santiago silver - Fotolia
How does Windows 10 virtualization-based security work?
The Isolated User Mode in Windows 10 is a virtualization-based security technology that helps power Credential Guard and Device Guard.
Isolated User Mode, part of Microsoft's virtualization-based security technology, is brand new to Windows 10.
Windows 10 virtualization-based security has not received much attention so far, but it is one of the operating system's most significant security features.
The idea behind virtualization-based security is actually simple. If a process, or data, is virtualized, then it is isolated from the rest of the operating system, and therefore it is more difficult to tamper with. Isolated User Mode allows for a secure kernel and secure applications.
A number of different areas of the Windows operating system rely on virtualization-based security. Credential Guard, for example, uses a virtualized environment to store and prevent credential theft. In the past, hackers could steal credentials with a pass the hash attack, which virtualization-based security protects against.
Device Guard is another operating system security feature that uses virtualization-based security. In previous versions of Windows, if an attacker somehow gained administrative privileges to tamper with the app control policy for a device, she could allow malicious apps to run on the device.
With Device Guard, the app control policy can only be updated if a trusted signer signs it. That way, an attacker cannot modify the app control policy to let prohibited apps run on a device. This technique is far more secure than relying on AppLocker alone.
