The best antivirus, anti-malware and in general a reliable defense against the increasing number of viruses, ransomware, Trojan horses, etc for Windows PC, apparently ships with the OS. Windows Defender, which was recently renamed to Microsoft Defender owing to its multi-platform functioning capabilities, is the most commonly used defensive solutions. The inbuilt antivirus solution is now installed and running on more than 500 Million computers with Windows operating system.
Microsoft, the company that builds the Windows OS as well as maintains and updates the default antivirus solution, attributes the high reliability and efficiency of Microsoft Defender to its own advanced algorithms that define and fine-tune the virus detection tools. These tools, improved using Machine Learning, have essentially helped Microsoft’s anti-virus solution climb to the top.
Machine Learning And Cloud-Based Security Allow Microsoft Defender To Be A Reliable Default Antivirus System For Windows PCs:
The antivirus integrated into Windows 10 OS, and recently renamed Microsoft Defender because it is now multi-platform, is also the primary defense on over half a billion devices. In other words, Microsoft Defender is currently working on over half the Windows ecosystem, noted Tanmay Ganacharya, general manager of Microsoft ATP security research.
“Windows Defender already has a share greater than 50% in the Windows ecosystem. So over half a billion machines are running Windows Defender in active mode as the main antivirus. And it has grown quite significantly and is among the best now.”
Microsoft Defender essentially allows Windows 10, and even previous iterations of Windows OS like Windows 8.1 and even Windows 7, perform reliably without the user needing to buy another antivirus solution for their PCs. Although Microsoft is proud of its in-house developed antivirus solution which is now the sole defender on more than half of Windows PCs, it is still concerned about the security.
My team recently unearthed a fileless campaign called Astaroth that completely lived-off-the-land: it only ran system tools throughout a complex attack chain. Advanced technologies in Microsoft Defender ATP's next-generation protection exposed and defeated this attack. pic.twitter.com/ADvldBnB5V
— Tanmay Ganacharya (@tanmayg) July 8, 2019
The cloud-based machine learning techniques might ensure the majority of viruses and their malicious code cannot penetrate or cripple the defenses. However, modern-day hackers and virus creators have become quite proficient at attempting multiple techniques to bypass security on Windows 10.
A few malware variants discovered in recent months have used legitimate Windows tools to download code. While this method in itself is quite stealthy, the code runs in memory alone. In other words, there are no executable files that most older generation of viruses usually downloaded. If that’s not concerning enough, some hackers have even managed to obtain digitally signed files with trusted certificates. These fraudulently acquired legitimate files have been recently used to cleverly bypass antivirus control tools and sneak in malicious code.
Incidentally, the sheer size of the Microsoft Defender’s applicable field, now threatens to make its machine-learning models a greater target, noted Ganacharya, “Windows Defender is protecting more than 50% of the Windows ecosystem, so we’re a big target, and everyone wants to evade us to get the maximum number of victims. We’ve predicted this is going to happen, and this is why we invested in this before it happened.”
It's important to work proactively as well as reactively – the attack you observe and remediate is good, but the attack you avoid is better. TVM in Microsoft Defender ATP helps you keep track of vulnerable software without installing yet another agent.https://t.co/NOASVQUjSS
— Chris Jackson (@appcompatguy) July 2, 2019