Intelice Solutions: Blog
Windows 10 Finally Creates a Solution for Ransomware
Windows recently revealed that their latest version of Widows 10 is immune to ransomware.
They also made updates to earlier versions of their OS to protect them.
When the WannaCry Ransomware hit a while back, Microsoft took an unusual step of patching all its old operating system. Even the ones it had stopped supporting for various reasons. This step was taken as a way to limit any potential impact that the ransomware may have on infrastructures such as hospitals and schools.
However, one of the operating systems that did not require a patch was Windows 10. Now the company has revealed how their latest OS has been designed to resist ransomware. While such inventiveness is always a race between hackers and OS creators, it is always nice to know how they work. That way, future developers can always get some insight on how future attacks can be prevented. Here is a short summary I have created about the Windows 10 capabilities.
The Windows 10 Creators Update Protection.
The Creators Update or version 1703 of Windows 10 comes with specific protection to fend off malware. For instance, it has a behavior that will allow it to suspend suspicious files. These files are then run through a “controlled detonation chamber” service that checks malware. The Windows Defender comes with an Antimalware Scan Interface technology in the latest version. This allows it to detect JavaScript or Visual Basic script that is executing or downloading ransomware.
Improvements to the Edge Browsers.
Additionally, Windows says that its Edge browser has a high degree of protection. It opens pages in ‘container sandboxes’ that protects them from malicious programs. Any downloads through the browser are run through a reputation checking service. Additionally, users are provided with the option of choosing whether they want to run Flash-based content. Microsoft views this as a great way to protect computers against ransomware.
Not only does Windows Edge protect from malicious ransomware, but it also works very well against malicious sites and phishing attempts. With more companies relying on the web to conduct business transactions, being protected from phishing is an awesome move by Microsoft.
Flash Control.
The purpose of flash control is to stop ransomware infections that occur immediately a user visits a site using Adobe software. The result is that ransomware can exploit weaknesses in Adobe software to the detriment of the user.
Device Guard.
To enjoy most of the protection that Microsoft offers, users have to upgrade to Windows 10. It is all part of their upselling strategy. Another feature that Windows has included in their latest version of their OS is device Guard. The device guard lets organization whitelist the software that can run on their devices. The whitelist applies to plug-ins and add-ins as well.
The Device Guard technology uses hardware virtualization of the CPU to protect the computer from bad system files and drivers as well. However, to utilize this feature, you will need to have a CPU with virtualization capabilities. In short, this technology may not work on older computers with older CPUs.
Advanced Threat Protection.
Another feature that Microsoft touted in their new version of Windows 10 is a post-bleach analysis service of Windows Defender Advanced Threat Protection. This will allow Windows 10 to better analyze any ransomware that attacks a computer. The Windows Defender Advanced Threat Protection is sold separately for businesses. It is not the same as having Windows Defender antivirus.
Cloud-Based Protection.
The Windows 10 OS comes with an inbuilt antivirus that can block Ransomware automatically. However, one unique attribute about it is its ability to use machine learning. Thus, it is able to block even never-before-seen malware.
Thus, any suspicious files, whether new or unknown will be kept safely away from your device. Other advanced technologies that are used with cloud-based technology are deep neural networks, fuzzy matching, and other advanced technologies.
In this version of Windows 10, the anti-virus can suspend suspicious files from running and sync with other technologies on the cloud to inspect the file. Within seconds, the AV will be able to determine if the file is dangerous or not. The information is then stored to help others in the future. Thus, the ability of Windows 10 to defend against malware only grows as more attacks are directed to it.
What the Researchers Think.
When the version 1511 of Windows 10 was released, various organizations conducted studies on it to see if it was possible to use hacking code on it. The researchers said that the Version 1511 was the last potentially vulnerable version of Windows 10 for the use of leaked code in hacking. However, they did say there were still some potential workarounds to protect it. However, they also noted that there were no workarounds for protecting older versions of Windows.
What will This Mean for the User Experience?
The average user of a PC will probably not notice much difference. These are behind the scenes tweaks to the security rather than updates to the interface. If you are a business owner, it means you will not have to hold a session with your staff to make them understand how to use the new version of Windows.
If you have just begun using Windows 10 in your organization, the latest version of updates may not be much of a priority. You may want to wait for the next major rollout of Windows, which has been dubbed Redstone 3. That one is slated to take place sometime later this year. Any organization that uses Windows via the Volume License Service Center has been able to receive this update since May 1.
Windows Avails these Features Only in Its Latest Updates.
Windows has prepared a very thorough PDF to explain its protection from ransomware. In it, it is quite clear that most of the features can only be accessed in its latest version.
You are only as Strong as Your Weakest Links
If you want to stay safe in your organization, you will need to stay safe at all levels of the network. You will need to conduct end-user security training for instance. That way, your employees do not unwittingly open the door wide open for the bad guys to begin playing around with your security.