14 DAY TRIAL // After praising Windows 10 for blocking zero-days that weren’t yet patched thanks to built-in mitigation technologies, Microsoft comes back to applaud the operating system for the protection that it offers to users in the case of ransomware attacks.
Tommy Blizard, member of the Windows Defender ATP Research Team, explains in a post on TechNet that Windows 10’s Windows Defender Advanced Threat Protection (ATP) can block ransomware even in those cases when antivirus fail to do it, preventing infections from spreading across networks.
Blizard says Cerber, which is one of the widely-known file encryptors, can be blocked with new technologies that will become available in the upcoming Windows 10 Creators Update, including tools that help detect in-memory malware and kernel-level exploits.
Blocking PowerShell commands
Windows 10 Creators Update will be specifically improved to isolate infected machines, giving administrators more time to block the malware and remove its files from the compromised systems.
For example, the Windows 10 ATP can detect a PowerShell command that’s supposed to spread the Cerber infection on a system, even when antivirus protection is not running. And what’s more, Blizard says the operating system can block PowerShell scripts that attempt to download infected files in the background.
“Windows Defender ATP also generated an alert when the PowerShell script connected to a TOR anonymization website through a public proxy to download an executable. Security operations center (SOC) personnel could use such alerts to get the source IP and block this IP address at the firewall, preventing other machines from downloading the executable. In this case, the downloaded executable was the ransomware payload,” Blizard explains in an analysis.
Microsoft Edge will also play a key role in the efficiency level of Windows 10’s built-in security system, as it’s capable of blocking exploit kits and ransomware from reaching a computer. The browser employs the so-called SmartScreen Filter, which can check URLs based on a reputation system to block access to websites that are known for hosting malware.
Without a doubt, the security of Windows is improving a lot, and this is one of the reasons Microsoft hopes more users would update to the latest versions. For the time being, however, Windows 7, which doesn’t benefit from all these improvements, continues to be the top desktop OS with a market share of nearly 50 percent.