Windows Defender sandboxed: Researchers do it

Researchers of the company Trail of Bits (R&D) managed to sandbox Windows Defender, the default anti-virus solution that comes with recent versions of Windows.

Sandboxing is a technical term that describes the implementation of an application within a specific framework. This framework prevents an attacker from exploiting the application to reach the underlying operating system.Windows Defender

Current versions of Windows Defender are not sandboxed

It's unbelievable, but as it turns out, Windows Defender, a critical part of the Windows operating system, doesn't work by default in , although the product - in various formats and names - has been part of the Windows application portfolio for at least 13 years.

The Trail of Bits team has created a framework with Rust, which runs Windows applications within their own AppContainers. Researchers released this framework under the name AppJailLauncher at GitHub.

"Or it allows you to wrap an application's I / O behind a TCP server, allowing the sandboxed application to run on a completely different machine, with an additional layer of isolation," the Trail of Bits team told AppJailLauncher.

This version of the sandbox is for 32-bit versions of Windows and the core component of Windows Defender – Malware Protection (MsMpEng).

In recent months, Google's security team's engineers Project Zero have shown how vulnerable this component is, discovering many bugs which could be exploited to gain full control of vulnerable machinery.

Some of these bugs were so dangerous that a simple email or malicious JavaScript file was enough to undermine Windows systems.

Η on the other hand it has focused in recent years on improving Windows security. Compared to previous versions of operating systems, Windows 10 is extremely well protected.

Microsoft engineers have already installed sandbox on some Windows applications. For example, the JIT code compiler in Microsoft Edge runs on sandbox. Applications such as Device Guard detect and prevent the exploitation of common vulnerabilities, keeping Windows systems safe.

As permany experts commented on the Trail of Bits experiment, [1, 2], one reason why Microsoft chose not to use sandbox in Windows Defender may be related to the potential performance of the application.

The Trail of Bits experiment is just a proof that Windows Defender can be sandboxed but did not focus on performance-related metrics.

The technical details are described detailed here.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).