Windows has always been a favourite target for hackers. They keep coming up with new strategies to hack into Windows. On the other hand security experts too keep researching on Windows so as to come up with antivirus strategies to combat threats and thwart hacking attempts. However, there’s some good news for Windows lovers. With Windows 10, things are different it seems; it’s perhaps the best OS with features that work as antivirus strategies. Hacking into Windows 10 through an OS vulnerability is read hard; hacking into Windows itself has grown harder than it was earlier. This is the general tone of reverberations at this year’s Black Hat conference, held recently. Following this, articles have come up online stating that hackers are impressed with the security that Windows 10 features have bestowed on it. Let’s discuss some of the features that make Windows 10 a tough nut to crack, for hackers…
The AMSI tools
AMSI tools (Anti-malware Scan Interface Tools) are tools that Microsoft has developed to catch malicious scripts in memory. AMSI tools can be made use of by any app or antimalware engine; Windows Defender uses it. Since cyber-criminals depend a lot on script-based attacks, especially those that execute on PowerShell and since they have started using PowerShell and load scripts in memory, it has become difficult to detect scripts saved to memory. Thus these scripts get executed. AMSI tools detect scripts at the host level, ie, scripts that are saved on disk, stored in memory or launched interactively and prevents them from getting executed. Though there are shortcomings, AMSI could be perfected and could be used to create a bright future for Windows, especially Windows 10.
VBS
VBS (Virtualization-based Security) is a set of security features that Microsoft has introduced and which is part of the Windows 10 hypervisor or Hyper-V, which has control over the root partition. VBS helps Hyper-V create a specialized virtual machine that has a high trust level to execute security commands and which is protected from the root partition. As we know, Windows 10 can enforce code integrity of user-mode binaries and scripts. VBS handles kernel-mode code and blocks unsigned code from executing in the kernel context, thereby blocking malware from entering kernel mode.
Secured Active Directory
AD (Active Directory), which is key to the security of Windows, gains much importance in the modern era when enterprises move workloads to the cloud. AD is now used to identify and authenticate in Microsoft Azure. All authenticated users have read access to most objects and attributes in the AD and hence a standard user account can compromise an AD domain if the modify rights to domain-linked group policy objects and organizational unit are not properly granted. AD compromise becomes easy if AD is not secured, so it becomes important for the security guys to secure AD.
Related Resources: