Microsoft Windows 10 Defender Antivirus And Anti-Malware Gains Secure Sandbox Functionality

windows defender
It's not common to find free software that appears to be as feature-rich and capable as the commercial competition, but where Windows Defender is concerned, it's arguably one of the best free antivirus and anti-malware solutions out there. Many have come to trust it so much, that they don't even run an additional anti-virus solution, and Microsoft takes that responsibility seriously by constantly iterating on the software's capabilities.

In a brand-new Windows Insider build, a massive overhaul of Defender can be found. After years of figuring out the best direction to take Defender, Microsoft decided that implementing sandboxes was the only reasonable route, a technique we've seen used in many pieces of software, even our web browsers.

Windows Security
Windows Security center in Windows 10, including Defender functionality

Microsoft notes that redesigning Defender to utilize sandboxes was not an easy task, but it's an important way to spend developer effort, as it could really save someone's bacon (or veggie bacon) if they're struck by a malicious piece of digital software. If a threat occurs, Defender will now keep it in the sandbox, thus preventing the rest of the system from becoming infected, and in effect spreading further corruption.

Microsoft acknowledges that one of the reasons sandboxes were finally implemented was because privilege escalation would be possible with the current design, although the official blog post notes that there's been no sign whatsoever of the design being exploited (and it's extremely difficult to pull off). Breaking out of a sandbox is "so much more difficult on the latest versions of Windows 10", according to this post.

Windows Security 02
App protection in Windows Defender

To a regular Joe or Jill, implementing a sandbox might not seem like a big deal, but there are extremely important precautions to take. A sandbox would still need some access to the main system, of course, and that means that performance could be dragged down if there's too much back-and-forth between the host OS and Defender's sandbox. That's while at the same time making sure that the implementation is as secure as possible.

Tackled challenges included reducing I/O cost, which is super important for older hardware, and involves being smarter about which bits of data are pulled from a potentially infected file, rather than scan the entire thing. You can imagine how hungry Defender would get if you wanted to extract a large archive; that basic process can already be slowed by Defender, and sandboxing could technically make it worse. Not that you would to complain too much about performance impact if it does manage to keep your PC safer. 

If you are running the latest preview build of Windows 10, you should be able to access the initial version of this sandbox-enabled Defender right now. For the rest of us, we must wait for lots of beta testing to be done. And after the October update debacle, it's smarter than ever to adopt the "safer to wait" attitude when it comes to new Windows features.


Via:  Windows Blog
Show comments blog comments powered by Disqus