Microsoft wants Windows 10 to become an intelligent botnet to combat viruses and spyware

Ransomware has been a feature in our headlines recently, and it’s been a talking point for people all around the world. Scary global attacks like WannaCry and NotPetya/Petya may lead one to believe that we just aren’t winning the war against the hackers and script kiddies, given how sophisticated and advanced these attacks are these days. Well, Microsoft thinks it may have the answer to the new threat, and they propose fighting a botnet with a botnet of their own – namely over 300 million computers running Windows 10. This is either a recipe or success, or abject failure resulting in us creating the singularity and activating Skynet’s self-awareness.

The idea isn’t new, to be fair. Virus scanners with an online component like Panda Antivirus, as well as some paid-for software like Kaspersky Internet Security have a virus scanning and threat detection engine that almost acts like a botnet of its own. Multiple computers can pile in with their analysis and samples of new viruses in the wild, enabling antivirus makers to develop countermeasures to the new threats as they see them pop up on the radar. Microsoft’s approach is pretty much the same, but with over 300 million customers it may just be more effective at catching new threats than other software.

Although very little has been discussed publicly at this point, Microsoft’s idea is to attach machine learning to the Windows Defender software suite, which includes a whole bunch of services and features like the Enhanced Mitigation Experience (EMET), which is used in enterprise networks to protect against zero-day security exploits. The system will keep track of user interactions with possible threats, as well as analyse and react to new threats on a network, such as being able to quarantine individual machines from infecting others.

It’s not foolproof, but it’s a step in the direction of a coordinated system that learns how to best fight against new malware and viruses. Microsoft’s enterprise customers will see this first integrated into Windows Defender Advanced Threat Protection, managed by dedicated SecOps teams inside a company.

Also coming to customers in the Windows 10 Fall Update will be a new feature designed specifically to guard against, and identify, new types of malware. It will be included inside Windows Defender, which is always running on any system. The feature, called “Exploit Protection”, will continually audit file access requests and any changes that an application on your system may make to your files.

As a user, you can add specific applications to the list of approved software, and give it settings that will identify if it tries to something strange, like opening images that have been intentionally altered to include malicious code. It’s a tricky thing to understand, and the language used for the feature in the Windows 10 Insider Preview is vague, but it should be a nice buffer against applications that try to encrypt your entire Documents folder for funsies.

Finally, there’s also a third feature to help with ransomware attacks called “Controlled folder access”. It’s currently rolling out in the Insider Preview for Windows 10, but it’s not ready for the public just yet. The feature will keep track of accesses and edits made to protected folders that are on a whitelist or added to a whitelist by users, and it will ensure that any malicious activity does not corrupt or erase them. The users or system administrators will be notified about the issue, but after that point its up to you to decide how to react to the threat.

The feature also doesn’t allow for more advanced options like password controls for individual folders, in the event that malware uses a trusted application to make changes to your files, but hopefully that comes later.

If you’re interested in signing up for the Insider Preview for Windows 10 to test out new features like this, you can do so in the Settings menu under Update & Security > Windows Insider Programme. You can optionally also get there using Start, typing in “Windows Insider”, and clicking on the first hit you see. Keep in mind that all of this software is in a beta state, and carries no guarantees as to its stability or usability.

Source: Eteknix, Technet blog