Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Sunday April 26 2015, @02:47AM   Printer-friendly
from the hurdles-all-the-way-down dept.

On Wednesday, at the RSA conference in San Francisco, Microsoft veep Scott Charney outlined a new security mechanism in Windows 10 called Device Guard ( https://blogs.windows.com/business/2015/04/21/windows-10-security-innovations-at-rsa-device-guard-windows-hello-and-microsoft-passport/ ). We've taken a closer look.

The details are a little vague – more information will emerge at the Build event next week – but from what we can tell, Device Guard wraps an extra layer of defense around the operating system to prevent malware from permanently compromising a PC.

Device Guard, when enabled by an administrator, checks to see if each and every application is cryptographically signed by Microsoft as a trusted binary before it is allowed to run. Device Guard itself runs in its own pocket of memory with its own minimal instance of Windows, and is protected from the rest of the system by the IOMMU features in the PC's processor and motherboard chipset.

These IOMMU features (outlined here by the Minix project http://www.minix3.org/docs/szekeres-iommu.pdf ) wall off Device Guard from the computer's hardware, so it cannot be tampered with by other software, no matter how low level that software is.

If the Windows 10 kernel, which has control over the PC, is compromised, Device Guard will remain fire-walled off, and cannot be subverted into allowing unauthorized code to run. A hypervisor running beneath the kernel and Device Guard enforces this.

(In theory, that is – similar "secure execution environments" have been defeated in the past.)
http://atredispartners.blogspot.com/2014/08/here-be-dragons-vulnerabilities-in.html
http://blog.azimuthsecurity.com/2013/04/unlocking-motorola-bootloader.html

http://www.theregister.co.uk/2015/04/23/microsoft_windows_10_device_guard/

Do you think that Microsoft can make this work as described?

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Insightful) by Runaway1956 on Sunday April 26 2015, @10:52AM

    by Runaway1956 (2926) Subscriber Badge on Sunday April 26 2015, @10:52AM (#175316) Journal

    Parent post is flamebait? Come on children, I laughed out loud - literally - when I read that.

    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 3, Touché) by aristarchus on Sunday April 26 2015, @11:36AM

    by aristarchus (2645) on Sunday April 26 2015, @11:36AM (#175320) Journal

    Runaway!! Is that you? (cough, cough!) You are the last one I expected to come to my aid! Sorry about the disagreements we had! (Hack, brrachhh!) They hit me with a spam mod, Runaway! I never even saw it coming. Most likely from orbit, they thought it was the only way to be sure. Looks like it curtains for me!!! (Ouch, ow, moan.)

    All I can say, is save yourself! I thought those who were complaining about mod bombers were complaining about the rest of us here on Soylent News, but now I realize that it was more of a threat than a complaint! My karma is the lowest it's ever been, in spite of actually submitting an article that actually got accepted (for a change), I don't think I will survive this! Oh, the irony, to have lived 2400 years as a human, only to be brought down by anonymous modders on Soylent News. Say goodbye to all the Soylentils for me, tell Laura I love her, and (gasp) remember me to Broadway! Thanks for being here for me, bro!!

    (Oh, word to the wise, STAY OUT OF PLAYREADY ThREAD!!!! It's a trap!!)

  • (Score: -1, Flamebait) by Anonymous Coward on Sunday April 26 2015, @12:46PM

    by Anonymous Coward on Sunday April 26 2015, @12:46PM (#175335)

    "Pathetic" would be a better mod. Or possibly "Retarded".