Windows 10 gets improved security with Device Guard, Windows Hello, and Microsoft Passport

While many Windows Insiders are asking for esthetic implementations and consumer friendly features, enterprise users are waiting for some promises the Windows team made quite a few months ago. Back in October the Windows team shared information regarding the security and identification features that would someday make it into Windows 10. Like many of Microsoft’s ‘too-early’ announced projects, it felt like those announcements have mostly gone unattended to date. However, rather than waiting for Build to unveil this particular bit of information, the Windows team is taking this year’s RSA Conference in San Francisco as an opportunity to reassess those promises.

Corporate Vice President of Trustworthy Computing, Scott Charney, spoke at today’s conference in regards to the security innovations that are coming to Windows 10. Items like Device Guard, Microsoft Passport, and Windows Hello should help enterprise cloud customers be more transparent while also giving them more control over how and where their data.

Device Guard is pretty much what it sounds like. This feature will allow organizations access to lock down devices while also offering protection against new and unknown dreaded malware. This feature also provides protection against Advance Persistent Threats (APT’s). With Device Guard enabled, users will also see the feature provide better Zero Day support for Windows by only allowing trusted apps whether the apps are found online by specific vendors or the Windows Store. IT admins can determine what is considered safe or ‘trustworthy’, while also using this tool to go back and sign previous Universal or Win32 apps that were not originally signed by software vendors. 

“To help protect users from malware, when an app is executed, Windows makes a determination on whether that app is trustworthy, and notifies the user if it is not. Device Guard can use hardware technology and virtualization to isolate that decision making function from the rest of the Windows operating system, which helps provide protection from attackers or malware that have managed to gain full system privilege. This gives it a significant advantage over traditional anti-virus and app control technologies like AppLocker, Bit9, and others which are subject to tampering by an administrator or malware. In practice, Device Guard will frequently be used in combination with traditional AV and app control technologies. Traditional AV solutions and app control technologies will be able to depend on Device Guard to help block executable and script based malware while AV will continue to cover areas that Device Guard doesn’t such as JIT based apps (e.g.: Java) and macros within documents. App control technologies can be used to define which trustworthy apps should be allowed to run on a device. In this case IT uses app control as a means to govern productivity and compliance rather than malware prevention.”

Windows Hello and Microsoft Passport are two security innovations in Windows 10 that will benefit consumers, employees and enterprise all at once. These two new security features were originally announced at WinHEC last month but are quickly picking up steam in development as OEM’s are eagerly waiting to implement them into new hardware and technologies. With Windows Hello and Microsoft Passport, Windows 10 will have system-wide support for biometric authentication while also maintaining enterprise-grade two-factor authentication. Consumers and Enterprise user alike can now look forward to the a higher level of security when accessing their online information or access to their hardware. These securities are in place to remove the nuances of having to consider or deal with changing passwords constantly.

While fingerprint-based sensors are already present in many Windows-based devices, Windows Hello looks to expand security based biometrics beyond the finger while also maintaining support for current hardware. In particular, the Windows Hello Technology, will be incorporate Intel RealSense 3D Camera (F200) technology, for facial recognition and unlocking of devices. According to Microsoft, “The Windows Hello technology behind these devices, Intel’s RealSense F200 camera technology, uses infrared lasers, multiple lenses, and a special processing chip to analyze images for Windows Hello. While Windows Hello’s facial recognition isn’t going to be limited to the Intel RealSense technology it’s a great option that is currently in the marketplace so look for devices using this technology.” This support extends to Microsoft Passport as well, allowing users to use face-unlock to access and validate all services that tie into Microsoft Passport. This functionality should work in similar fashion to the fingerprint ID found in iOS. A single secure form of verification for all your digital resources.

If and when OEM’s begin rolling out devices that support all three security innovations found in Windows 10, they will be on course to help protect customers and themselves. The Windows team is suggesting that threats and tactics commonly used against OEM’s, enterprise, and consumers will be significantly reduced, or in some cases, eliminated with the combination of Device Guard, Windows Hello, and Microsoft Passport.