Microsoft might be planning to bring containers to the desktop — at least, they’re hiring a team to do that.
Since 2008 Windows Server has offered container functionality, allowing programs to run in a file system separate from that of the rest of the system. From a security standpoint, this means programs in a container can’t affect critical system files. The upcoming Windows Server 2016 goes a step further, offering Hyper-V containers that virtualize hardware as well as the file system, thus further separating some software from the rest of the system.
An article from ZDNet broke the story this week, citing a job listing on Microsoft’s website.
“There are a large number of client focused scenarios, currently unannounced, where Containers form the core pivotal technology providing security, isolation and roaming ability,” the publicly accessible job description reportedly said. “To deliver this, we are creating a new team with a mission to impact client computing in the same revolutionary manner we are changing the datacenter.”
Putting a team together to build a particular feature is a decent indicator that Microsoft intends to build it, but it’s important to note that Microsoft isn’t officially announcing the feature. In fact, a Microsoft representative even got in touch with ZDNet reporter Mary Jo Foley to say they had “nothing to share” regarding bringing containers to Windows.
It’s also not clear what containers on Windows clients would look like, but imagine if your Web browser ran in a container: Any malware infections you end up with while browsing would be unable to affect the rest of your system. Putting Outlook in a container could stop email viruses from affecting your system.
This sort of approach to security wouldn’t be unprecedented on the desktop: Mac OS X, for example, uses a similar sort of sandboxing for apps installed from the Mac App Store, meanings apps from there can’t access system files.
Third-party software like Sandboxie brings a similar feature to Windows, but it’s not hard to imagine how a built-in feature like this could improve security for millions of Windows users. It’s worth paying attention to see what the new team comes up with.