Device Guard for Windows 10 will Lock Down the Desktop by Allowing Only Trusted Apps
The final form of Windows 10 is said to be coming to users this summer, and there’s a lot of expectation surrounding the product. Windows 8 failed to get traction, and the Windows 8.1 update also didn’t help, so now Microsoft is betting on a fresh approach with Windows 10 that would unite desktop and mobile users under a single banner.
And as we’re nearing closer to the release date, Microsoft is busy behind the curtains tidying up and announcing new features that we’re going to see in the final version of Windows 10. One of these features is Device Guard, a new option which is aimed at enterprise customers who are looking to increase the security in their organizations.
Speaking at the RSA Conference in San Francisco, Microsoft announced Device Guard as a new Windows 10 security feature meant for enterprises who want to lock down their desktops. The company talked about it before, but only now has it become official. Device Guard will lock down Windows 10 devices and these will be incapable of running anything other than trusted apps.
Even more, Microsoft claims this new feature also ‘provides better security against malware and zero days attacks’. Enterprise users had to resort to other tools for this, but now Windows 10 comes with built-in stronger security, which could be another reason for business buyers to consider using the operating system in their organization. Even if it comes with certain anti-malware features, Device Guard won’t replace your antivirus but it will work together with it. Microsoft adds more details:
Traditional AV solutions and app control technologies will be able to depend on Device Guard to help block executable and script based malware while AV will continue to cover areas that Device Guard doesn’t such as JIT based apps (e.g.: Java) and macros within documents. App control technologies can be used to define which trustworthy apps should be allowed to run on a device.
Device Guard will only allow to run trusted apps, and these have to be signed by specific software vendors, the Windows Store, or your specific organization. A couple of OEMs have already signed on to support Device Guard, such as Acer, Fujitsu, HP, NCR, Lenovo, Par Technology, and Toshiba.