Microsoft recently revealed that their latest version of Windows 10 is immune to Ransomware.
They’ve also updated earlier versions of their OS to protect legacy users.
When the WannaCry Ransomware hit a while back, Microsoft took the unusual step of patching all its older operating systems. These patches included versions of Windows that had long been out of support. Though these measures were a bit unusual for Microsoft, they were taken to limit any potential impact that the Ransomware may have on the infrastructures of hospitals, schools, and other locations that may still be running older operating systems.
One software giant’s operating system did not require a patch: Windows 10. The company has revealed how their latest OS has been designed to resist Ransomware. While such inventiveness is always a race between hackers and OS creators, it is always nice to know how they work. That way, future developers can always get some insight on how future attacks can be prevented. Here is a summary I have created about Windows 10’s advanced capabilities.
The Windows 10 Creators Update Protection
The Creators Update (or version 1703 of Windows 10) provides specific protection to fend off malware. For instance, it has a behavior allowing it to suspend suspicious files. These files are then run through a “controlled detonation chamber” service that checks for malware. The Windows Defender has an Anti-Malware Scan Interface technology in the latest version. This allows it to detect JavaScript or Visual Basic script executing or downloading Ransomware in the background.
Improvements to the Edge Browsers
Windows says that its Edge browser has a high degree of protection. It opens pages in ‘container sandboxes’ that protect against malicious programs. Any downloads through the browser are run through a reputation-checking service. Additionally, users are provided with the option of choosing whether they want to run Flash-based content. Microsoft views this as a great way to protect computers against Ransomware.
Not only does Windows Edge protect from malicious Ransomware, but it also works very well against malicious sites and phishing attempts. With more companies relying on the web to conduct business transactions, adding protection from phishing is an awesome move by Microsoft.
Flash Control
The purpose of Flash control is to stop Ransomware infections that occur when a user visits a site that uses the ubiquitous Adobe software. The result is that Ransomware can no longer exploit weaknesses in Flash.
Device Guard
Another feature that Windows has included in its latest OS version is Device Guard. The Device Guard lets organizations whitelist the software that can run on their devices, and this whitelist applies to plug-ins and add-ins.
The Device Guard technology uses hardware virtualization of the CPU to protect the computer from bad system files and drivers as well. However, to utilize this feature, you must have a CPU with virtualization capabilities. In short, this technology may not work on computers with older CPUs.
Advanced Threat Protection
Another feature that Microsoft touted in their new version of Windows 10 is a post-bleach analysis service of Windows Defender Advanced Threat Protection. This will allow Windows 10 to better analyze any Ransomware that attacks a computer. The Windows Defender Advanced Threat Protection is sold separately for businesses. It is not the same as having Windows Defender antivirus.
Cloud-Based Protection
The Windows 10 OS comes with an inbuilt antivirus that can block Ransomware automatically. This integral antivirus is fairly advanced and includes the unique ability to use machine learning to block never-before-seen malware. Any suspicious files, whether new or unknown, will be kept safely away from your device. Other advanced technologies that are used with cloud-based technology are deep neural networks and fuzzy matching.
In this version of Windows 10, the anti-virus can suspend suspicious files from running and sync with other technologies on the cloud to inspect the file. Within seconds, the AV will be able to determine if the file is dangerous or not. The information is then stored to help others in the future. Thus, the ability of Windows 10 to defend against malware only grows as more attacks are directed to it.
What the Researchers Think
When version 1511 of Windows 10 was released, various organizations conducted studies on it to see if it was possible to use hacking code on it. The researchers said that Version 1511 was the last potentially vulnerable version of Windows 10 for using leaked code in hacking. However, they did say there were still some potential workarounds to protect it. However, they also noted that there were no workarounds for protecting older versions of Windows.
What will This Mean for the User Experience?
The average PC user will probably not notice much difference. These are behind-the-scenes tweaks to the security rather than updates to the interface. If you are a business owner, you will not have to hold a session with your staff to make them understand how to use the new version of Windows.
If you have just begun using Windows 10 in your organization, the latest version of updates may not be much of a priority. You may want to wait for the next major rollout of Windows, dubbed Redstone 3 and slated to launch sometime later this year. Any organization that uses Windows via the Volume License Service Center has been able to receive this update since May 1st.
Windows Avails These Features Only in Its Latest Updates.
Microsoft has prepared a very thorough PDF to explain its latest protective measures against Ransomware. The document clarifies that most of the features can only be accessed in its latest version.
You Are Only as Strong as Your Weakest Links
If you want to stay safe in your organization, you must stay safe at all levels of the network. You will need to conduct end-user security training for instance. That way, your employees do not unwittingly open the door for the bad guys to begin playing around with your security. Be wary of social engineering, phishing, and other hacking methods that exploit the human element.