Windows Defender is Doing Great Job in Protecting you Against Malwares

There are several discussions about Windows Defender which is pre-build Anti-Virus in Windows 10 and whether it is productive or not. I have seen several videos in YouTube where it wants to proof that Windows Defender is not effective and they scan for malware and it is not being detected with Windows Defender but it will detect with other Anti-Malware product, such video could be unreliable and these are questions where we couldn’t confirm in such videos:

  1. Is this real malware or it might be false-positive meaning, it is safe file but Anti-Malware accidently detect it as malware?
  2. If it is real malware, does it added into exclude or allowed list? May be Windows Defender detect it but in video, it has been added to exclude or allowed list to trick users.
  3. Is cloud protection on or off?
  4. How about signature? In video the signature number might detect incorrectly but some tricks and old signature might have been used.
  5. If the demo is true, where is its sample? How could we reproduce the demo?

Demos in YouTube with one or few samples are not valid source for malware testing. For better malware testing we need to relay on real research center where there are many researchers with tons of samples and under comparable fair environment test Anti-Malware products and could name AV-Test and AV Comparative example of reliable source for testing antimalware products. They have test environment and professional researchers where they test Anti-Malware products. In recent test which has been done in July 2018 for bot companies shows Windows Defender done excellent job as Anti-Malware product and also when dealing with malware. Let’s start with AV-Test, in their posted test on May-June 2018, Windows Defender manage to protect against all 0-days samples (meaning malwares which are unknown to Anti-Malware products) and has 100% protection (compare to industry average which was 99.6%) and in term of protection against known malwares it protects against all malwares like other products. In term of performance, it also did a great job compare to industry average but still need improvement in this area. In term of false positive detection (meaning detecting safe software as unsafe, it only has one false detection). Leading the Windows Defender as the top product in AV-Test, you may read the complete report on:

https://www.av-test.org/en/antivirus/home-windows/windows-10/june-2018/microsoft-windows-defender-4.12-182247/

Let’s check the report in AV-Comparative, in the latest test on July 2018, Windows Defender blocked all malwares with rate of 100% but it has high false-positive number of detecting 19 files. False-positive meaning the file was safe but incorrectly detected as malware and Windows Defender needs to improve in this area but it done great job by blocking all malwares. You may take a look at complete report on:

https://www.av-comparatives.org/comparison/

Above reports proof that Windows Defender is doing excellent job when it comes to detect and blocking malwares. However, as I already mention, there is no Anti-Malware software which could detect everything. Therefore, if you ever seen any sample where you believe is unsafe but being detect as safe or something which is safe but is being detect as malware in Windows Defender or other Microsoft Anti-Malware products submit its sample to Microsoft Anti-Malware team:

https://www.microsoft.com/en-us/wdsi/filesubmission

By submit sample, you would helping millions of people worldwide against getting infected with malwares and just one correct sample could help protecting thousands of systems. Security is ongoing process and we need to help Anti-Malware ecosystem, so they would be able to help us by enhancing their detection engines. You may check Anti-Malware testing website regularly to see their latest test and results.

Advertisements

Privacy Concerns in BlockChain

There are discussions about BlockChain technology. Normally, when we talk about BlockChain, it reminds people of cryptocurrencies like Bitcoin which is based on BlockChain technology. However, BlockChain could be used in other applications. BlockChain introduced concept of node for store and transferring data. Normally, when we want to transfer data in the internet, we need several servers which manage storage and transfer of data and we communicate through those servers. But in BlockChain, every PC could be considered as node and they contribute in a big system where all node together involve in storing and transferring of data. BlockChain brings high level of transparency, meaning that everyone in node will know about everything and people could easily join node. There is something known as private BlockChain where we limit access to all nodes and only nodes which we want would be part of BlockChain. Transparency is good but it should be controlled otherwise it is risk to privacy. Consider example of public and private profile in social networks like Facebook or Instagram. We might share some photos for everyone, but we share some photos with only specific people like our close friends and close family and we might have some photos which are private only for us. This is why we need servers and not nodes to protect our privacy. When we talk about servers, people who are working in data center have been verified and are being monitored. For example in Microsoft and Google Data Centers, only people who have been verified by company and government are allowed to work in data center , so we never expect to have black hacker in data center. In addition, there are protection mechanism like they couldn’t just login to a PC and they wouldn’t know which server is processing what data. If government ever need access to data for national security reason or to investigate crime, they need to go through legal procedure and they are force to adhere with privacy law and if you are citizen of country where GDPR is being enforced, you will get transparency report and you have control over your data and privacy is regulated.

However, in BlockChain the story is different, since you don’t have central server, we need relay on nodes and we need a lot of nodes. This means many people and devices which we don’t know would have access to everything. For example in BitCoin, all transactions are publicly available to all people in BlockChain. Node might belongs to hacker, cybercriminals, and bad guys and so on. Imagine, you are doing anonymous transaction with large amount of BitCoin and no one knows who you are. But they will know you have a lot of bitcoin and if they keep investigate, it won’t be hard to find you. For this reason, it is not recommended to use BlockChain for transferring sensitive data like PII (name, address, phone number, etc.). Even if all data are fully encrypted, are you trusting your personal data being shared with millions of PC? Then the idea of private blockchain come to picture. In this case, if we want to make sure privacy is fully preserved, then we need to define qualification criteria for devices. For example only devices with updated Anti-Malware and BitLocker and the one which has been approved by special privacy team allowed to be part of node. Implementing such model could build BlockChain with privacy but it would be costly and it would be better to use server instead where we have better protection and control. Instead of controlling one million trusted nodes why not control few thousands trusted server in a known location.

BlockChain is good when we need to have high degree of transparency and we don’t need to be worry about privacy. But when it comes to privacy, BlockChain is real challenge and building privacy-enable BlockChain would be expensive and difficult. Actually, I don’t see any logical argument to enforce BlockChain for sensitive data. It could be possible, but hard to manage and costly and it would be cheaper to use servers to manage everything instead of using nodes in BlockChain. When it comes to privacy we need to answer who access data (in BlockChain it is hard to find and manage who is access data). Where are my data located physically? (In BlockChain , they could be anywhere). Choosing between using centralized and server based model and BlockChain model, required you to see whether you will need transparency or privacy and then decide on which one would be more suitable.

Microsoft & GDPR

Recently the European Union, introduced new regulation which enhance protection of users within the EU. This regulation is known as GDPR and practically it succeeds the Privacy Regulation and it is new opportunity to have a better control and protection over users’ privacy and it enforce all companies and organizations and everyone who is dealing with data involving the EU citizens or companies must adhere this new regulation or they will face penalty and they have to response if they are not being compliance. Being compliance with such regulation is actually a way to protect human right and it is right to privacy but being compliance with regulation is costly and difficult for companies. It is not only about understanding the GDPR and how it works but it is about how to adapt it in the real environment. Hopefully, Microsoft is among the first companies which fully compliance with GDPR and it prepared tools for users to get ready for GDPR even before it comes into action. If you are using Microsoft Cloud technologies like Azure, Office365 and others, you cloud is fully compliance with GDPR and you could use Microsoft tools to adapt compliance easier. If you are in charge of development of application on cloud, you have to be careful about your software design and that is another issue. Windows 10 and Windows Server 2016 also giving you tools which help you to be more compliance with GDPR. Adapting GDPR would required privacy assessment and expert knowledge on field but you will come into technical issues to adapt and implement it and it is where features inside Windows and Windows Server could come and help you. If you are using Microsoft Technologies and you are in EU or you are dealing with EU, take a look at following resources:

https://blogs.windows.com/windowsexperience/2017/09/25/windows-resources-to-help-support-your-gdpr-compliance/

https://docs.microsoft.com/en-us/windows-server/security/gdpr/gdpr-winserver-whitepaper

https://docs.microsoft.com/en-us/windows/privacy/gdpr-win10-whitepaper

https://www.microsoft.com/en-us/trustcenter/compliance/complianceofferings

I wish you all to have a safe GDPR journey and be ready to protect your users and customers.

 

Why My Anti-Malware Product Won’t Detect All Malwares?

Common question, I am hearing from users is well, I am using Anti-Malware software and I paid the license but why it won’t be able to detect all malwares? Do we have any Anti-Malware product to be able to detect and remove all malwares?

We always say that, there is no Anti-Malware software which is able to detect and remove all malwares. Anti-Malware products are able to detect all malwares in wide-list. It is list of all malwares which has been discovered and it is keep updating. Of course, if we know about malware, we could detect it. But there are tons of new malwares which are being created every day and let say it is not possible to say our Anti-Malware product is able to detect all unknown malwares too. However, they won’t leave them to go around and harm users. Anti-Malware products comes with techniques to detect unknown malwares like using heuristic detection which uses machine learning and detect suspicious objects or applications based on similarity with other known malwares and behavior monitoring which detect unknown malwares based on abnormal behavior or similarity of their behavior to known malwares. There are several techniques which Anti-Malware vendors are using to detect unknown malwares. They are placing spam-trap or honeypot to collect sample of new malwares. They doing research on black markets for new malwares and users also submit sample to them. It is whole ecosystem and keep improving to make sure unknown malwares are being detected and discovered by good guys before get used by bad guys. However, it is not possible to detect all unknown malwares. So, what to do?

Anti-Malware is not the only thing which protects you against malware. There is beautiful concept of defense in depth in Windows, which explained you have defense layers which could stop malware even before they reach to Anti-Malware product like SmartScreen Filter, DEP, ASLR and others. In addition, you as a user should learn about threats around you, if you are visiting website which looks suspicious, you have to report it through SmartScreen filter. If you have sample of program which you believe it is malware but your Anti-Malware software says it is safe, submit it for analysis. Don’t hesitate contacting support or security forums to ask about your concerns with unknown malware and unknown programs. Keep yourself update about latest security incidents and best practices.

 

 

 

Questions about Windows Defender in Windows 10

Windows 10 comes with Windows Defender pre-installed (actually Windows 8 comes with Windows Defender) and it is full real-time Anti-Malware product. Windows Defender was free download for Windows XP and build into Windows Vista and Windows 7 as Anti-Malware product only. Later on, if you want to protect yourself against all malware, you could install Microsoft Security Essentials for Windows XP, Windows Vista and Windows 7. Today, Windows XP and Windows Vista are no longer supported and hence Microsoft Security Essentials are also no longer supported in these platforms and we have Microsoft Security Essentials for Windows 7 and Windows Defender pre-build into Windows 8 and Windows 10. Here I would like to answer to some of questions related to Windows Defender in Windows 10:

I am using Windows 10 , do I need another Anti-Malware product?

No, you have Windows Defender inside your Windows and it is full Anti-Malware product and it is protecting you against all malwares including Virus, Worm, Trojan, Spyware, Rootkit, Bootkit, Adware and so on.

Is Windows Defender really protecting me?

Windows Defender shows a good performance in detecting and removing all malwares according to latest test by independent researcher.

There is file I believe is a virus but it won’t be detected by Windows Defender or I have a file which is safe but being detected as virus incorrectly, what can I do?

These are known issues to all antivirus vendors like Windows Defender. You could report both cases through Microsoft Anti-Malware Sample Submission website https://www.microsoft.com/en-us/wdsi/filesubmission

Can I use different Anti-Malware product?

Yes, as long as Anti-Virus software is working fine with Windows 10 and it is compatible, you may use another Anti-Malware product and they will disable Windows Defender and replace it. Once you uninstall your Anti-Malware product, Windows Defender should get back to work.

I do have other questions or problem, what can I do?

There are other questions and answers you could find about Windows Defender and other Microsoft Anti-Malware products on https://answers.microsoft.com/en-us/protect and if your question is not answered or asked there, you may ask new question .

Enjoy using Windows Defender and have a safe cyberspace.

Google Can Read Your Mind!

I don’t think there is anyone who is using internet but they won’t do their job using Google, except for certain countries like China which Google is filtered or their own search engine is more popular. However, this is applicable to all search engines which are storing search results. Google is the most popular search engine in the world and it could read your minds. When you perform a search, what you have been searched will be stored in Google data center and it is associated with your IP address. If you already login with Google Account, it is associated with your Google Account too. This is not a bad thing and it is not intended to be a bad thing, it help advertisement to find right people to advertise their product and it also help you as a user to get right result and advertisement. For example, you might have notice this that when you keep searching for specific terms in Google like you are searching for cybersecurity, ethical hacking, it shows advertisement for bestselling books or course in these areas. IT is good for you because you will find what you want fast and for this reason we are actually using Google and advertisement will find a right target which has high likelihood of sale their products.

Storing our data and associate with IP or Account, could help Google to see what your interest are and help Google to give you what you want. However, the dark side of it is that they will know what you think, what are your interest are? And they could get complete profile of you. Of course, collection of such data is under Google Privacy statement but in the same privacy statement, Google mentions with authorization of government we shall share data, if warrant has been presented. This is great risk for national security of a country. Let say there is a country which is consider enemy nation to the United State, like North Korea, Iran, Cuba and Syria. They want to do harm to these countries and to do that, they will just ask Google tell us what people of Syria or Iran are thinking right now? Google need to check IP range for that country and see what trending search are there and based on those search trend come up with policy to harm that country. Getting warrant for enemy nation is not that hard. However, it is risk for ally too. Governments would love data, and let say government of United State want to know what people of Germany are thinking? They could get same data but not to harm Germany but to make sure during negotiations, everything will go in their interest. Like what are problems of people in Germany and what they are interested in. For example, they might see what people of Germany are interested about United State and create policies to make sure more people travel there and this is indirect way of transfer fund from Germany to United State. One good approach would be having data center inside country and under government control. United State couldn’t gain access to data in European countries easily, because data center located in Germany and is under control of German governments. Reading minds is no longer a theory, it is possible through cyberspace. Google could read your mind from what you search. Even if you enter fake data or use VPN, they could identify you by seeing what your search for and from your searching behaviors. So be careful while you are searching.

 

Why Protecting Copy Right is a Cybersecurity Issue?

If you want to gain unauthorized access to a system, there are two main strategy you could follow, one is to find a zero-day vulnerability in the system and exploit it and if you are lucky enough, then you might get access to the system. Another way is to persuade the user not follow best practices for security and use already known exploit to gain access to the system. Then you won’t need to discover unknown 0-day and you could use already know 0-day. If you ask someone to not use Anti-Virus, not update system and so on. They will raise their guard and wonder why you want them to do this and they might not listen. For this reason, hackers gone for old but useful method and it is software piracy. Well, you might persuade them to use pirate software by telling them, why you are paying so much money for license, get this software for free instead, then they won’t get latest update and why black hackers working on uncover new vulnerabilities and white hackers to patch them, unpatched system will be target for hackers with known vulnerabilities.

Protecting intellectual properties and copy right is not just ethical and legal matter. It is matter of inter(national) security. When we are not fighting against piracy, meaning letting user to buy pirate software. It means, we are open the system over known vulnerabilities which patch is available but because it is pirate, user won’t get them and it leads to what we know as botnet (zombie) and cybercriminals could expand their botnets and use infected systems for their criminal purposes. I am asking governments, will you let your citizen’s system use for criminal purposes? If you really concern about national security, you should fight against piracy and protect copy-right. In addition, based on our human right approach, everyone need to have fair access to legitimate software and programs. Political reasons shouldn’t consider as a mean to block access of people to legitimate programs. You should remember, when they don’t have access, they will go for pirate version and this leads their system to be used for criminal purposes and it makes it harder for good guys to combat cybercrimes.

I am requesting international community for better unification against software piracy. This is no longer matter of legal issue but it is important agenda in cybersecurity. We need to united otherwise we would face new attacks from legitimate users (e.g. DDoS, Malware Distribution, illegal blockchain, etc.)