Microsoft announced at their Ignite 2016 conference that their new web browser, Edge, which is available exclusively for Windows 10, will get an extra security layer. The app will utilize virtualization to isolate threats and run web sites and web apps inside a secure environment.
Under the hood of the mentioned feature is a new technology called Virtualization-Based Security (VBS). It is powered by Hyper-V, which acts as lightweight virtual machine. Microsoft claims that it won't allow attackers to get access to sensitive data when the user is using Edge.
Windows Defender Application Guard for Microsoft Edge provides a set of essential Windows features in a VM which is available for the browser. It is a minimalist VM which includes only explicit features and components required by the browser to work properly. According to Microsoft, this reduces the attack vector.
If the user needs something that doesn't fit the new security mode for Edge, he can mark a web site as "trusted". This will allow the browser to leave the security container and run the related process as a regular app with the full set of permissions currently available on the operating system.
Windows Defender Application Guard is limited to Edge only. The technology won't be available for third party apps. In the future, Microsoft might extend the availability of the protection to other apps, but only for built-in Windows apps.
Windows Defender Application Guard will be initially available for Windows 10 Enterprise only. It is not clear when it will be accessible to users of other editions.
Microsoft says that using a Virtual Machine to isolate apps in a container does have some performance impact. Also, other apps that rely on hardware-assisted virtualization like VirtualBox or VMware Workstation may not be able to run when this secure mode of Edge is enabled. Another limitation is that virtualized sites can't store cookies between sessions; closing the browser clears all of your cookies, so you'd have to re-login every time.
Do you like the idea behind the Windows Defender Application Guard feature? Do you think it will help Edge compete with mainstream browsers?