Windows 10 Along With Chrome Having Best Security Features
As per all versions of Window, we are encountering problems with the security reasons, but now the Windows 10 November update (version 1511, build 10586) included worthy of new security features to provide protection against many security issues that are arising again and again.
Google yesterday added source code support for these features to the Chrome browser and making the Chrome to be the best browser by adding code to it.
There are certain things in all the previous versions of Windows that is mainly its Font handling. TrueType and PostScript two fonts that windows support very complex fonts as the code needed to handle these fonts mainly run in windows kernel mode.
These makes the attackers to being attracted to kernel based privileges when a bug exist in these fonts.
Let’s take the example of word document when a word document opens its embedded font loaded but fonts are loaded into the kernel so it gives a path to take the privilege of kernel modes.
For the solution, Windows 10 has given the solution by blocking the applications from loading their font. It only enables the applications to use the fonts available in font directory. Due to this problem many applications are not able to open the document in the right way it needed, so document look is changed.
The way done in Windows 10 wasn't suitable for Chrome, actually, it was a system base setting which can be changed as prerequisite need, Chrome having so many security levels can’t easily opt it. Windows 10 November update added finer control so individual processes could enable the new restriction. By having this, we don’t have any impact on the embedded fonts of PDF or files as now they are not handled by already in-build fonts.
Google also discovered that when job object is ready to prohibit the creation of child process, then it will go to the console window system a previous security issue of windows. In previous windows, console windows were handled by shared and privileged, it divides into a no of separate processes showing in the taskbar.
Now by comparing windows XP and windows 7 we have certain issues like in windows XP the process that required console window can easily run and open without any issue but it is not same in the case of windows 7 as it will not allow console windows so it will restrict the job object to create process.
Microsoft has given a solution to this problem by seeing the console window system and allowing it not to follow job object restrictions. This bug reported in November 2014 and came in lightening in 2015.
On November update includes an API that allows applications to opt it in a restriction mode and restrict to child process specially console process. As this is a new API in Windows 10, it is previously used for breaking software now it is used by chrome to restrict their sandboxes.
The last change Microsoft is trying to shore up Windows and how its efforts to do so are balanced against compatibility concerns. Windows programs typically use DDL files along with executable files. These DDL files are mainly stored in network locations and to use that files we are giving the chance to exploiters to exploit it.
People used to use programs that are installed on a network and have to install libraries from that network. As window can’t configure this security directly so it builds it in Chrome. Chrome is also using a new, similar protection to block loading of executable that are labeled as being "low integrity."
The new APIs highlights that the work done by Microsoft on windows is quite a high profile so that they want to make windows as well as chrome to be the best of their security issues that are arising and that are identified by experts.
So by adding these APIs we have in build our security in chrome browser.