Friday, June 30, 2017

Windows 10 to Get Built-in Protection Against Most Ransomware Attacks


Ransomware Ransomware Everywhere Not a Single Place to Hide!

But, Microsoft has a simple solution to this problem to protect millions of its users against most ransomware attacks.

Two massive ransomware attacks —

WannaCry

and

Petya

(also known as

NotPetya

) — in a month have caused chaos and disruption worldwide, forcing hospitals, ATMs, shipping companies, governments, airports and car companies to shut down their operations.

Most ransomware in the market, including

WannaCry

and NotPetya, are specifically designed to target computers running Windows operating system, which is why Microsoft has been blamed for not putting proper defensive measures in place to prevent such threats.

But not now!

In the wake of recent devastating global ransomware outbreaks, Microsoft has finally realized that its Windows operating system is deadly vulnerable to ransomware and other emerging threats that specifically targets its platform.

To tackle this serious issue, the tech giant has

introduced

a new anti-ransomware feature in its latest Windows 10 Insider Preview Build (16232) yesterday evening, along with several other security features.

Microsoft is planning to introduce these security features in

Windows 10 Creator Update

(also known as RedStone 3), which is expected to release sometime between September and October 2017.

The anti-ransomware feature, dubbed

Controlled Folder Access

, is part of Windows Defender that blocks unauthorized applications from making any modifications to your important files located in certain "protected" folders.

Applications on a whitelist can only access Protected folders. So you can add or remove the apps from the list. Certain applications will be whitelisted automatically, though the company doesn't specify which applications.

Once turned on, "Controlled folder access" will watch over files stored inside Protected folders and any attempt to access or modify a protected file by non-whitelisted apps will be blocked by Windows Defender.

So, whenever an application tries to make changes to Protected files but is blacklisted by the feature, you will get a notification about the attempt.

How to Enable Controlled Folder Access, Whitelist Apps and Add or Remove Protected Folders

Here's how to enable the Controlled folder access feature:

  • Go to Start menu and Open the Windows Defender Security Center
  • Go to the Virus & Threat Protection settings section
  • Set the switch to On

Here's how to allow apps that you trust is being blocked by the Controlled folder access feature to access Protected folders:

  • Go to Start menu and Open the Windows Defender Security Center
  • Go to the Virus & Threat Protection settings section
  • Click 'Allow an app through Controlled folder access' in the Controlled folder access area
  • Click 'Add an allowed app' and select the app you want to allow

Windows library folders like Documents, Pictures, Movies, and Desktop are designated as being compulsorily "protected" by default, which can not be removed.

However, users can add or remove their personal folders to the list of protected folders. Here's how to add folders to Protected folders list:

  • Go to Start menu and Open the Windows Defender Security Center
  • Go to the Virus & Threat Protection settings section
  • Click 'Protected folders' in the Controlled folder access area
  • Enter the full path of the folder you want to monitor

Users can also enter network shares and mapped drives, but environment variables and wildcards are not supported at this moment.

Other Security Feature Introduced in Windows 10 Insider Program

With the release of Windows 10 Insider Preview Build 16232, Windows Defender Application Guard (WDAG) for

Edge

— a new system for running Microsoft Edge in a special virtual machine in order to protect the OS from browser-based flaws — also received improvements in usability.

Windows 10 Insider Preview Build also comes with support for Microsoft Edge data persistence when using WDAG.

"Once enabled, data such as your favorites, cookies, and saved passwords will be persisted across Application Guard sessions," Microsoft explains.
"The persisted data will be not be shared or surfaced on the host, but it will be available for future Microsoft Edge in Application Guard sessions."

Another new security feature called

Exploit Protection

has been introduced in Windows 10 16232, which blocks cyber attacks even when security patches are not available for them, which means the feature will be useful particularly in the case of zero-day vulnerabilities.

Exploit Protection works without Microsoft's Windows Defender Antivirus tool, but you can find the feature in Windows Defender Security Center → App & Browser Control → Exploit Protection.

In the Fall Creators Update for Windows 10, Microsoft has also planned to use a broad range of data from Redmond's cloud services, including Azure, Endpoint, and Office, to create an

AI-driven Antivirus

 (Advanced Threat Protection) that can pick up on malware behavior and protect other PCs running the operating system.

Also, we reported about Microsoft's plan to build its

EMET or Enhanced Mitigation Experience

Toolkit into the kernel of the upcoming Windows 10 to boost the security of your PC against complex threats such as zero-day vulnerabilities.

Also, the company is planning to

remove the SMBv1

(Server Message Block version 1) — a 30-year-old file sharing protocol which came to light last month after the devastating

WannaCry outbreak

— from the upcoming Windows 10 (1709) Redstone 3 Update.

Besides this, some other changes and improvements have also been introduced with the release, along with patches for several known issues.



from The Hacker News http://ift.tt/2sojVzP

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.