Microsoft's chief software engineer Lee Holmes said that Windows 10 apps will now be able to connect to installed platforms anti-virus to better fight against malicious programs.
Holmes stated that the feature Antimalware Scan Interface (AMSI) Windows 10 will allow applications and services to use different anti-virus to detect malicious activities in the system memory.
As Holmes mentions, most anti-malware μπορούν να διαβάσουν τις υπογραφές των ύποπτων δραστηριοτήτων, αλλά αν χρησιμοποιούνται τεχνικές στην codification like XOR, security applications fail as malware appears benign.
Attempts to date, at best, did not detect the attacks that occurred in the memory and, at worst, they had false positive results that stopped legal proceedings.
Holmes said, "Or the antivirus engine checks files opened by the user. "If the malicious content is only in the memory, the attack may go unnoticed."
"Malicious scripts can go through various paths to hide themselves, but ultimately they have to feed the engine scripting with a simple, non-obfuscating code. At this point, the application can now call the new Windows AMSI API and request a scan of the unprotected content.
"Any application can also call a registered anti-malware engine through AMSI and edit the submitted content."
Holmes called on all application developers to add to their applications the ability to use AMSI.
As the expert mentions the new feature can be extended to "catch" the malware σε πλατφόρμες ανταλλαγής άμεσων μηνυμάτων ή πλατφόρμες παιχνιδιών, βίντεο plug-ins και πολλά άλλα.
"There are so many more opportunities - this is just the beginning," he said
Let's say that Windows DefenderThe platform anti-virus from Microsoft, thanks to AMSI technology able to detect coded malicious scripts with XOR.