Windows Defender has come a long way from being a just another basic Antivirus program to become one of the most reliable one and even better than some of the popular Antivirus programs. A white paper on The Evolution of Malware Prevention released by Microsoft mentions that Windows Defender protects over a billion Windows customers and provide a verdict for around 90 billion potentially malicious encounters every day. These are staggering stats, to say the least.
The Evolution of Malware Prevention
The recent colossal attacks of WannaCrypt ransomware on the Global IT ecosystem has once given a rude reminder of how vulnerable our systems are. The trust on many of the antivirus software who could not resist WannaCrypt attack is broken.
So what makes Windows Defender effective? Before we get to that, first let’s analyze why traditional antivirus programs are failing malware attacks.
Why traditional Antivirus programs are failing
Reason 1: Attackers have adopted a Polymorphism approach in their attack
Attackers are employing modern infrastructure and cloud capabilities to continually generate new threats and package threats in new ways.
The traditional means of protecting customers by having humans write signatures based on malware they’ve analyzed, essentially the original method of developing antivirus, is, practically speaking—dead. This is one of the main reasons, why most antivirus programs are unable to counter newer threats.
Most customer encounter attacks that are completely new. Stats from Microsoft revealed that 96% of the malware attacks are seen on only one computer and never seen again.
Reason 2: Traditional, signature-based antivirus programs are reactive
Another reason behind the failure of the traditional antivirus programs is their non-predictive functionality. They can only diffuse attacks which are similar to the existing ones or are at least similar. However, what is needed, is Expert systems capable of exponentially amplifying protection from a limited number of samples to protect customers from millions of never-before-seen-malware.
What makes Windows Defender work
Machine learning, behavioral analysis, cloud protection system
Windows Defender Antivirus is based on machine learning models and equipped with cloud protection system. It uses linear models to detect malware.
97% of malware is detected locally by the user; Microsoft sends this data about suspicious signals and files to the cloud protection system. Heuristic detections, behavioral analysis, and client-based machine learning models work together to identify these potential threats and send them to the cloud protection system for its high-power computational capability.
Microsoft’s machine learning models are embedded in cloud protection system. These models can apply enormous computing power to machine learning models that could never run efficiently on the client. The cloud protection systems are also connected to the Microsoft Intelligent Security Graph (ISG), which collects signals from billions of sources consisting of inputs on malware and other threats.
This vast framework of protection tools allows Microsoft to scale human expertise. For every malicious signal that is investigated, Microsoft provides protection for an additional 4,500 threats and 12,000 customers (on average).
Microsoft Defender is not just a standalone system
Microsoft’s white paper highlights that Windows Defender is not just one of the standalone but is supported by several others. Recently introduced Windows Defender Advanced Threat protection, is one amongst such security tool that Microsoft has stacked in Windows 10.
Above combined features, allows Windows Defender to provide a secure and full-featured suite of solutions to help customers achieve the security profile that today’s modern threat landscape demand.
Go here to register and download the whitepaper on The Evolution of Malware Prevention by Microsoft.
This post shows how you can harden Windows Defender protection to the highest levels on Windows 10 v1703 by changing a few Group Policy settings.