Microsoft to kill malware by placing Edge web browser within its own virtual machine

Microsoft has developed a new update for its Windows 10 operating system that will place the Edge web browser inside a virtual machine to protect users from a wide range of threats, and in doing so, could transform the face of cybersecurity.

A virtual machine is a software program that contains an instance of an entire computer operating system within it, so if you were to open it on your computer, it would be like having a PC within a PC.

This technology is routinely used by software developers to test how their software works on different platforms, so for example, they might be working on a Windows PC, but the virtual machine would have a Mac OS X computer running within it at the same time.

People also often use virtual machines to load old operating systems so that they can get old software and games to work again.

And if you were to release a virus in the virtual machine or do something to crash the operating system, that's just fine – when you shut the virtual machine down, it's gone for good. Nothing that happens in the virtual machine can spill out into your actual PC, and the next time you start the virtual machine up, you can choose to keep the same instance, or start a new one, so it's like you've got a brand new computer.

So imagine what you could do if you applied the principle of a virtual machine to battling nasty malware? Microsoft has realised the possibilities and built a small and lightweight virtual machine that loads Edge within it called Windows Defender Application Guard.

Cutting the web browser off from the rest of your PC

It doesn't need a full operating system, just a small set of Windows features in order to run, but most importantly, doing this means that you can still browse the web, but your web browser cannot access any hard drives or connected devices, it can't access any other applications, and it can't try to attack the kernel, which is most central part of your computer's operating system that keeps your computer running properly.

So this means that if you receive a malicious email in Outlook with a suspicious link, the new tool can prevent a potential phishing attack or zero-day by opening the link inside the virtual machine's closed environment (known as a "sandbox"), so if the link does try to execute an attack to hijack your computer, it won't go anywhere.

In the same vein, this means that if you accidentally click on a malicious ad on a website, or one of your favourite websites gets compromised and starts redirecting you to an attacker's site to download and execute malware like ransomware, it won't work either.

But it's only available for enterprises

Unfortunately, at the moment Windows Defender Application Guard is only going to be made available to Windows 10 enterprise customers, and it won't be ready until sometime in 2017. There's currently no news on whether this feature will ever be available to consumers, even though this would be hugely useful and help protect against multiple nasty vulnerabilities.

There's also the fact that if you receive an email with a strange file attachment like a word document, excel spreadsheet or PDF file in Outlook and you launch that file, it will still be able to hijack your machine, because it isn't located within the virtual machine, which would only protect against malware being sent via web mail services in the browser such as Gmail, Yahoo and Hotmail.

It would be a great idea if we could get the virtual machine technology added to popular web browsers such as Firefox or Chrome, as well as to the Microsoft Office suite, so there's no way you can accidentally execute a virus when you open a file, but Ars Technica points out that there are lots of technical problems involved in adding this technology, and it will very likely make your PC much slower than it is now.

Plus, if you're running a virtual machine to protect regular programs like your web browser and all your Office programs, then you can't also run one containing another computer for other purposes as well, because only one hypervisor can be working at one time.