Because no security is 100% watertight, it’s important that clicking on the wrong link doesn’t render your laptop unusable. Microscopic virtual machines provide the solution, as well as a fast recovery strategy for extreme cases.

A malicious link in an email was clicked too quickly or a malicious attachment was opened quickly. Of course, a naughty click shouldn’t be a death sentence. A Windows computer has many built-in security features in Windows 11 and Windows Defender by default, but they only work at the operating system level.

As a laptop manufacturer, HP has an opportunity to build on that with an extra layer of security, and that’s with HP Wolf Security. When it comes to malware protection, two features stand out: HP Sure Click and HP Sure Recover.

Practically safe

HP Sure Click is one of the most exciting features of HP Wolf Security and is built into every new HP professional laptop at its base. Sure Click is the result of HP’s acquisition of Bromium in 2019. With Bromium, the computer manufacturer bought a very interesting technology: micro-virtualization.

With virtualization, software (the hypervisor) builds one or more virtual machines on top of the hardware. You then install software such as Linux or Windows on these computers. Virtualization is a very common technology for servers on-premises and in the cloud, mainly because it allows the available computing capacity of a server to be used optimally.

However, virtualization has another advantage: the software in a virtualized computer doesn’t really know that the underlying hardware is virtual. The virtual environment is also completely separated from the underlying real hardware and other virtual machines.

HP implements Bromium micro-virtualization technology for Sure Click. It is based on the same concept and can set up small virtual environments where software runs completely isolated from the rest of the computer. Sure Click ensures that suspicious links are opened in an isolated browser window and suspicious files are opened in isolated and virtualized versions of Word or Excel, for example.

Click without fear

Therefore, if you as a user click on a suspicious link or open a suspicious attachment in an email, the risk is limited. Sure Click opens the link or file in a virtualized environment that may become fully infected, but from which malware such as ransomware cannot escape. If you press the cross, the content of the micro VM has disappeared.

You can also think of Sure Click as a kind of sandbox environment in which malware can do its mischief with almost no risk. Files opened with Sure Click have full functionality. For example, Word works as usual in Sure Click, cut and paste works, you can customize the file and save it if necessary. If you open a phishing website, Wolf Security prevents you from giving out your username and password. Sure Click is located in the Wolf Security Dashboard under the name threat analysis.

Easy recovery

What happens if ransomware got on a device or an employee managed to get the laptop working despite the added security of Sure Click? Sure Recover completes the picture. This makes it possible to completely reset a device remotely. For example, an employee no longer has to go to the local IT department to place a new image on their laptop. The administrator can choose which version of Windows or which image he wants to transfer to the laptop.

Sure Recover lives under the name OS resistance in the Wolf Security dashboard. There you can specify what you prefer as the recovery image, but also specify how thoroughly the HDD or SSD needs to be erased before the reinstallation begins.

gut feeling

HP also offers Sure Sense. It’s a new security tool that uses deep learning to detect threats based on their behavior. The tool complements Windows Defender. When malware arrives that Defender doesn’t immediately detect, Sure Sense can still prevent or limit issues based on behavior (e.g. encryption).

The above Wolf Security features are standard on all HP business computers. The basic functionality is included with the device, but HP wants to make a little extra money here and there. For example, large companies can purchase an enhanced version of Sure Click, over which they have more control. However, the basic version also automatically opens many attachments in a secure container. The scope of delivery is more than sufficient to improve the security of a computer significantly beyond the scope of delivery of Windows.

This article is part of it series on HP’s role in laptop security. The editorial was created in cooperation with HP.