Windows 10 to get disposable sandboxes for dodgy apps

Enlarge (credit: F Delventhal)
Microsoft is building a new Windows 10 sandboxing feature that will let users run untrusted software in a virtualized environment that’s discarded when the program finishes running.
The new feature was revealed in a bu…

Enlarge (credit: F Delventhal)

Microsoft is building a new Windows 10 sandboxing feature that will let users run untrusted software in a virtualized environment that's discarded when the program finishes running.

The new feature was revealed in a bug-hunting quest for members of the Insider program and will carry the name "InPrivate Desktop." While the quest has now been removed, the instructions outlined the basic system requirements—a Windows 10 Enterprise system with virtualization enabled and adequate disk and memory—and briefly described how it would be used. There will be an InPrivate Desktop app in the store; running it will present a virtualized desktop environment that can be used to run questionable programs and will be destroyed when the window is closed.

While it would, of course, be possible to manually create a virtual machine to run software of dubious merit, InPrivate Desktop will streamline and automate that process, making it painless to run things in a safe environment. There's some level of integration with the host operating system—the clipboard can be used to transfer data, for example—but one assumes that user data is off limits, preventing data theft, ransomware, and similar nastiness.

Read 3 remaining paragraphs | Comments

Join Ars’ Sean Gallagher in Manhattan for the 2014 Security Threatdown

An expert panel talks about next year’s top security threats on December 3.

    



Back in the days when I worked in the computer security business, I always used to say that the one thing I could always be thankful for was that there'd be no lack of work. Today, I'm thankful that all I have to do is write about security, considering the target-rich environments that information security professionals have to deal with.

This past year has been a banner year for threats. Over the last year we've reported on the growing threat of state-sponsored hackers hunting for industrial data, spying on company e-mail, and even hijacking whole Web domains.  And we've also reported on how organized cybercrime syndicates and even small-time cybercriminals have found ways to steal  from both businesses and their customers, with everything from point-of-sale hacks to  "ransomware." And that's just the most obvious set of concerns that security pros have had this year, what with hackable toiletsdetstructuve attacks on facilities' boilers, and other cyber attacks that can do physical damage.

On Tuesday, December 3, I'll be in New York City at the Harvard Club to moderate a panel hosted by the Information Security Forum, discussing the top six reasons why infosec professionals will continue to collect a paycheck in the new year. The panelists for the half-day executive seminar on the 2014 "Threat Landscape"—including ISF Global Vice President Steve Durbin and Garcia Cyber Partners principal Greg Garcia—and I will discuss ISF's forecasted top six security threats to business in 2014 and what to do about them.

Read 2 remaining paragraphs | Comments