iTnews

Microsoft trials sandboxed Windows Defender AV

By Juha Saarinen, iTnews on Oct 28, 2018 8:00PM
Microsoft trials sandboxed Windows Defender AV

Claims first for security program.

Microsoft is testing a security improvement to its built-in anti-malware utility for Windows 10, Defender, which will see the program run isolated from the rest of the operating system.

Traditionally, anti-malware programs need to run at high privileges to reach and scan all parts of a computer and its operating system for malicious code. 

This full system access position, however, often means anti-malware programs themselves become targets for attack, Mady Marinescu and Erica Avena of the Windows Defender engineering team said.

"Security researchers both inside and outside of Microsoft have previously identified ways that an attacker can take advantage of vulnerabilities in Windows Defender Antivirus’s content parsers that could enable arbitrary code execution," the pair said.

Sandboxing is a technique that protects other parts of the computer system in the event of a program being compromised. 

While sandboxing has been desirable for high-value targets such as Windows Defender, implementing it was an engineering challenge for Microsoft, as process isolation had the potential to cause performance degradation.

Microsoft says it achieved the sandboxing by layering inspection processes for the antivirus into ones that absolutely have to run with full system privileges and others which can be isolated, with minimal amounts of interaction between these in order 

The effort was lauded by Google Project Zero security researcher Tavis Ormandy, who on social media said it was "amazing" and "game changing".

Ormandy has in the past discovered vulnerabilities in Windows Defender, including one bug last year that allowed for remote execution of arbitrary code via the anti-malware program's x86 emulation layer.

Participants in Microsoft's Windows Insider early adopter program will be the first to trial sandboxing for the anti-malware tool.

Users on Windows 10, version 1703 or later can also use the command setx /M MP_FORCE_USE_SANDBOX 1 which will enable the sandboxing after restarting their computers.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
antivirus malware microsoft security software windows defender

Partner Content

Beat the DDoS blackmails in 2021
Partner Content Beat the DDoS blackmails in 2021
Why companies fail at picking cloud modernisation partners
Partner Content Why companies fail at picking cloud modernisation partners
Shut the door on ransomware
Partner Content Shut the door on ransomware
MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
Partner Content MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics

Sponsored Whitepapers

The risky business of open source
The risky business of open source
Ensure your e-signatures are legally binding
Ensure your e-signatures are legally binding
Mitigating open source risk in your organisation
Mitigating open source risk in your organisation
How to choose a WAF that's right for you
How to choose a WAF that's right for you
The global telco 5G cloud gaming opportunity
The global telco 5G cloud gaming opportunity

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
  • Beat the DDoS blackmailers in 2021
By Juha Saarinen, iTnews
Oct 28 2018
8:00PM
0 Comments

Related Articles

  • Mimecast says hackers hijacked its products
  • Suspected Russian hackers used Microsoft vendors to breach customers
  • FireEye, GoDaddy and Microsoft flick SolarWinds SUNBURST 'killswitch'
  • Windows Defender update takes out Citrix
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it

Google unravels state-of-art Android and Windows exploit chains

Google unravels state-of-art Android and Windows exploit chains

Tyro halts trading following week-long outage

Tyro halts trading following week-long outage

Defence switches on initial SAP ERP system capability

Defence switches on initial SAP ERP system capability

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.