Jump to content

Windows 10 will allow apps to actively scan their content for malware

Starbuck
 Share

Recommended Posts

  • ExTS Admin
Starbuck Newbie

Starbuck

Posted
  • ExTS Admin
Posted

Windows 10 will have a new mechanism that will allow software developers to integrate their applications with whatever antimalware programs exist on users’ computers.

 

The goal of the new Antimalware Scan Interface (AMSI) is to let applications send content to the locally installed antivirus product to be checked for malware.

 

According to Microsoft, this can have important benefits when dealing with script content in particular, because malicious scripts are commonly obfuscated to bypass antivirus detection. Scripts also typically get executed in the memory of the applications that are designed to interpret them, so they don’t create files on disk for antivirus programs to scan.

 

While the malicious script might go through several passes of deobfuscation, it ultimately needs to supply the scripting engine with plain, unobfuscated code,” Lee Holmes, principal software engineer at Microsoft, said in a blog post. “When it gets to this point, the application can now call the new Windows AMSI APIs to request a scan of this unprotected content.”

 

Scripting is not the only type of content that can be scanned with this new feature. Communication apps could scan instant messages for viruses before displaying them to users and games could scan plugins before installing them, Holmes said.

 

The Windows developer reference for AMSI says that the mechanism allows for “file and memory or stream scanning, content source URL/IP reputation checks, and other techniques.” So, it potentially supports many types of content in many use cases.

 

Catalin Cosoi, chief security strategist at antivirus firm Bitdefender, doubts that the feature will have a significant impact over the next couple of years, because in order to be effective both application developers and antivirus vendors need to decide to use it. How many of them will do so remains to be seen.

 

 

Source:

http://www.networkworld.com/article/2934853/windows-10-will-allow-apps-to-actively-scan-their-content-for-malware.html#tk.rss_security

Member of:

UNITE

  • Replies 0
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...