Microsoft is making big efforts to increase the security of Windows 10 and turn the new operating system into a fully secure working environment, so several new features will be available in this regard when it comes out.
In addition to Microsoft Passport and Windows Hello, both of which were announced a few months ago, Redmond will also introduce a feature called Device Guard that would give organizations full control over the apps that are allowed to be launched on a device running Windows 10.
According to Microsoft, the new feature should provide advanced malware protection against new and even unknown malware variants and block all zero-day threats for Windows 10. Basically, no other apps than the ones you allow can be launched on a Windows 10 device. You can configure the feature to work with apps signed by defined vendors, apps from the store, or those developed by your company, Microsoft said.
“You’re in control of what sources Device Guard considers trustworthy and it comes with tools that can make it easy to sign Universal or even Win32 apps that may not have been originally signed by the software vendor.”
However, Device Guard is supposed not to replace your antivirus but to work together with it. For example, antivirus solutions can still continue to block macros or other forms of malware while Device Guard would be in charge of restricting access to apps that aren’t allowed in your organization.
Microsoft explains how the duo would work:
“Traditional AV solutions and app control technologies will be able to depend on Device Guard to help block executable and script based malware while AV will continue to cover areas that Device Guard doesn’t such as JIT based apps (e.g.: Java) and macros within documents. App control technologies can be used to define which trustworthy apps should be allowed to run on a device.”
Windows 10 is projected to launch this summer, with RTM expected to be reached in June, while general availability should be announced in August. Windows 10 will be offered as a free upgrade for Windows 8.1 and Windows 7 users, but enterprises would still have to pay for it.