As with Windows 8, the new version of Windows 10 includes a central application store that presents software developed for both the classic desktop and with support for touch devices. They have a place in it third-party applications as it happens in similar stores of other devices that can be harmful if your code is not properly debugged.
Although these types of applications can be disabled, Microsoft has decided to include a system called Device Guard, oriented mainly for the business environment users. In this way, a company may limit or prevent the installation of all software that does not come from the store and will leave the decision to include it in the system to the end user.
In addition to performing this check, a functionality very similar to that introduced by Microsoft when alert user of the execution of programs or files whose origin was unknown (mainly from the Internet), it will be verified if the program origin is reliable or not. To do this, software developers will have a tool with which they can sign all their applications, a very effective technique to prevent the proliferation of malware in the Store.
But the functionality of Device Guard it does not end here. Along with the possibility of verifying the origin and legitimacy of the author of the application, a virtualization environment for isolate applications from the rest of the operating system. Thus, if a program required its installation on the computer and it included various malware, any unauthorized user would still be prevented from entering the device. A tool that provides a clear advantage over classic antivirus or anti-malware programs. However, the Redmond have not ruled out working together with the rest of their security software.
At the moment, manufacturers Acer, Fujitsu, HP, NCR, Lenovo, Par and Toshiba are supporting the use of Device Guard on their computers.