No one wants to be hacked, but it is probably satisfying to know when those pesky hackers have a hard time drilling into your sophisticated system.
That’s how Microsoft should feel right now.
A popular target for hackers, Windows has raised the bar for criminals and security researchers this time around. Using built-in antimalware tools, Windows 10 is able to find malicious scripts and capture them in its memory. The antimalware scan interface, or AMSI, is aiming to become a staple in security, as it will assist in blocking cybercriminals from using and relying on script-based attacks. A lot of Windows systems are more vulnerable to script-based attacks, as they come including Powershell. The “game changer” of AMSI is that it can detect and stop scripts directly coming from the host, including scripts stored on disks, memory, and launched interactively. Though, as with anything that is built to defend, AMSI cannot fight by itself. Other security measures are to be used alongside it in order for them to all work to their full potential, and even then, it is not a perfect solution.
A key component for Windows administration is Active Directory, and as more and more organizations move to using the cloud for storing their data, it is becoming even more critical. Active Directory is now able to help with authentication and identity in Microsoft Azure instead of use in authentication and management for on-premises internal corporate networks. Securing AD is essential because if you do not secure it, compromise becomes even more likely to occur. By staying on top of software updates and segmenting the network to make it tougher for attackers to move through laterally, it will aid in avoiding mistakes and protecting administrator credentials. Identifying administrator rights for AD, scanning active directory domains for inappropriate custom permissions, and limiting service account rights will make for better AD security and lessen common attacks.
Virtualization-based security, or VBS, was introduced by Microsoft in Windows 10. In its entirety, it is a set of security features baked into the hypervisor and can prevent straightforward attacks. Even if a kernel was compromised, VBS doesn’t allow any unsigned code from executing in the context.
Criminals, researchers, hackers, and curious minds that are interested in testing the power of Windows 10, you’ve been warned. Once you are able to break through Windows first defenses, Microsoft shuts the security hole. These new and innovative security tricks are meant to make attacks, if not impossible, much harder and forces those hackers to think of different ways to get around them. Though no software can be completely perfect and bug-free, Windows 10 is definitely a victory in the eyes of defenders.
It’ll only be a matter of time before Microsoft is forced to implement even more security features, but for now, we have Windows 10.