back to article Microsoft's 'anti-malware Device Guard' in Windows 10: How it works, what you need

Microsoft has published a technical guide to its new Device Guard features in Windows 10 – including how to configure the anti-malware technology, and what hardware you'll need to use it. We first learned of Device Guard in April at the RSA 2015 conference in San Francisco, and then a month later a little more info was teased …

  1. Crazy Operations Guy Silver badge

    Many core processors

    I've always wondered why nobody bothered doing this in hardware. You'd have a couple real-time processors set aside for the OS and hardware interfacing, each one of which has its own dedicated memory (Possibly even dedicated chips) and then you'd have all the user stuff run on a huge cluster of standard processor cores. That way the OS is fully protected and immune to even cache-poisoning attacks since it runs on what is essentially dedicated hardware. The Real-time chips could access both sets of memory, but the application cores can only access the shared memory.

    A theoretical would system work like the following:

    -A user application would just simply send dump a set of requested actions into the shared buffer (EG, I need this file, draw this on in my window, or send this packet to network. The process would then send an interrupt to the OS and the OS looks up the various system calls the process put through by the application process and either performs the action or denies the process based on some security process running simultaneously with the kernel.

    -If an application requests a security-sensitive action, the OS itself could halt the application processors and run a check on the requesting process's memory space to verify it hasn't been tampered with and is trusted. If those checks pass, then the request is granted, else the request is denied and the anti-virus engine is called into action. The ability to stop the app cores while the OS still runs would be so very valuable in killing malware or even jsut prevent something from spoofing the OS.

    -With enough cores, it could be possible to have every hardware driver run on its own core to interface with its associated piece of hardware. A single real-time core per PCIe lane or other interface would be sufficient to handle a system's needs. Each 'Driver" core would also come with its own bit of memory. This way the system would even be immune to hardware failures, the core running the driver would just need to be kicked. Hell, you could even support hot-swapping the video card...

    1. LDS Silver badge

      Re: Many core processors

      Actually, that is, more or less, what the x86 protected mode was designed to achive, albeit without dedicated processor corese, since the 80286. Just most OS implementation has used a common denominator approach, for portability and performance reasons, and never really exploited the security features of the processors. For example using more than two rings, you could have the I/O code (including the graphic one) running at a less privileged level than the core kernel routines, thus, for example, a vulnerability in font handling or network stack won't be able to attack the kernel even if running at a level where I/O with the video/network card is allowed, without giving that privilege to user space applications.

      1. James 51

        Re: Many core processors

        AMD would have an advantage there with more phyiscal cores (generally) in their chips.

    2. Nigel 11

      Re: Many core processors

      Isn't this just the next iteration of the Microkernel architecture (as epitomized by the Gnu Hurd)? In the past, efficiency penalties were always too high for this approach to OS design to take off. Today, with CPU power benefitting for more from Moore's law than other constraints of the overall system, it has a chance.

      The problem I forsee, is that if somebody does manage to subvert the hypervisor / master control process / whatever, it'll be far harder for ordinary users to do anything about it. A dream for the NSA? Until China also breaks in to the party? then North Korea? Followed by private industrial espionage funded by reclusive billionaires?

      There's no such thing as nontrivial bug-free software. Even the hardware has bugs these days!

      1. JLV Silver badge

        >as epitomized by the Gnu Hurd

        one would hope that microkernel OSs have better showcases than a perenially late, never-ready OS ;)

        QNX has a fairly realistic and robust implementation, as I understand it.

        Yeah, and before you think thats an anti-Linux rant, I rather think the folks who used to rag on Linux because it wasnt micro-kernel totally missed the point. Shipping code over vaporware.

  2. Mark 85 Silver badge

    The pity of this is that it looks like it won't be available to the home user, only enterprises. I guess home users are the cannon fodder in the war on malware.

    1. Anonymous Coward
      Anonymous Coward

      WTF, Mark!

      Do you really want Microsoft to dictate what you can run on your personal, home computer ? Whose side are you on ?

      1. Anonymous Coward
        Anonymous Coward

        @AC - Re: WTF, Mark!

        Careful there, AC - don't want to give them ideas.

        Although it is interesting to note that my last set of updates for Windows 7 (Home Premium) included KB3083992 Update to improve AppLocker certificate handling.

        Applocker is part of the enterprise application control functionality and is mentioned in the Microsoft article, but it is supposedly not useable on Home and Pro versions.

        Why have the software there and maintain it, then?

        1. hplasm Silver badge
          Devil

          Re: @AC - WTF, Mark!

          "Why have the software there and maintain it, then?"

          Lazy coding- it is MS after all.

          1. Anonymous Coward
            Anonymous Coward

            @hplasm - Re: @AC - WTF, Mark!

            Lazy, I understand. But the truly lazy thing to do would have been to remove it so that they wouldn't have to maintain it.

            As it stands there is a lurking capability for Microsoft to automate application control on my PC, and I'm not too happy with that. Now if they were to open up control of this stuff to the masses as Mark 85 suggests, I'd be more happy.

  3. Anonymous Coward
    Big Brother

    Run silent, run deep

    Yes, this means the NSA backdoors can't be found by any AV technique, by definition.

    1. Pen-y-gors Silver badge

      Re: Run silent, run deep

      No, no, no...the only things allowed to run have to be signed by MS or your IT dept, so of course the NSA won't be able to run anything, will they?

  4. Anonymous Coward
    Anonymous Coward

    It's all about the DRM silly and nothing to do with malware. It's collect time after Gates let you pirate it.

  5. umacf24

    Fine for exes...

    ... but little help, surely, for malware written in java etc. This is already the likeliest route into well-managed enterprise workstations.

    1. Destroy All Monsters Silver badge
      Paris Hilton

      Re: Fine for exes...

      How does what you write even make sense?

    2. Irongut

      Re: Fine for exes...

      "well-managed enterprise workstations" do not have Java installed.

      1. Destroy All Monsters Silver badge
        Thumb Down

        Re: Fine for exes...

        gb2 high school

        Of course they do. They may not have the Applet runner installed.

  6. Geoff Heaton

    Microsoft, welcome to 1970!!!

    When I worked at Plessey, we were using "Capability Based Addressing" to protect OS space way back then..

    https://en.wikipedia.org/wiki/Plessey_System_250

    1. umacf24

      It was ever thus.

      Computer processor architecture is cyclic.

  7. This post has been deleted by its author

  8. Palpy Silver badge

    Wonder what Rutkowska --

    -- would say, or whether she will comment. The Qubes team attempted a Windows port of Qubes' security model, and felt it was not workable. This was pre-Win10, of course. She wrote:

    "The fact that windows and other GUI elements are not securable is perhaps the biggest flaw in the Windows security model. It’s a result of maintaining backwards compatibility with pre-NT editions where security wasn’t really considered in system’s design. By default, processes running as different users can affect each other by using various windows messages. Any GUI process can potentially spoof things like password input boxes because raw access to the desktop is not restricted –if an application can show its window, it can draw anything on the desktop. Clipboard is shared between all processes belonging to an interactive window station. Processes can synthesize keyboard and mouse input in a way that can affect other processes. Basically, it’s a mess."

    Linky: http://invisiblethingslab.com/resources/2014/A%20crack%20on%20the%20glass.pdf

    As mentioned by the Reg article, Qubes and Win10 take different approaches in implementing security-by-isolation. Interesting, thanks for the article.

  9. Destroy All Monsters Silver badge
    Paris Hilton

    Don't get this.

    This looks like they want to use Virtual Machines to keep the secrets and prevent the code running outside of it to get IN? That's arse-backwards.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020