1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Windows 10 will allow apps to actively scan their content for malware

Discussion in 'Windows 10 Information and Alerts' started by starbuck, Jun 11, 2015.

  1. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Windows 10 will have a new mechanism that will allow software developers to integrate their applications with whatever antimalware programs exist on users’ computers.

    The goal of the new Antimalware Scan Interface (AMSI) is to let applications send content to the locally installed antivirus product to be checked for malware.

    According to Microsoft, this can have important benefits when dealing with script content in particular, because malicious scripts are commonly obfuscated to bypass antivirus detection. Scripts also typically get executed in the memory of the applications that are designed to interpret them, so they don’t create files on disk for antivirus programs to scan.

    While the malicious script might go through several passes of deobfuscation, it ultimately needs to supply the scripting engine with plain, unobfuscated code,” Lee Holmes, principal software engineer at Microsoft, said in a blog post. “When it gets to this point, the application can now call the new Windows AMSI APIs to request a scan of this unprotected content.”

    Scripting is not the only type of content that can be scanned with this new feature. Communication apps could scan instant messages for viruses before displaying them to users and games could scan plugins before installing them, Holmes said.

    The Windows developer reference for AMSI says that the mechanism allows for “file and memory or stream scanning, content source URL/IP reputation checks, and other techniques.” So, it potentially supports many types of content in many use cases.

    Catalin Cosoi, chief security strategist at antivirus firm Bitdefender, doubts that the feature will have a significant impact over the next couple of years, because in order to be effective both application developers and antivirus vendors need to decide to use it. How many of them will do so remains to be seen.


    Source:
    http://www.networkworld.com/article...heir-content-for-malware.html#tk.rss_security
     

Share This Page