/Guard: Keeping Windows users more secure

Date

June 1, 2015

Speaker

Manuel Costa, Austin Donnelly, Richard Black

Affiliation

Microsoft Research Cambridge

Overview

/guard is a security mitigation technology that helps to protect programs written in C and C++.

Cyber-attacks are becoming increasingly sophisticated, with attackers proactively seeking out vulnerabilities in software to exploit them before the developer has a chance to fix or even detect them. /guard can help protect customers against these kind of attacks even if they are running software with an unknown or unpatched vulnerability. It accomplishes this by breaking techniques attackers have come to rely on, when exploiting vulnerabilities in software – all without the need for prior knowledge that a vulnerability actually exists. This feature was first included with Visual Studio 2015, and Windows 10 binaries are all built with /guard enabled.

/guard was a collaboration between Microsoft Research Cambridge and the Microsoft Developer Division (the C/C++ compiler team) which then expanded to include the Microsoft Security Engineering Centre and Windows (/guard is an OS platform technique).

People