Microsoft trials sandboxed Windows Defender AV

By

Claims first for security program.

Microsoft is testing a security improvement to its built-in anti-malware utility for Windows 10, Defender, which will see the program run isolated from the rest of the operating system.

Microsoft trials sandboxed Windows Defender AV

Traditionally, anti-malware programs need to run at high privileges to reach and scan all parts of a computer and its operating system for malicious code. 

This full system access position, however, often means anti-malware programs themselves become targets for attack, Mady Marinescu and Erica Avena of the Windows Defender engineering team said.

"Security researchers both inside and outside of Microsoft have previously identified ways that an attacker can take advantage of vulnerabilities in Windows Defender Antivirus’s content parsers that could enable arbitrary code execution," the pair said.

Sandboxing is a technique that protects other parts of the computer system in the event of a program being compromised. 

While sandboxing has been desirable for high-value targets such as Windows Defender, implementing it was an engineering challenge for Microsoft, as process isolation had the potential to cause performance degradation.

Microsoft says it achieved the sandboxing by layering inspection processes for the antivirus into ones that absolutely have to run with full system privileges and others which can be isolated, with minimal amounts of interaction between these in order 

The effort was lauded by Google Project Zero security researcher Tavis Ormandy, who on social media said it was "amazing" and "game changing".

Ormandy has in the past discovered vulnerabilities in Windows Defender, including one bug last year that allowed for remote execution of arbitrary code via the anti-malware program's x86 emulation layer.

Participants in Microsoft's Windows Insider early adopter program will be the first to trial sandboxing for the anti-malware tool.

Users on Windows 10, version 1703 or later can also use the command setx /M MP_FORCE_USE_SANDBOX 1 which will enable the sandboxing after restarting their computers.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
antivirusmalwaremicrosoftsecuritysoftware

Sponsored Whitepapers

Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra

Events

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul
CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'
Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls
WestJet probes cyber security incident

WestJet probes cyber security incident
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?