Microsoft has announced today that Windows 10 will feature Device Guard, which is essentially a tool for administrators to restrict the installation of malicious software on a Windows 10 machine. The idea behind Device Guard is to prevent malicious software from being installed, but the tool is also targeting untrusted sources in general.
The Windows 10 Device Guard feature comes targeting administrators who want to restrict the installation of software on machines they own. The tool offers full control to administrators to restrict software installations as they please and the design of the tool focuses on preventing O-Day attacks and malware from infecting machines running the new operating system from Microsoft. Device Guard, once set up, will not let anyone, not even an administrator, tamper with the exceptions and permitted files that it lets users install or not. You can read more about what other features and security innovations Microsoft has announced for Windows 10 today in their official blog post.
Although Windows 10 is set for release in July the earliest according to AMD CEO Lisa Su, it is evident that Microsoft is already working towards getting the new OS more attention from individual users as well as administrators. The Device Guard tool seems like an appealing solution for administrators as it could prevent shared computers or computers on the same network from becoming exposed to outside threats. These threats include all kinds of malware and executable files, most likely ripped or “cracked” executables, too.
According to statements from Microsoft, the Windows 10 Device Guard will only let trusted apps from recognized vendors, Microsoft and the owner’s own company be installed on systems running the OS. Device Guard will come pre-installed on most Windows 10 computers that are in the works from Acer, Lenovo, Toshiba, HP and more. Moreover, Device Guard might also be included in a Windows 8 update for various computers running the OS in the near future.