Windows 10 might be the “most secure Windows ever”, but the unfortunate reality is that companies and hospitals far and wide are getting hacked faster than ever. As a result, Microsoft is bulking up its enterprise-level defences.
Windows already ships with some built-in antivirus called Windows Defender. Currently, it’s a defensive program that looks at websites and downloads to try to stop you from getting hacked. Unfortunately, in the day and age of social engineering and spear-phishing, antivirus needs to be a little more proactive.
Windows Defender Advanced Threat Protection (shortened to WDATP, because there’s no way I’m typing that out more than once) is supposed to be that protection for large, company-wide networks. WDATP move the focus from monitoring individual files to the machine’s behaviour as a whole; rather than searching for the actual virus, it keeps an eye on symptoms.
If your machine starts connecting to weird ports or executing unusual PowerShell commands — behaviour that’s out of the ordinary for the vast majority of users — WDAPT will flag it to administrators, providing an overview of current and past behaviour for the admins to look at.
Microsoft’s also trying to take advantage of the vast Windows install base to kickstart its antivirus program. Millions of suspicious files found on machines worldwide will be run on the cloud, which will build a giant centralised database of malicious files, but also malicious behaviour.
WDAPT will launch later this year as an optional service for companies. But if the benefits of networked antivirus works out — and Microsoft can figure a way to make it work without needing trained IT professionals in the loop — it’s easy to see it make its way to consumers in the future. Hopefully, there’ll be enough time to come up with a better name. [Microsoft]