Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Browsers
Web Extensions
Application Guard Extension for integrating Microsoft’s hardware-based isolation
Message
<blockquote data-quote="Deleted Member 308817310" data-source="post: 822852" data-attributes="member: 80647"><p>The official stable release of Microsoft Edge which comes pre-installed on Windows 10 systems does not use the Chromium engine yet - it still uses EdgeHTML. The Chromium version of Microsoft Edge is still in beta testing and it will likely stay this way for several more months.</p><p></p><p>It's irrelevant as to whether Microsoft Edge uses the old Internet Explorer engine, EdgeHTML, Chromium or Gecko as far as Application Guard's effectiveness is concerned. It doesn't change the benefits of using Application Guard, but those benefits do not outweigh the con's for everyone.</p><p></p><p></p><p></p><p>Yes and no.</p><p></p><p>The normal exploit mitigation's are there to... help prevent successful exploit attacks. Existing exploits may fail if they were not designed to bypass certain exploit mitigation's being enabled and new exploits may be harder to develop (even when a valid vulnerability has been identified) unless the mitigation's can be circumvented to make the vulnerability "reachable" for exploitation.</p><p></p><p>Application Guard isn't there to stop exploitation. It's there to isolate exploitation. The attack chain will be isolated within the Hyper-V environment which Application Guard is reliant on, which means the exploitation phase itself does not touch the host environment and anything attempted post-exploitation neither touches the host environment.</p><p></p><p>Firefox can still be exploited with every exploit mitigation known to man being enabled and the same is with Microsoft Edge. With Application Guard (assuming it is working for you - there's many complaints about it), the attack is contained under an isolated environment.</p><p></p><p></p><p></p><p>I've already answered this question, read above.</p><p></p><p></p><p></p><p>Home users do not need Application Guard - it would be overkill for them to need it. The normal exploit mitigation's are more than fine for home users. Application Guard was clearly not designed for home users and as such, it is weird that Microsoft have published an extension for it - I agree with the author on this being badly designed.</p><p></p><p>Home users are not normally targeted with zero-day exploits anymore. More often than not, vulnerabilities are patched in security updates before they can be deployed by attackers on a campaign which affects many home users. Attackers who are capable of exploiting zero-day vulnerabilities almost always save them for enterprise targets in which they know they can make more money with one target than many home user targets combined.</p><p></p><p>Application Guard can be effective without it needing to be tailored for home consumers.</p><p></p><p></p><p></p><p>There is bound to be truth in this, but it isn't just about that. It's also about compatibility. Microsoft control the development of their own browser and thus can ensure their Application Guard feature works properly for their own product.</p><p></p><p>Everything becomes more troublesome when you try and support something for somebody else's product, because you do not control the development of it. There's also the case of both Firefox and Google being unpredictable when it comes to working as a team, because Firefox are ignorant when it comes to helping others implement security-related features - for example, they dropped support for IOfficeAntivirus APIs - and Google are known to stir trouble - for example, warning about code injection from AV/AE software and falsely reporting that crashes were due to the injection on customers machines when they didn't have evidence that literally proved the accused was responsible for those specific recent crashes.</p><p></p><p></p><p></p><p>EMET had many issues due to how it functioned.</p><p></p><p>1. EMET relied on code injection and API hooking. This can easily cause compatibility problems and introduce additional exploitable vulnerabilities into other people's software without them being aware. It isn't the job of software developers to clean up Microsoft's mess and it is unfair to expect them to do so.</p><p></p><p>2. Due to how EMET worked, there were many ways to bypass it. This isn't really the case with Application Guard due to how it works.</p><p></p><p>3. There were many public bypasses for EMET.</p><p></p><p>4. The technology behind EMET is old and was rootkit-like.</p><p></p><p>5. EMET had to be updated to approach new attack methods. Application Guard doesn't have to be updated so much because the attacks are isolated. Microsoft do not have to literally virtually patch attack methods anymore with Application Guard... they mainly need to just update for compatibility, performance and general improvements.</p><p></p><p>------</p><p></p><p>The author of the post does make some valid points though. Microsoft are misleading people with the browser extension. If it isn't going to support Google Chrome then Microsoft shouldn't be posting it on the Google Chrome Web Store either, in my opinion.</p></blockquote><p></p>
[QUOTE="Deleted Member 308817310, post: 822852, member: 80647"] The official stable release of Microsoft Edge which comes pre-installed on Windows 10 systems does not use the Chromium engine yet - it still uses EdgeHTML. The Chromium version of Microsoft Edge is still in beta testing and it will likely stay this way for several more months. It's irrelevant as to whether Microsoft Edge uses the old Internet Explorer engine, EdgeHTML, Chromium or Gecko as far as Application Guard's effectiveness is concerned. It doesn't change the benefits of using Application Guard, but those benefits do not outweigh the con's for everyone. Yes and no. The normal exploit mitigation's are there to... help prevent successful exploit attacks. Existing exploits may fail if they were not designed to bypass certain exploit mitigation's being enabled and new exploits may be harder to develop (even when a valid vulnerability has been identified) unless the mitigation's can be circumvented to make the vulnerability "reachable" for exploitation. Application Guard isn't there to stop exploitation. It's there to isolate exploitation. The attack chain will be isolated within the Hyper-V environment which Application Guard is reliant on, which means the exploitation phase itself does not touch the host environment and anything attempted post-exploitation neither touches the host environment. Firefox can still be exploited with every exploit mitigation known to man being enabled and the same is with Microsoft Edge. With Application Guard (assuming it is working for you - there's many complaints about it), the attack is contained under an isolated environment. I've already answered this question, read above. Home users do not need Application Guard - it would be overkill for them to need it. The normal exploit mitigation's are more than fine for home users. Application Guard was clearly not designed for home users and as such, it is weird that Microsoft have published an extension for it - I agree with the author on this being badly designed. Home users are not normally targeted with zero-day exploits anymore. More often than not, vulnerabilities are patched in security updates before they can be deployed by attackers on a campaign which affects many home users. Attackers who are capable of exploiting zero-day vulnerabilities almost always save them for enterprise targets in which they know they can make more money with one target than many home user targets combined. Application Guard can be effective without it needing to be tailored for home consumers. There is bound to be truth in this, but it isn't just about that. It's also about compatibility. Microsoft control the development of their own browser and thus can ensure their Application Guard feature works properly for their own product. Everything becomes more troublesome when you try and support something for somebody else's product, because you do not control the development of it. There's also the case of both Firefox and Google being unpredictable when it comes to working as a team, because Firefox are ignorant when it comes to helping others implement security-related features - for example, they dropped support for IOfficeAntivirus APIs - and Google are known to stir trouble - for example, warning about code injection from AV/AE software and falsely reporting that crashes were due to the injection on customers machines when they didn't have evidence that literally proved the accused was responsible for those specific recent crashes. EMET had many issues due to how it functioned. 1. EMET relied on code injection and API hooking. This can easily cause compatibility problems and introduce additional exploitable vulnerabilities into other people's software without them being aware. It isn't the job of software developers to clean up Microsoft's mess and it is unfair to expect them to do so. 2. Due to how EMET worked, there were many ways to bypass it. This isn't really the case with Application Guard due to how it works. 3. There were many public bypasses for EMET. 4. The technology behind EMET is old and was rootkit-like. 5. EMET had to be updated to approach new attack methods. Application Guard doesn't have to be updated so much because the attacks are isolated. Microsoft do not have to literally virtually patch attack methods anymore with Application Guard... they mainly need to just update for compatibility, performance and general improvements. ------ The author of the post does make some valid points though. Microsoft are misleading people with the browser extension. If it isn't going to support Google Chrome then Microsoft shouldn't be posting it on the Google Chrome Web Store either, in my opinion. [/QUOTE]
Insert quotes…
Verification
Post reply
Top