Microsoft launched a preview of a new security feature for Windows earlier this month that it calls Win32 app isolation. The feature uses containers and Microsoft claims that it adds security protections to Windows to help protect against vulnerabilities of the application that uses Win32 app isolation.
In one sentence: Win32 App Isolation needs to be implemented by developers to give users more control and limit the capabilities of exploits.
Microsoft notes on the official Windows Developer blog that a main focus of Win32 app isolation is zero-day attacks.
Microsoft's Windows operating system has a number of tools and security features to prevent or limit malware attacks. From the User Account Control, introduced in Windows Vista, to modern features such as Windows Sandbox or Microsoft Defender Application Guard.
Windows Sandbox, for instance, is an excellent tool for Windows 10 and 11 systems to run files in an isolated environment. Windows Sandbox supports configuration files, which allow administrators to customize the environment.
Win32 App Isolation
Microsoft wants Win32 App Isolation to become the default isolation standard on Windows clients. It works well together with other security features, such as Smart App Control, according to Microsoft. Smart App Control is limited to new Windows 11 systems, however.
Win32 applications, classic programs for Windows, that run with user rights have access to all user data currently. Microsoft notes that this is a big risk, especially since users are not informed about access or get a say in the matter.
The company writes: "Consequently, there is a risk of unauthorized access to the user’s privacy data by malicious actors without their knowledge or consent."
Microsoft lists three key objectives of Win32 App Isolation:
- Make it significantly harder for attackers to cause damage on Windows systems.
- Provide a seamless user experience for isolated apps.
- Reduce developer effort to onboard apps.
When an application utilizes app isolation on Windows, it can't access a user's private data without permission anymore. While it may access some system files, such as .NET libraries or protected Registry keys, it needs to prompt users when it wants to access images, documents, the location, microphone or files.
Microsoft is aware that users could be tricked into granting access by malicious apps and it implemented preventive measures into the technology. Developers need to include support for prompting users to access private data in their application. If they don't, they can't be exploited to ask users for permission.
File access, furthermore, is limited to specific files that the user selects. These do not necessarily require prompts, as selecting a file is automatically seen as granting permission to access that particular file.
Microsoft explains: "When the user grants consent to a specific file for the isolated application, the isolated application interfaces with Windows Brokering File System (BFS) and grants access to the files via a mini filter driver. BFS simply opens the file and serves as the interface between the isolated application and BFS".
Win32 App Isolation supports a learn mode, which logs the additional capabilities required for access, but does not prevent access.
Closing Words
It is doubtful that Win32 App Isolation will get a lot of traction in the coming months and even years. The biggest hurdle is that developers need to implement it in their applications. While some may do, especially those with a focus on privacy, security or important data, most will likely ignore the feature.
There is also the chance that Win32 App Isolation prompts may annoy users, if they see too many prompts for data access throughout their workday.
Last but not least, Win32 App Isolation will likely be exclusive to Windows 11 and future versions of Windows.
Taken together, there is a good chance that some Windows programs will implement Win32 App Isolation, but the vast majority will likely ignore the feature.
Now You: what is your take on the new feature?
Thank you for being a Ghacks reader. The post Improved Windows Security? Microsoft launches Win32 app isolation appeared first on gHacks Technology News.
0 Commentaires