The Register gleaned some details about Windows 10 Device Guard at RSA but there is still a lot we do not know about it. It is an optional service that can be enabled by an administrator and it checks every application launched to see if it has been signed by Microsoft as a trusted binary before letting it run. While certainly good for security it may cause some issues for developers who have not gone through the vetting process to have your app approved for the Microsoft Store. Device Guard is also separated from the WinX kernel, if your machine does become infected, Device Guard will still not allow unsigned apps to run. You will need hardware which supports input/output memory management unit (IOMMU) to use Device Guard, thankfully that technology is present on most current PC hardware, though not so prevalent on the mobile front.
"The details are a little vague – more information will emerge at the Build event next week – but from what we can tell, Device Guard wraps an extra layer of defense around the operating system to prevent malware from permanently compromising a PC."
Here is some more Tech News from around the web:
- Ubuntu 15.04 Released, First Version To Feature systemd @ Slashdot
- Intel to help vendors launch inexpensive tablets, say Taiwan makers @ DigiTimes
- iTunes goes to borksville for Windows XP holdouts @ The Inquirer
- Apple throws out iOS apps that declare Pebble smartwatch support @ The Inquirer
- Microsoft profits decimated: And it's YOUR FAULT for not buying PCs @ The Register