"InPrivate Desktop" mode to ensure unexpected code can't touch OS.
Microsoft appears to be working on a new technology that will isolate untrusted software by placing it into a virtual machine.
Windows-watchers have spotted the new feature, called "InPrivate Desktop", in discussions about Windows 10 previews.
Since-deleted Microsoft documents said it “provides admins a way to launch a throwaway sandbox for secure, one-time execution of untrusted software.
“This is basically an in-box, speedy VM (virtual machine) that is recycled when you close the app," the document says.
If accurate, the document signals that Microsoft is adopting a new approach to endpoint security that’s had a recent resurgence in the data centre.
It now looks like Microsoft’s plan is to leverage the desktop version of its Hyper-V hypervisor, which is present in most versions of Windows 10 but requires knowledge of some deep settings to enable.
Hyper-V on the desktop is mostly used by developers who need VMs running operating systems other than Windows 10.
InPrivate Desktop appears to create a guest Windows 10 VM without an end-user needing to know that Hyper-V even exists, never mind how to drive it.
The new feature does so in order to isolate software in its own instance of Windows 10 before it can alter the host PC, which is what most malware tries to do.
Others like this approach too: VMware and Citrix both have data centre products that inspect VMs to ensure they’re behaving as expected. If they’re not, the VM is isolated from the host.
Security vendor Carbon Black isolates whole endpoints to stop one infected machine delivering a dodgy payload to others.
Details are scarce at this stage but if Microsoft uses this technology to automatically isolate any executable that’s not trusted or expected on a PC, it will improve Windows 10’s security by making it harder for unexpected software to get a toehold in a PC.