Using a computer without anti-malware software is not a good idea. That's why Microsoft ships Windows Defender as a core feature in Windows 10.
You're no doubt aware that Defender -- and third-party apps like it-- offer an critical layer of protection against threats like ransomware and cryptominers. What you may not know is that they can also introduce new security risks.
That's why Microsoft is adding a sandbox mode to Windows Defender. Sandboxing an app keeps its activities isolated from the rest of the software installed on your computer. Should something go wrong, the sandbox acts as a sort of force field and prevents damage from spreading.
Sanboxing isn't a new thing. There's a good chance you're already using one app that runs in a sandbox. Google Chrome has been sandboxed since 2008.
That makes it very, very hard for hackers to do any serious damage by attacking Chrome. Even if they can find an exploit for the browser itself they still have to figure out escape Chrome's sandbox. Without that escape, there's no way to directly attack the computer's operating system.
Google changed the game for browser security by sandboxing Chrome. Microsoft has done the same for anti-malware apps by sandboxing Windows Defender.
Anti-malware apps need deep access to your operating system to do their job. They need to be able to see what's going on behind the scenes in order to detect and neutralize malicious code.
Some anti-malware apps also offer browsing protection, too. To secure your browser, they need full access to all the data you upload and download.
When suspicious activity is spotted, these apps upload what they've discovered to a remote server for analysis.
It's not hard to see how a weakness in an anti-malware app could be disastrous. A hacker who managed to compromise your app of choice could peer into your files, snoop on all your Internet activity, and silently steal your files.
As many security researchers put it antivirus or anti-malware software is a backdoor. It's a backdoor that you install knowingly and it's one that you trust.
Microsoft has made sure that it's nigh-impossible for hackers to abuse that trust and sneak in through the backdoor.
You're no doubt aware that Defender -- and third-party apps like it-- offer an critical layer of protection against threats like ransomware and cryptominers. What you may not know is that they can also introduce new security risks.
That's why Microsoft is adding a sandbox mode to Windows Defender. Sandboxing an app keeps its activities isolated from the rest of the software installed on your computer. Should something go wrong, the sandbox acts as a sort of force field and prevents damage from spreading.
Sanboxing isn't a new thing. There's a good chance you're already using one app that runs in a sandbox. Google Chrome has been sandboxed since 2008.
That makes it very, very hard for hackers to do any serious damage by attacking Chrome. Even if they can find an exploit for the browser itself they still have to figure out escape Chrome's sandbox. Without that escape, there's no way to directly attack the computer's operating system.
Google changed the game for browser security by sandboxing Chrome. Microsoft has done the same for anti-malware apps by sandboxing Windows Defender.
Anti-malware apps need deep access to your operating system to do their job. They need to be able to see what's going on behind the scenes in order to detect and neutralize malicious code.
Some anti-malware apps also offer browsing protection, too. To secure your browser, they need full access to all the data you upload and download.
When suspicious activity is spotted, these apps upload what they've discovered to a remote server for analysis.
It's not hard to see how a weakness in an anti-malware app could be disastrous. A hacker who managed to compromise your app of choice could peer into your files, snoop on all your Internet activity, and silently steal your files.
As many security researchers put it antivirus or anti-malware software is a backdoor. It's a backdoor that you install knowingly and it's one that you trust.
Microsoft has made sure that it's nigh-impossible for hackers to abuse that trust and sneak in through the backdoor.
0 comments:
Post a Comment