Windows to make it more secure than previous editions, but the strongest
protections will be available only to those willing to pay a steep
price for them.
Windows 10 Anniversary Update has introduced many mitigation
techniques in core Windows components and the Microsoft Edge browser,
helping protect customers from entire classes of exploits for very
recent and even undisclosed vulnerabilities, Matt Oh and Elia Florio of
Microsoft’s Windows Defender ATP Research Team wrote in an online post
last week.
Countering unidentified vulnerabilities — also known as “zero day”
vulnerabilities — is particularly important because they are a powerful
tool used to penetrate systems and steal data by attackers, especially
those working for nation-states.
Rather than focus on a single vulnerability, Microsoft is focusing on
mitigation techniques that counter classes of exploits, Oh and Florio
explained.
“As a result, these mitigation techniques are significantly reducing
attack surfaces that would have been available to future Zero-Day
exploits,” they wrote.
Paying for Protection
For the most effective post-breach protection, customers should sign up
for Windows Defender ATP, Oh and Florio suggested, a service that is
available only to users of Windows Enterprise E5.
That appears to be a departure from how Windows security was treated in the past, observed Michael Cherry, an analyst with Directions on Microsoft.
When Microsoft launched its Trustworthy Computing initiative in 2002,
there was a commitment to making all versions of Windows equally
secure, he recalled.
“Now, what Microsoft is saying in a subtle way,” Cherry told
TechNewsWorld, is that “to be the most secure on Windows, you should be
using Windows Defender Advanced Threat Protection — but we’re saving
that for our best customers, our customers willing to pay for the
enterprise edition. That’s a big change that’s happening in Windows
security.”
What Users Get
Nevertheless, the security improvements in the new Windows 10 Anniversary Update are worthwhile for consumers.
“This is great news for users,” said Jerome Segura, a senior security researcher for Malwarebytes.
“Microsoft is addressing zero days and exploits in general by
sandboxing a lot of the components in the operating system,” he told
TechNewsWorld.
Sandboxing is a technique used to isolate activity in a space where
it can be observed without affecting its surroundings. If it behaves
badly in the sandbox, then it won’t be allowed to play with the other
parts of a system.
Sandbox techniques were used in Windows 10 to neutralize an exploit
that used corrupt fonts to gain escalated privileges on a system,
Microsoft’s Oh and Florio explained. Escalated privileges allow an
intruder greater freedom to roam and access data on a network.
Room for Improvement
While Microsoft is making good progress in hardening the Windows kernel,
it could improve the operating system’s security in other areas, too.
One of those areas is third-party applications and components.
“While it’s trying to ensure that its operating system is secure, it
still depends on Flash, Java and other pieces of software. At the end of
the day, the security of the system is going to depend on all the
pieces, not just what Microsoft ships,” Malwarebytes’ Segura observed.
“You can have an OS that’s safe, but if you have an outdated Flash plug-in, you can still get infected,” he pointed out.
Hackers also are exploiting Microsoft Office documents.
“Microsoft needs to tighten up legacy code like macros — either disable it or sandbox it,” Segura said.
Threat to Security Vendors?
As Windows security improves, will it threaten the security ecosystem that has grown up around the OS?
“Ultimately, Microsoft’s new anti-exploit features in Windows calls
into question the value of legacy antivirus protections,” said Simon
Crosby, CTO of Bromium.
“However, it is important to note that relatively few enterprises use
Windows 10 yet, so any Microsoft mitigation in Windows 10 that fails to
address the legacy Windows installed base cannot address threats
targeting [the security ecosystem],” he told TechNewsWorld.
Windows users still need to use antivirus programs, added Jack E. Gold, founder and principal analyst with J.Gold Associates.
“Microsoft is pushing its antivirus program,” he told TechNewsWorld, “so it’s not saying you don’t need antivirus anymore.”
Ref: Technewsworld.com