
Windows 10 will soon run Edge in a virtual machine to keep you safe - antouank
http://arstechnica.co.uk/information-technology/2016/09/windows-10-will-soon-run-edge-in-a-virtual-machine-to-keep-you-safe/
======
chatmasta
Why stop at the browser? Why not do this for every app?

And sure, this makes exploiting the desktop from the web more difficult, but
only by requiring an additional exploit in the chain. I'm sure there will be
vulnerabilities in the virtualization that hackers will pair with edge
vulnerabilities.

This is a good step so long as they continue to patch browser vulnerabilities
at the same pace. But if they use it as a crutch ("oh that vulnerability is no
big deal because edge runs in a VM!") then it quickly becomes a problem.

~~~
drinchev
This sounds awfully similar to iOS sandbox mechanism.

~~~
compsciphd
something like this? [https://www.usenix.org/conference/usenix-
atc-10/presentation...](https://www.usenix.org/conference/usenix-
atc-10/presentation/apiary-easy-use-desktop-application-fault-containment-
commodit)

------
NietTim
Ah. My mom, and her underperforming laptop, which was forced to upgrade to
windows 10 by pop ups which you could not just click away, will absolutely
love that.

------
blub
This seems to be the only reasonable way to avoid getting hacked considering
how hostile the web has become. NoScript and anti-tracking extensions still
have to be disabled to be able to see what amounts to plain text on a
significant number of websites.

Now we only need a method to protect ourselves from Microsoft's data
gathering/spyware that's bundled with the OS.

~~~
Shorel
Not using Windows is a very reasonable way to avoid getting hacked, seems to
me.

It's been years since I miss something because it only works in Windows.

------
lostmsu
With VT-* and now apps running in VMs, how is it different from Ring
0/everything else separation?

------
aNoob7000
I wonder if this same technique could be used to protect users using Tor.

------
oyebenny
Doesn't Chrome do this with its own internal sandbox?

------
na85
So instead of fixing the holes in their browser, they've just decided to
offload responsibility to a VM, hoping the hardware virtualization isn't
vulnerable (even though Intel surely cooperates with governments)?

~~~
c0nducktr
What makes you think they're going to stop improving security in the browser
itself? It's not an either/or thing, they can do both.

~~~
patrickmn
[https://en.wikipedia.org/wiki/Defense_in_depth_(computing)](https://en.wikipedia.org/wiki/Defense_in_depth_\(computing\))

