Microsoft To Integrate 3rd-party Security Info Into Its Windows Defender Advanced Threat Protection Service

Microsoft is partnering with other security vendors to integrate their macOS, Linux, iOS, and Android security wares with its Windows Defender Advanced Threat Protection (ATP) service From a report: Microsoft has announced the first three such partners: Bitdefender, Lookoutm and Ziften. These companies will feed any threats detected into the single Windows Defender ATP console. With Defender ATP, every device has its own timeline with event history dating back up to six months. According to Microsoft, no additional infrastructure is needed to onboard events from macOS, Linux, iOS and/or Android devices. Integration with Bitdefender's GravityZone Cloud -- which allows users to get macOS and Linux threat intelligence on malware and suspicious files -- is in public preview as of today. A trial version is available now. Integration with Lookout's Mobile Endpoint Security for iOS and Android and Ziften's Zenith systems and security operations platform for macOS and Linux will be in public preview "soon," Microsoft's blog post says.

Upload your 'suspicious' documents for you

Beware this.

Anything that could be construed as 'suspicious' by the software, or 'targetted' by any entity that wants more information from X is going to dump on people.

Basically, a nice plausible way to say this was 'accidental' but still get access to interesting files like corporate secrets, design files, etc, etc, on your PC.

Re:Upload your 'suspicious' documents for you

[ctilsie242]

This is a worry as well. If can be a vector for compromise, witting or unwitting.

Realistically, we don't need more AV BS. Instead, we need better application separation, snapshotting, ability to roll back, and defense in depth. For example, Excel shouldn't be touching Word documents unless the user explicitly specifies it, and an unknown third party web extension shouldn't be touching anything out of its temp directory.

We definitely don't need third parties and even OS vendors having the ability (and the mandate) to slurp files at will. What is malicious software today can be a MP3 track or movie tomorrow, or perhaps a copy of a dissident's writings the day after.

There is a balance between security and privacy. The gain for allowing all and sundry to suck up documents at will is not worth much, because no AV is good at fighting the zero day attacks anyway. At best, it might catch a Trojan, but I've found that a good ad blocker, running the web browser in a sandbox or VM, and solid backups is a lot more useful than any AV product.