SANS security analyst urge Microsoft to make Windows run Store apps only



Microsoft Security

At Ignite Microsoft announced Windows Defender Application Guard, a new security feature that will roll out to some enterprise customers next year that would automatically cause the Edge browser to run in a virtual machine for unrecognized websites, thereby preventing malware from being able to infect your actual machine. When you close the website the virtual machine is flushed and no data is retained.

For analyst John Pescatore, director of emerging security trends at the SANS Institute, the move does not go far enough.

“The whole idea of containerization has a basic security flaw. The idea is that if malware starts running in the [container], you just shut it down. But what happened while the malware was running?”

“Application Guard is Microsoft saying ‘When bad software happens, hopefully it won’t hurt you as much,'” Pescatore said.

Pescatore argued that Application Guard, like other protective measures Microsoft has layered onto Windows, was simply another band-aid that did not address the real problem with the operating system’s security, that being the ability to install unchecked 3rd party applications in the first instance.

“You don’t need this on browsers running on iOS or Android,” said Pescatore. “So why aren’t they talking about an application store for Windows?”

The modern smartphone area is characterized by the app store, which made running applications on your smartphone safe and easy. The Windows Store provides the same features, but can not offer the same protection to Windows until Microsoft close the sideloading hole.

He notes that by continuing to support the old way of doing things, under which code can come from anywhere, Microsoft must fight every skirmish, wage war against every hacker and every piece of malware. It would be simpler and safer, Pescatore argued, to restrict what Windows can run rather than to build one trench line after another surrounding the operating system, the browser and other critical applications.

The launch of the Centennial Bridge means that even legacy Win32 apps can be hosted on the store, where they can be checked, containerized, monetized and easily installed and uninstalled without compromising your machine.

With the Centennial Bridge, do our readers see an Xbox-like future for Microsoft where only Store apps can run? Let us know below.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}