Windows 10 News and info | Forum
July 20, 2019, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Windows Defender becomes first antivirus to run inside a sandbox  (Read 124 times)
Hero Member
Online Online

Gender: Male
United States United States

Posts: 30238

I Do Windows

WWW Email
« on: October 27, 2018, 03:54:26 AM »

Microsoft announced today that Windows Defender is the first antivirus to gain the ability to run inside a sandbox environment.

In software design, a "sandbox" is a security mechanism that works by separating a process inside a tightly controlled area of the operating system that gives that process access to limited disk and memory resources.

The idea is to prevent bugs and exploit code from spreading from one process to another, or to the underlying OS.

A sandbox escape is one of the most complex pieces of exploitation malware, or a hacker can perform, and running programs inside sandboxed environments is considered an optimal security measure and good software architecture.

"We're in the process of gradually enabling this capability for Windows insiders and continuously analyzing feedback to refine the implementation," Microsoft said today in a celebratory blog post.

Users who can't wait until Microsoft finishes testing the feature can also enable it right now. Support for Windows Defender running inside a sandbox environment has been silently added since Windows 10 version 1703. To enable it right now, Windows 10 users can follow these steps:

   ■ Open the Start Menu and type "cmd.exe".

   ■ Right-click the cmd.exe (Command Prompt app) and click on the "Run as
      Administrator" option.

   ■ Type setx /M MP_FORCE_USE_SANDBOX 1

   ■ Press enter and wait for the validation.

   ■ Restart the PC.

Microsoft says it started working on porting Windows Defender to a sandbox environment after "security researchers both inside and outside of Microsoft have previously identified ways that an attacker can take advantage of vulnerabilities in Windows Defender Antivirus's content parsers that could enable arbitrary code execution."

The most infamous of these researchers is Google's Tavis Ormandy, who identified several of these types of vulnerabilities, including one that he labeled "crazy bad."

During many of his bug reports, Ormandy had privately and publicly recommended that Microsoft move Windows Defender to a sandbox and prevent attackers from using it as a way to take over Windows PCs.

This type of attack is possible because Windows Defender --but also all antivirus programs-- automatically scan all incoming files and data streams, such as emails, IM messages, or newly downloaded files. Windows Defender scans these files for viruses, but if the file contains malformed code, this automatic scan also ensures malicious code is executed as soon as it reaches a user's computer, with SYSTEM-level privileges.

If Windows Defender or any other antivirus is vulnerable, the attack can be devastating, allowing hackers to take full control over targeted PCs.

Microsoft said it did not see any such attacks against Windows Defender in the wild, but the company opted to sandbox Windows Defender and not take any risks with users' safety.


Pages: [1]
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page June 07, 2019, 11:10:33 PM