Microsoft recently announced that the Windows 10 Creators Update would provide businesses ‘next-gen ransomware protection’ to guard against future malware attacks.
Microsoft’s Windows 10 Creators Update comes not long after several NHS hospitals and trusts running older versions of Windows OS fell victim to WannaCry ransomware attacks.
The Redmond-based technology giant says it has leveraged hardware-based security and exploited mitigations to thwart ‘brazen’ cyber-attacks on systems running Windows 10 operating system. New technologies like Windows Defender Antivirus and Windows Defender Advanced Threat Protection have also offered protection to users against powerful malware injections.
Microsoft added that thanks to its anti-malware solutions, ‘no Windows 10 customers were known to be compromised by the recent WannaCrypt (also known as WannaCry) global cyber attack.’
The technology giant now aims to strengthen its operating system further to help guard against future cyber-attacks that are expected to be more lethal and potent compared to existing ones. It has poured in several new ‘ransomware specific investments’ in Windows 10 Creators Update which will leverage a new-look Windows Defender, next-gen endpoint protection and rich machine learning to offer ‘next-gen ransomware protection’ to personal and business customers.
“Out of all malware blocked by Windows Defender Antivirus (Windows Defender AV), 99.992% were detected and blocked by machine learning and behavioral analysis, guided by expert threat research,” said Microsoft.
Here are five ways Microsoft’s new Windows 10 Creators Update will help businesses ward off future malware and ransomware threats:
1. Windows Defender AV
In Creators Update, the Windows Defender AV software will not only block a suspicious file but will also sync with cloud protection service to quarantine and inspect it. The file is then run on a ‘controlled detonation chamber’ to determine the threat posed by it. Once it is destroyed, information stored in the file is added to Microsoft’s machine learning classifiers and clustering, thus incorporating automatic protection from future malware attacks using similar suspicious mechanisms.
2. App screening
It has been observed that in the recent past, hackers were able to inject malware into systems by silently embedding them in apps authorised and inspected by Microsoft, Google or Apple. In Creators Update, Microsoft’s ‘Device Guard’ software will not only let in apps exclusively authorised by the company, but will also ensure that apps will be able to run specific plug-ins, add-ins, and modules, thus reducing the attack surface for malware embedding itself in a clean process.
3. Microsoft Edge
Websites will no longer be able to run Flash by default on the Microsoft Edge browser and will require user consent before running the same. This way, users will have the power to authorise only those Flash content that they wish to view.
Thanks to the new feature, ransomware infections that automatically start with malformed Flash objects will no longer be able to affect systems and an existing Adobe vulnerability will also be effectively plugged.
4. Behaviour analysis
Microsoft has integrated behaviour analysis with Windows Defender antivirus software to catch obfuscators and code protectors that prevent new malware from being detected by file-based antivirus detection software.
Using behaviour analysis, Windows Defender can spot and catch new hacking techniques that separate ‘attacks into multiple stages and splitting behavioral actions across multiple benign processes running in the system.’
“With the Creator’s Update, Windows Defender AV’s behavioral engine can aggregate malware behavior across processes and stages. By tracking activities across multiple vectors, Windows Defender AV not only acts on these multi-stage threats but also provides valuable intelligence to identify and block similar components used in other attacks,” said Microsoft.
5. Scanning 32-bit apps
A new feature in Creators Update will let Windows Defender better inspect 32-bit apps running on 64-bit operating systems. Using the Wow64 compatibility layer as well as cloud intelligence, Windows Defender will be able to perform deeper process inspection of 32-bit apps during system interactions, thus getting rid of malware injected using such apps.