Antivirus evolved

Page 1 of 2 12 LastLast
    Antivirus evolved

    Antivirus evolved

    Posted: 08 May 2017

    Some say antivirus is an outdated technology. What does “antivirus” even mean? For us, antivirus is the most commonly-recognized term that means for customers “a product that stops bad programs from infecting my device.” Saying “antivirus” is similar to when you hear a Southerner (like myself) say “Coke” when referring to a carbonated beverage. Or like when my partner, who is from the UK, says it’s time to “Hoover” the house, when he really means to vacuum.

    The original connotation of the term “antivirus” has become defunct. Everyone knows it’s not just about viruses anymore—there’s more to it than that. The traditional means of protecting customers by having humans write signatures based on malware they’ve analyzed, essentially the original method of developing antivirus, is, practically speaking—dead.

    What’s in a name

    Windows Defender Antivirus is more than what the name might traditionally imply. When you protect over a billion customers and provide a verdict for around 90 billion potentially malicious encounters each day, traditional antivirus simply doesn’t scale. Today, we have published a new white paper, Evolution of malware prevention, that describes many of those capabilities, and I’ll go through them briefly in this blog post.

    Microsoft is in a unique position to deliver protection to customers. The Windows Defender team, has many industry veterans who have deep knowledge of malware, infection vectors, and even the actors and their motivations – the whole kill chain. Aside from that, Microsoft also has a foundational core of data scientists and experts in machine learning. These individuals span across the company. You can find them in Microsoft Research, of course, but check any team like Office or Bing or Family Safety and you will find at least a few, to an army of data scientists, nearby. Data science is a core part of Microsoft’s DNA which, of course, extends to the Windows Defender team where we have been evolving machine learning to protect our customers.

    Machine learning, behavioral analysis, and other evolutions

    Windows Defender Antivirus has machine learning models on the local client and in our cloud protection system. At the client, we use high-performance, mostly linear models, to detect malware.

    Although 97% of malware is detected locally by the client, we send additional data on suspicious signals and files to the cloud protection system. Heuristic detections, behavioral analysis, and client-based machine learning models work together to identify these potential threats and send them to the cloud protection system for its high-power computational capability. Our most intensive machine learning models live in our cloud protection system. These models can apply enormous computing power to machine learning models that could never run efficiently on the client. We have quick, linear models, of course, in addition to more intensive models like Deep Neural Networks. However, to run hundreds of these models simultaneously to report a verdict in milliseconds, you need serious power that you would not want to impose upon a single computer.

    Machine learning as a buzzword has become a hot button topic in the antivirus community, so I want to clarify my position here. Machine learning is but one tool of many required to protect customers. The best artisans utilize a collection of tools and know when to choose one over the other to master their craft. In this case, the craft is customer protection.

    At Microsoft, we have the luxury of having the efficiency and precision of traditional antivirus and automated, intelligence-based capabilities that use behavioral analysis, heuristics, and machine learning to scale out our human experts.

    On any given day, 30% to 40% of customer malware encounters are related to malware seen more than one time in the ecosystem. These types of threats are great candidates for efficient client-based signatures. The rest of encounters, and in fact 96% of the distinct attacks and signals we see, are first seen threats. These are prime candidates for evolved, intelligent features that use behavioral analysis, machine learning models, or other methodologies.

    As mentioned above, most of the threats our customers encounter are detected at the client. However, some of our most powerful, most intensive rules, run in our cloud protection system. So, that additional 3% of threats are detected through intensive processing power in a way that doesn’t impact client performance. We let our cloud protection system do the heavy lifting. Our cloud protection system is also connected to the MicrosoftIntelligent Security Graph (ISG), which is informed by trillions of signals from billions of sources consisting of inputs we receive across our endpoints, consumer services, commercial services and on-premises technologies. All that uniquely positions us to personalize our protection and identify anomalies which often represent new threats.

    This vast framework of protection tools allows us to efficiently scale out our human expertise. For every malicious signal we manually investigate, we provide protection for an additional 4,500 threats and 12,000 customers (on average). That works out to 99.98% of threats detected for the .02% we manually investigate—a pretty decent ratio.

    Figure 1: Windows Defender AV uses next generation technologies to process malicious signals

    In the protection stack

    Of course, Windows Defender Antivirus is just one key component in the fight against malware and other types of threats. Windows 10 includes a stack of security features that complement Windows Defender Antivirus. We’ve recently introduced Windows Defender Advanced Threat Protection(Windows Defender ATP) to the Windows Defender brand family, which can help customers to detect and respond to advanced attacks that might get past your primary defenses. These features combined provide a secure and full-featured suite of solutions to help customers achieve the security profile that today’s modern threat landscape and customer demand.

    Figure 2: The Windows Security Protection stack utilizes a mix of traditional and modern technologies to block cybersecurity threats

    For more details, read the recently published whitepaper, Evolution of malware prevention.

    Holly Stewart

    Source: Antivirus evolved Windows Security
    Brink's Avatar Posted By: Brink
    08 May 2017

  1. Posts : 983
    Windows 7/64 Professional

    I seriously doubt that their is another single company that put as much hardware, and personnel dollars into security that Microsoft does.

    Yet their are so many reports, test, blogs and posts all over that keep telling all of us that Microsoft security programs are not top shelf.
    My personal beliefs are that Microsoft does a very good job with security but causes a problem in the market place.
    That problem is in most cases their programs for security are free. Those companies selling programs do not like Microsoft's method of free security.
    I personally use Microsoft Security Essentials with Windows 7 and when I do use W-10; Defender was my choice of security.
    I do use Malwarebyte's active in conjunction with Microsoft security programs which are also active.

    They have always worked for me. At times I do use other programs when I believe necessary for a simple reason.
    I'm paranoid and like to check my system with other trusted programs to verify Microsoft and Malwarebytes are doing their job. I can only remember one virus that got in my system in the last 2 or 3 years and I believe that happened because I was downloading programs after a Clean Install and I wasn't paying attention as well as I should of been and gave permission for the bag guy to sneak in.

    The end game is, I believe the information that Brink has posted from Microsoft. I'm a simple home user but still need security just like the big boys.

    Just my opinion.

      My Computers

  2. Posts : 1,097
    Windows 10 Home x64 Version 1809 (OS Build 17763.437)

    At some level we all have a problem of one kind or another at some time. Most of my life was spent with the attitude that if I thought you were an SOB, I wanted you to be the first to know. Eventually I got to trying to be equally generous with compliments.

    When we have a problem we want everyone to know about it. If things run smoothly we tend to be quiet about it. After all, who wants to hear about is NOT broke or malfunctioning? I think maybe that gives us a distorted view of the subject.

    I'm pretty sure if I had some of the problems I've read here, I would be telling everyone that would listen about them. And I can do that with some colorful language that isn't soon forgotten. Meanwhile, I'm thankful that I've been lucky.
      My Computer

  3. Posts : 725
    Windows 10 Home - Version 21H1- Build 19043.1266

    Windows Defender and MBAM on demand on the side has kept my laptops running smooth and virus/malware/pup free for years.

    I can't say the same when I used to be vigilant about which AV topped the detection/elimination test of the month charts and trying them out - I'd experience computer slowdowns, problematic signature updates - sometimes very serious, annoying upsell with the free ones and even occasionally getting a serious virus or malware that required extra tools to remove - usually due to overconfidence in the program. I later decided to always be careful of what sites I visit, what links I click and what programs I download. Since then I haven't had any problems and with Windows defender and MBAM as back up allowing my computer to function smoothly without annoyance and intrusion I'm confident I won't have any problems.

    Though I do wish they would fix the exclamation issue already.
      My Computers

  4. Posts : 5,200
    Windows 11 Home

    Layback Bear said:
    I seriously doubt that their is another single company that put as much hardware, and personnel dollars into security that Microsoft does.
    Yes, they do, even more, because they are focused on security only, WD team is only one branch of Microsoft. Not to mention, that all those great features are mostly available only for Enterprise users, like ATP. I use WD on mom's computer, but for a real user, I would not recommend WD, there are better options.

    NScript is the component of mpengine that evaluates any filesystem or network activity that looks like JavaScript. To be clear, this is an unsandboxed and highly privileged JavaScript interpreter that is used to evaluate untrusted code, by default on all modern Windows systems. This is as surprising as it sounds.

    The core component of MsMpEng responsible for scanning and analysis is called mpengine. Mpengine is a vast and complex attack surface, comprising of handlers for dozens of esoteric archive formats, executable packers and cryptors, full system emulators and interpreters for various architectures and languages, and so on. All of this code is accessible to remote attackers.
    Google Researchers Find Wormable "Crazy Bad" Windows Exploit

    Microsoft Security Advisory 4022344

    Security Update for Microsoft Malware Protection Engine - - Windows 10 Forums
    Last edited by Brink; 09 May 2017 at 13:40.
      My Computer

  5. Posts : 19,238
    W11+W11 Developer Insider + Linux

    I have never had much fate in AVs and always considered them as just another security layer. Until last year and W10 and it's WD becoming a full fledged AV (and some other things), I didn't use any other AV with none of bad effects. Learning how to protect yourself is best policy. There's no insurance for "stupid".
    I occasionally do a full sweep with it, Mbam and AdwCleaner just for good measure. If I ever suspect some other security related problem, I usually use a program that addresses that particular matter and or online and offline scans.
      My Computers

  6. Posts : 66
    Windows 10 Pro 64 bit

    Which (inevitably) brings rather unexperienced home users like myself to two direct questions:

    1. Would you advise an average and yet rather prudent user to rely only on WD in a Windows 10 (e.g. Home) environment or for the time being a "solid" and possibly not free (internet) security package should be still regarded as a top priority within a family budget?
    2. Moreover, the fact that WD has evolved so much, should be considered as a deterrent to install on the same machine other firms' antiviruses or security packages out of fear of some possible hidden incompatibility between the Microsoft program and the other one (even if of course the mere fact of installing another ware should automatically and completely disable WD)?

    Thanks a lot :)
      My Computer

  7. Posts : 53
    Windowes 10 Pro 15063.332

    defender isn't "top shelf" cause there is very little you can tweak in it to you needs
      My Computer

  8. Posts : 19,238
    W11+W11 Developer Insider + Linux

    ChaChaLaBoom said:
    defender isn't "top shelf" cause there is very little you can tweak in it to you needs
    Except for those tweaks built in WD, what else do you tweak in other AVs ?
      My Computers

  9. Posts : 725
    Windows 10 Home - Version 21H1- Build 19043.1266

    TairikuOkami said:
    I use WD on mom's computer, but for a real user, I would not recommend WD, there are better options.

    I think if anything doing the opposite makes more sense.
      My Computers


  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 12:24.
Find Us

Windows 10 Forums