Microsoft today highlighted on their official Windows blog about the security improvements for consumers and enterprises included in every layer of the Windows 10 stack.
In Windows 10, Virtualization Based Security (VBS) uses the processors’ virtualization extensions to create a hardware-based security boundary between sensitive Windows components and data and the rest of the operating system. It powers Windows 10 features like Virtual TPM, Device Guard and Credential Guard. Hardware based isolation and protection of sensitive operations and information is another of the key improvements in Windows 10.
Microsoft has also made substantial improvements to Microsoft Edge’s security with Windows 10.
- The use of our AppContainer sandboxing technology enables us to isolate the browser from the rest of the OS, apps and user data.
- A new plug-in model prevents plug-ins implemented with insecure designs from running.
- New mitigations in ASLR and Control Flow Guard harden the browser from code injection and memory corruption attacks to help defeat common exploit techniques, such as heap spraying and ROP.
- Untrusted and malicious fonts that were served by web pages and embedded in docs are now blocked and the font parsing code has been sandboxed.
Read about Windows Hello, BitLocker, Windows Defender Advanced Threat Protection and all other security improvements coming in Windows 10 here.