Slashdot Mirror
Windows Defender Becomes First Antivirus To Run Inside a Sandbox (zdnet.com)
An anonymous reader writes: Windows Defender is the first antivirus to gain the ability to run inside a sandbox environment, Microsoft said in an announcement. In software design, a "sandbox" is a security mechanism that works by separating a process inside a tightly controlled area of the operating system that gives that process access to limited disk and memory resources. The idea is to prevent bugs and exploit code from spreading from one process to another, or to the underlying OS.
"We're in the process of gradually enabling this capability for Windows insiders and continuously analyzing feedback to refine the implementation," Microsoft said in a celebratory blog post. Users who can't wait until Microsoft finishes testing the feature can also enable it right now. Support for Windows Defender running inside a sandbox environment has been silently added since Windows 10 version 1703. To enable it right now, Windows 10 users can follow these steps.
"We're in the process of gradually enabling this capability for Windows insiders and continuously analyzing feedback to refine the implementation," Microsoft said in a celebratory blog post. Users who can't wait until Microsoft finishes testing the feature can also enable it right now. Support for Windows Defender running inside a sandbox environment has been silently added since Windows 10 version 1703. To enable it right now, Windows 10 users can follow these steps.
Todays viruses are lot like the ones of old.
Newer OS's tend to use the App Store concept for most of your trusted applications, that reduces viruses. However the realization that real damage doesn't need to be at the root/system level. But on the user level. Because you data is more important then the OS. Sure you may not be able to open up a low number IP Port, but your user account even on Linux systems, is often good enough to cause a lot of damage.
Linux and Mac systems are protected by the fact that they are not used enough by average joe, and most software you get from trusted locations.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
No, that's a misconception. Only very few operating systems actually isolate all its tasks fully according to the principle of least privilege.
In most mainstream operating systems, sandboxing is not the default but has to be initiated by the parent process before the process starts, or even voluntarily by the process itself.
Most sandboxing mechanisms were added as afterthoughts, so they do have some kind of quirk that either makes it hard to use or opens up a hole if you are not careful.
"We mustn't be caught by surprise by our own advancing technology" -- Aldous Huxley
Just so I understand a process with global read access to every file on a system is now sandboxed because the people who wrote it are incapable of ensuring their AV parsers are not exploitable?
Now we are to believe the supposed remedy to this is to rely on a sandboxing system orders of magnitude less defensible than the AV software itself?
In the event of successful exploitation of AV but miraculously sandbox works as intended what prevents anything on your system including any inspected network data from being exfiltrated for exploitation by criminal enterprise?
Microsoft created .NET and Checked C... surely it's not beyond their capabilities to design a parser that can't be exploited in the first place.