Following a series of recent nation-state hacking and malware infection events, including the global spread of the WannaCry ransomware, Microsoft has committed to significantly improving Windows 10 security in the fall edition of the Creators’ Update for enterprise customers. Home users will probably have to wait a few years longer until some of these features start trickling down to them though, if ever.
Windows Defender ATP
The Windows Defender Advanced Threat Protection (ATP) security solution is a paid service to which enterprise and education customers can subscribe to better protect themselves against attacks from nation states or other sophisticated hacking groups. The service uses advanced cloud-powered attack detection, and it gives customers access to rich timelines for forensics and mitigation. It also comes with its own threat intelligence knowledge base.
Microsoft announced that the Windows Defender ATP service will be integrated across the entire Windows threat protection stack, which will give its customers access to much improved centralized management.
The Windows Defender ATP service will also be available for the Windows Server operating system in addition to Windows Enterprise, Windows Education, Windows Pro, and Windows Pro Education.
New And Improved Features
The new suite will include features such as the Windows Defender Exploit Guard and Windows Defender Application Guard, as well as significant updates to Windows Defender Device Guard and Windows Defender Antivirus.
The Windows Defender Exploit Guard is a brand new feature that’s essentially an up-to-date (but also built-in) version of EMET, Microsoft’s previous anti-exploit tool for enterprise customers and home users alike, and a feature that should've have been implemented in Windows 10 from day one. One of the main improvements over EMET is the integration with Microsoft's Intelligent Security Graph (ISG), which allows enterprise customers to better understand the threats they face and how to prevent them.
The Windows Defender Application Guard (WDAG) is also a recent but most interesting security solution that essentially puts the Edge browser in a virtual machine when users are running non-whitelisted websites. The WDAG acts as another layer of protection by containing the malware before it even reaches the Windows Defender Exploit Guard or the Windows Defender Antivirus.
Windows’s application control capabilities (such as AppLocker) have also been integrated into the Windows Defender ATP service to make them easier to manage. Security engineers can enable application control on-demand on infected devices. Automated application control list management is also possible via the ISG.
Advanced Security For Everyone, Not Just Enterprise Customers
Some of these features can only work for enterprise customers, because they may be too complex to operate by regular users and require system administrators that can master them. However, others such as the Windows Defender Application Guard, and even the Windows Defender Exploit Guard to a certain degree, make ideal candidates for improving the security of all Windows users. After all, EMET used to be a tool that everyone could download and use with little trouble, except for the occasional conflict with some legacy programs.
As ransomware continues to become more popular with malicious hackers, using anti-exploit tools and containing browsers (not just Edge) in lightweight virtual machines is exactly the type of security features that everyone should have available on their machines, rather than kept exclusive to enterprise customers.
The BitLocker encryption tool is another security feature that has also long been exclusive to professionals and enterprise customers, at a time when regular users have benefited for years from encryption features on their mobile devices or Linux and macOS computers.
It’s long overdue for BitLocker to come to all Windows devices, and the Windows 10 Fall Creators Update would be a good time to introduce BitLocker to everyone. Ideally, it would also arrive with improved protection against physical attacks.