Windows 10 Will Use Virtualization For Extra Security

Microsoft explores new security strategies based on virtualization to better protect enterprise customers from malware and identity theft.

Kelly Sheridan, Staff Editor, Dark Reading

July 22, 2015

3 Min Read
<p align="left">(Image: PonyWang/iStockPhoto)</p>

Windows 10 vs. Mac OS X 10.11: OS Showdown

Windows 10 vs. Mac OS X 10.11: OS Showdown

Windows 10 vs. Mac OS X 10.11: OS Showdown (Click image for larger view and slideshow.)

When we're talking about Windows 10 features, security upgrades are often edged out of the spotlight by flashy additions like Cortana for desktop, Microsoft Edge, and Universal Apps.

Perhaps this is because Microsoft is targeting a broad consumer audience with its new operating system, and many people don't care quite as much about nitty-gritty security details as they do about the return of the Start menu. Increased security is not an attention-grabber for everyone.

That said, there are still plenty of consumers and enterprise customers who want to know how their devices and data will be protected on Windows 10. We're living and working in an age of heightened security risk. The question is not whether an attack will happen, but when.

[CIOs Aren't Getting What They Need From CRM]

"The threats that we're seeing are dramatically different from what we saw four years ago," Chris Hallum, senior product manager for Windows business security, said in an interview with InformationWeek. "Organizations are still getting breached, even when they have the very best security solutions."

Today's attacks are more aggressive and targeted. Detection-based models for pinpointing malware are no longer enough. Most hackers use one of two avenues in a security breach: identity theft and increasingly advanced malware.

In Windows 7 and 8, Microsoft implemented security measures that now seem incremental in hindsight, said Hallum. The goals were to build taller and thicker "walls" for enhancing security, and to create more "speed bumps" to prevent attacks.

While this made it harder for hackers to get through, it didn't eliminate any specific class of attacks.

Hackers began to adopt new capabilities faster than Microsoft was changing its features. As data breaches began to escalate rapidly, the team decided it was time to "fundamentally change the game with attackers," Hallum explained.

"With Windows 10, we took the time to change the platform to make the interior hard as the exterior," he continued. One of the biggest security updates in Windows 10 is the use of virtualization as a means of preventing identity theft and distribution of malware.

The Windows component that facilitates communication, also known as the local security authority (LSA), can give a hacker full authentication if successfully compromised. In Windows 10, the LSA is moved into a separate container that serves as a virtualization-based security (VBS) environment.

This way, even if the OS were compromised, an attacker wouldn't be able to assume control of the authentication process.

LSA is the same service that interacts with derived credentials, which provide authentication across a network when you use single sign-on. "Attackers love to steal that content," said Hallum, because once they're inside, they can navigate the network without accessing the rest of your information.

With data protected inside the VBS container, Windows 10 marks the first version of Windows to leverage hardware to create an area of high isolation. This makes it impossible for hackers to steal derived credentials, Hallum explained.

Of course, this isn't the only advanced protection we'll see in Windows 10, but the hardware component does merit discussion. Microsoft has introduced a range of new security features, including additional authentication safeguards Windows Hello and Passport.

To further enhance enterprise security in Windows 10, Microsoft will administer OS updates through "Long Term Servicing Branches." This will give businesses greater security and control over how they receive new features, and more flexibility in adopting innovation at their own pace.

A "Current Branch for Business" will accommodate enterprise customers who handle end-user devices that aren't necessarily mission-critical. In addition to security updates, these customers will receive feature upgrades after compatibility has been ensured in the consumer market.

About the Author(s)

Kelly Sheridan

Staff Editor, Dark Reading

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial services. Sheridan earned her BA in English at Villanova University. You can follow her on Twitter @kellymsheridan.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights