Microsoft Developing AI-Driven Antimalware for Windows 10
Microsoft is working on significant changes for Windows 10 in its upcoming Fall Creators Update. The update doesn't have a known release date yet, but we now know about an important new feature that it'll debut, sometime between September and October.
It's now well understood that antimalware software can no longer be completely local signature dependent in order to be effective against malware attacks.
Microsoft announced that their Windows Defender Advanced Threat Protection system will soon be augmented with AI-driven malware analysis. When a new file is discovered by Microsoft's antimalware cloud server system and determined to be malicious, a signature for it will be created. The AI system will then look for similar malware on other Windows machines that have network connectivity. The new antimalware system eliminates the need for users and system administrators to configure clients and servers to install local patches of antivirus signatures. Theoretically, local zero day attacks should become less frequent.
According to Windows enterprise director Rob Lefferts, 96% of cyber-attacks involve new and zero day malware. It currently takes Microsoft researchers hours to develop a signature. The new AI system should significantly speed up that process, possibly protecting millions of Windows machines sooner than ever.
The new cybersecurity features that will debut in the Fall Creators Update for Windows Defender ATP will initially only be available to enterprise customers. Microsoft plans to eventually make the features available to all Windows 10 users. They've even mentioned that they're working on making ATP available for operating system platforms other than Windows.
The upcoming Fall Creators Update also includes Windows Defender Exploit Guard, which enables companies to restrict how code is executed on their machines. Exploit Guard uses Attack Surface Reduction smart rules for intrusion prevention, and helps users take advantage of vulnerability mitigation capabilities like those formerly offered in the Enhanced Mitigation Experience Toolkit.
Source: Information Security Magazine