renting computers. I kind of like the idea of different channels like the pro where you can be 1 version behind with security or go older for just security updates.
Basically like SELinux? (Score:2)
They say it's not a virtual machine, just an environment that only allows a subset of APIs and capabilities required for the browser to work... Sounds like what SELinux policies do
Too bad... (Score:2)
Microsoft knows their browser coding skills (Score:2)
strange, that they do not recommend to use a dedicated pc for edge.
Re:Micro$slop requires virtualization? Really? (Score:5, Insightful)
All applications should be sandboxed. The kernel should be sandboxed.
Re: Micro$slop requires virtualization? Really? (Score:2)
Re: Micro$slop requires virtualization? Really? (Score:4, Interesting)
Virtualization != sandboxing. You can sandbox on Windows with SandboxIE, where all writes from the sandboxed app are redirected elsewhere. Doing this doesn't require a separate OS or filesystem, so it doesn't add that context shifting as overhead.
You can also run your Web browser in a VM. You get better separation, but at a price, although with hypervisors becoming the norm and not the exception, running VMs may not have as onerous a penalty as they used to.
I like a combination of the two. I like browser windows and tabs separated from each other, like what Chrome/Chromium does, but the browser should run in its own VM so if something does get out of the browser, it is in a completely separate user and machine context. Without the VM isolation, even if malware just has context of a user, that can allow files to be uploaded and ransomware to do its dirty work.
Jails are another solution, but it can be argued that it might be best to completely isolate filesystems, especially if some software decides to do stuff like mkdir foo; cd foo loops, or just create tons of files in order to use up all inodes. Done on a VM, worst case, it means one dumps the VM and rolls back. Done on a desktop, it can mean work stoppage.
Re: (Score:2)
And yet the static HTML of the 90s still has security issues, like the (malformed) GIF exploits of old.
good buy steam / game mods / maps editors then (Score:2)
good buy steam / game mods / maps editors then.
Re: (Score:2)
Lots of people think Steam is a good buy. Your comment is a complete non sequitur, though.
Re: (Score:2)
This.
That's the, what now, 4th? time that MS is promising that its browser will be sandboxed and virtualized and whatnot. Guess what: They managed to botch it every single time.
Wake me when they actually deliver, their promises are less credible than that of a politician or a religious figurehead.
Re: (Score:2)
That's my feeling. I see no reason to use it at this point, and we've already got Chrome and Firefox installed on all company workstations. We long ago abandoned MS's web browser solutions.
Re: (Score:2)
Better security (Score:5, Funny)
I've got a more secure solution.
I'll only let Edge run on other people's computers.
SandboxIE (Score:3)
Re: (Score:2)
Re: (Score:2)
No, I think it's apt. VBS was bloated, slow, a security concern and essentially useless once you outgrew it, which happened about the second day you used it.
And as it was, so it shall be.
Re: (Score:2)
When Hyper-V is enabled, the currently installed instance of Windows is moved into a VM that runs under the hypervisor and becomes a management VM that is automatically started on boot. The management VM does not have access to the RAM assigned to any other VMs. It can potentially ask the hypervisor to suspend
Re: (Score:2)
I run Hyper-V at home and never seen this problem.
Which games have problem with this?