First Windows Defender virus scanner running in a sandbox

Security Leaks in Antivirus Software can have very important consequences for the security of the systems. Reason for Microsoft to develop a sandbox for Windows Defender, the virus scanner built into Windows. According to the software giant, Windows Defender is the first complete antivirus solution running in a sandbox.

In recent years, researchers at Windows Defender and other antivirus software have shown many serious vulnerabilities. Anti-virus software is often deeply integrated with the operating system and also works in the background. Vulnerabilities can give an attacker very wide access in this manner and can often be misused without user interaction. For example, it may be sufficient to send only an email with a malicious attachment. The appendix is ​​automatically scanned, which automatically implements an exploit.

Security experts and researchers have been asking antivirus companies for years to develop a sandbox for their anti-virus software. The sandbox is an extra safety measure. An attacker must not only find a vulnerability in the antivirus software, but also in the sandbox before he can attack the underlying system. Microsoft has now developed such a security measure for the latest version of Windows Defender on Windows 10.

"Running Windows Defender Antivirus in a sandbox ensures that, in the unlikely event of a failure. "hacking, malicious actions are limited to isolated applications, the environment, protecting the rest of the system," says Mady Marinescu, Microsofts. She notes that performance is often the main concern of sandboxes, especially in the case of antivirus software often involved in all kinds of events on the system. the number of interactions between the sandbox and the privileged process is limited. For example, the interaction between the sandbox takes place at important times when the impact is negligible. The sandbox is now enabled under Windows Defender testers on Windows 10, but users can also do it themselves on Windows 10, version 1703 or later. Windows Defender is a standard component of Windows 8.1 and Windows 10 and offers paid antivirus solutions during testing.