windowsdefender
Latest
Windows' built-in antivirus tool can run in a secure sandbox
Antivirus programs, by their nature, introduce a degree of risk. Since they have to scan malicious data to stop attacks (and thus need extensive permissions), a piece of malware that exploits antivirus flaws can typically run with impunity. That could be much more difficult if you're using Windows 10's built-in safeguards, though. Microsoft is gradually rolling out a Windows Insider preview where Defender Antivirus has the option of running in a sandbox -- the first "complete" solution to do this, the company said. Should the worst happen and malware targets Defender Antivirus, any hostile actions will be limited to the antivirus tool's environment instead of running amok on your PC.
The best antivirus is not traditional antivirus
By Kevin Purdy This post was done in partnership with Wirecutter. When readers choose to buy Wirecutter's independently chosen editorial picks, Wirecutter and Engadget may earn affiliate commission. Read the full blog here. We set out to do a standard Wirecutter guide to the best antivirus app, so we spent months researching products, reading reports from independent testing labs and institutions, and consulting experts on safe computing. And after all that, we learned that most people should neither pay for a traditional antivirus suite, such as McAfee, Norton, or Kaspersky, nor use free programs like Avira, Avast, or AVG. The "best antivirus" for most people to buy, it turns out, is not a traditional antivirus package. Information security experts told us that the built-in Windows Defender is good-enough antivirus for most Windows PC owners, and that both Mac and Windows users should consider using Malwarebytes Premium, an anti-malware program that augments both operating systems' built-in protections. These options provide reliable protection without slowing your computer significantly, installing unwanted add-ons, or harassing you about upgrades. Malwarebytes is not an all-in-one option for protecting your system against exploits, malware, and other bad stuff. But information security experts repeatedly recommended it as a useful anti-malware layer, one of multiple layers of security you need for your devices, coupled with good habits. Relying on any one app to protect your system, data, and privacy is a bad bet, especially when almost every security app—including Malwarebytes and Windows Defender—has proven vulnerable on occasion. You should have good virus and malware protection, yes, but you also need secure passwords, two-factor logins, data encryption, and smart privacy tools added to your browser. Check out our guide to setting up those layers here.
Microsoft's Chrome extension fights phishing attacks
Due to the dominance of Google's Chrome browser, even if you're on Windows you're probably not using Microsoft Edge. You can still enjoy some of its technology, however, since Microsoft has plugged its Windows Defender browser protections into Chrome via a just-released extension. It cites third-party testing that claims Microsoft Edge protects against 99 percent of phishing attacks with its constantly updated list of malicious URLs, while Google's built-in feature manages to stop only 87 percent. If you're concerned you might cross an ill-meaning link in an email or message and need some additional peace of mind, then install and enable Microsoft's extension from the Chrome store. It will get the job done without requiring a browser switch -- unless you're on Chrome OS since users report it doesn't work there.
Microsoft just fixed a serious Windows Defender bug
Over the weekend, Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich tweeted about discovering "the worst Windows remote code exec in recent memory." According to Ormandy, it could work against a default installation and even become "wormable" -- able to replicate itself on a targeted machine and then spread to other computers automatically. Now we know more about what the problem is since, in just two days, Microsoft's Security Response Center and Windows Defender developers were able to come up with a fix that is now available via Windows Update for Windows 7, 8.1, RT and 10 (according to Microsoft, the Control Flow Guard security feature lowers the risk of this attack on 8.1 and 10), as well as other versions that IT professionals may be more familiar with.
Microsoft tests a secured Edge browser for business
If the idea of a more secure Windows browser appeals to you -- and why wouldn't it -- then you might want to have a peek at the latest Windows 10 Insider Preview Build. That's because it includes the Windows Defender Application Guard for Microsoft Edge, which was announced last September but is finally available for testing today. This Application Guard essentially encases your browser in a virtual machine, so that if your browser ever gets attacked by malware, it won't affect the rest of your PC.
Creators Update includes a few features for Windows Defender ATP
Microsoft's built-in security suite for Windows isn't getting left out of the upcoming Creators Update for Windows 10. The new Windows Defender ATP features start with memory and kernel sensors to detect nefarious activity going on in those parts of your machine. It's something a post on the Microsoft Secure Blog says the company has been doing to defend against zero-day attacks on Windows already.
Kaspersky says Windows' security bundle is anti-competitive
Windows 10's bundled Defender security tool can be helpful for basic antivirus protection, but what if you prefer third-party software? The operating system normally steps aside when you run other programs, but antivirus mainstay Eugene Kaspersky (above) believes Microsoft still isn't playing fair. He just filed complaints in both the European Union and Russia alleging that Windows 10's handling of third-party antivirus tools is anti-competitive. The argument mostly hinges around when Microsoft switches you to Defender and the amount of breathing room given to other developers.
Microsoft's Edge browser stays secure by acting as a virtual PC
Microsoft has unveiled Windows Defender Application Guard for Microsoft Edge, a new system that will isolate the browser on Windows 10 Enterprise PCs, making them harder to hack. In a blog, the company wrote that it's "the first operating system to ship this type of technology alongside a browser." Using the Virtualization Based Security (VBS) recently introduced for Windows 10, Edge runs inside a small, virtual "PC," keeping it separate from processes including storage, other apps and, most importantly, the Windows 10 kernel.
Windows 10 now protects against cyberattacks
Windows Defender has offered a baseline level of PC security for years, but that's not really going to cut it in an era when data breaches and other large-scale cyberattacks are virtually commonplace. That's why Microsoft is stepping up its game: it's launching Windows Defender Advanced Threat Protection, an optional Windows 10 enterprise service that flags signs of cyberattacks in time to prevent a bad situation from getting much worse. It looks for telltale clues on individual PCs, such as exploit attempts and unusual system file access. If something's up, it'll recommend a response to the IT staff -- they may not have to sift through activity logs to know what's causing grief on their network.
How could Lenovo miss its Superfish security hole?
Until mid-day yesterday Lenovo thought the biggest problem with Superfish VisualDiscovery was the annoying ads it caused to pop up on customers' laptops. SuperFish was supposed to analyze images on the web and "help" consumers find similar products, but the information security world was learning that it (apparently unintentionally) does quite a bit more. Facebook engineer Mike Shaver tweeted Wednesday night about how the preloaded adware performs a man-in-the-middle (MITM) attack on supposedly secure connections, and by Thursday morning security researcher Rob Graham showed how it could be used to spy on the encrypted communications of anyone running the software. At that point, Levono CTO Peter Hortensius still referred to resulting security problems as "thoretical" but moves today from Microsoft and the US government -- and his comments to us -- show that they've realized the threat is very real. Update: Lenovo has just released a Superfish removal tool. In an accompanying statement (included after the break), the company says it's also working with McAfee so that virus scanners will remove the software and its certificate.
Windows Defender beta gains 'offline' functionality, can run sans-OS
PC users have been using Windows Defender to free themselves from the bane of viruses, malware and spyware for quite a while, but until now, you've needed Microsoft's OS running for it to do its work. That changes with a new beta, which creates bootable CDs or USB sticks that can run the utility. Those interested can begin by downloading the Windows Defender Offline Tool, which'll prompt you for either of those mediums and then install around 300MB of virus hating bits. And remember, because you're statically downloading an almanac of today's viruses, doesn't mean you'll be ready for those tomorrow, so those taking the plunge better remember to stay up to date.
