Microsoft has revealed more details about how it will offer better security for Windows 10 business customers, including more information on the Device Guard feature that's designed to lock down devices when malware is detected.
To help protect users from malware, when an app is executed, Windows makes a determination on whether that app is trustworthy, and notifies the user if it is not. Device Guard can use hardware technology and virtualization to isolate that decision making function from the rest of the Windows operating system, which helps provide protection from attackers or malware that have managed to gain full system privilege. This gives it a significant advantage over traditional anti-virus and app control technologies like AppLocker, Bit9, and others which are subject to tampering by an administrator or malware.
A number of PC makers have plans to support Device Guard in Windows 10, including HP, Lenovo and Acer. Microsoft also plans to offer better security for business PC users with the previously announced Windows Hello and Microsoft Passport sign-in features.