From 28868c0122460fdd56919b2fceda453ee8096d33 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 3 Aug 2018 11:30:58 -0700 Subject: [PATCH] Updates --- windows/security/intelligence/TOC.md | 2 +- .../intelligence/prevent-malware-infection.md | 59 ++++++++----------- .../intelligence/transparency-report.md | 14 ++--- 3 files changed, 32 insertions(+), 43 deletions(-) diff --git a/windows/security/intelligence/TOC.md b/windows/security/intelligence/TOC.md index 0b1524d2d8..d2dbed3390 100644 --- a/windows/security/intelligence/TOC.md +++ b/windows/security/intelligence/TOC.md @@ -26,7 +26,7 @@ ## [Worms](worms-malware.md) -## [Transparency report](transparency-report.md) +## [Industry antivirus tests](transparency-report.md) # [Industry collaboration programs](cybersecurity-industry-partners.md) diff --git a/windows/security/intelligence/prevent-malware-infection.md b/windows/security/intelligence/prevent-malware-infection.md index 75e3046205..7e14e788c9 100644 --- a/windows/security/intelligence/prevent-malware-infection.md +++ b/windows/security/intelligence/prevent-malware-infection.md @@ -18,51 +18,49 @@ You can also browse the many [software and application solutions](https://review ## Keep software up-to-date -[Exploits](exploits-malware.md) typically abuse vulnerabilities in popular software such as web browsers, Java, Adobe Flash Player, and Microsoft Office. To protect your PC from exploits, always keep software up-to-date. +[Exploits](exploits-malware.md) typically use vulnerabilities in popular software such as web browsers, Java, Adobe Flash Player, and Microsoft Office to infect devices. Software updates patch vulnerabilities so they aren't available to exploits anymore. -To keep Microsoft software up to date, ensure that [automatic Microsoft Updates](https://support.microsoft.com/help/12373/windows-update-faq) are enabled. Also, by upgrading to the latest version of Windows, you automatically benefit from a host of built-in security enhancements. +To keep Microsoft software up to date, ensure that [automatic Microsoft Updates](https://support.microsoft.com/help/12373/windows-update-faq) are enabled. Also, upgrade to the latest version of Windows to benefit from a host of built-in security enhancements. -## Watch out for threats in links, attachments, and websites +## Watch out for threats in links and attachments -Email and other messaging tools are a few of the most common ways your PC can get infected. Attachments or links on messages can open malware directly or can stealthily trigger a download. Some emails will instruct you to allow macros or other executable content—these instructions are designed to make it easier for malware to infect your computer. +Email and other messaging tools are a few of the most common ways your device can get infected. Attachments or links in messages can open malware directly or can stealthily trigger a download. Some emails will give instructions to allow macros or other executable content designed to make it easier for malware to infect your devices. -* Use an email service that provides protection against malicious attachments, links, and abusive senders. [Microsoft Office 365](https://support.office.com/article/Anti-spam-and-anti-malware-protection-in-Office-365-5ce5cf47-2120-4e51-a403-426a13358b7e) has built-in antimalware, link protection, and spam filtering, helping protect you from malware, phishing, and other email threats. +* Use an email service that provides protection against malicious attachments, links, and abusive senders. [Microsoft Office 365](https://support.office.com/article/Anti-spam-and-anti-malware-protection-in-Office-365-5ce5cf47-2120-4e51-a403-426a13358b7e) has built-in antimalware, link protection, and spam filtering. -For more information, see [Phishing](phishing.md) +For more information, see [Phishing](phishing.md). -### Malicious or compromised websites +## Malicious or compromised websites -By visiting malicious or compromised sites, your PC can get infected with malware automatically or you can get tricked into downloading and installing malware. -Check for the following characteristics to identify potentially harmful websites: +By visiting malicious or compromised sites, your PC can get infected with malware automatically or you can get tricked into downloading and installing malware. See [exploits and exploit kits](exploits-malware.md) as an example of how some of these sites can automatically install malware to visiting computers. -* Check the URL in the address bar. The initial part or the domain should represent the company that owns the site you are visiting. Check the domain for misspellings. For example, malicious sites commonly use domain names that swap the letter O with a zero (0) or the letters L and I with a one (1). If example.com is spelled examp1e.com, the site you are visiting is suspect. +To identify potentially harmful websites, keep the following in mind: -* Sites that contain adult or pirated content are common vectors for spreading malware. Users do not openly discuss visits to these sites, so any untoward experience are more likely to stay unreported. +* The initial part (domain) of a website address should represent the company that owns the site you are visiting. Check the domain for misspellings. For example, malicious sites commonly use domain names that swap the letter O with a zero (0) or the letters L and I with a one (1). If example.com is spelled examp1e.com, the site you are visiting is suspect. -* Sites that aggressively open popups and display misleading buttons. Many of these sites trick users into accepting content through constant popups or mislabeled buttons. For example, some of these sites display media play buttons to trick users into downloading and installing infected media players. +* Sites that aggressively open popups and display misleading buttons often trick users into accepting content through constant popups or mislabeled buttons. -To block malicious websites, use a modern web browser like [Microsoft Edge](http://www.microsoft.com/windows/microsoft-edge?ocid=cx-wdsi-articles) which uses Windows Defender SmartScreen to identify phishing and malware websites. Microsoft Edge also works with Windows Defender Antivirus to check downloads for malware. - -For optimal protection while browsing websites, use [Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview?ocid=cx-wdsi-articles). Application Guard helps to isolate untrusted sites, protecting you while you browse the Internet. If you browse an untrusted site through either Microsoft Edge or Internet Explorer, Application Guard opens the site in a virtualized container that is separate from the host operating system. This container isolation means that if the untrusted site turns out to be malicious, the host PC is protected and the attacker can't get to your data. Application Guard is available on enterprise editions of Windows 10 version 1709 or above. +To block malicious websites, use a modern web browser like [Microsoft Edge](http://www.microsoft.com/windows/microsoft-edge?ocid=cx-wdsi-articles) which identifies phishing and malware websites and checks downloads for malware. If you encounter an unsafe site, click **More […] > Send feedback** on Microsoft Edge. You can also [report unsafe sites directly to Microsoft](https://www.microsoft.com/wdsi/support/report-unsafe-site). -## Stay away from pirated material +### Stay away from pirated material -Using pirated content is not only illegal, it can also expose your PC to malware. Sites that offer pirated software and media are also often used to distribute malware. Many illicit media download and streaming sites try to push infected media players and codecs packages. Some of these sites can automatically install malware to visiting computers. +Using pirated content is not only illegal, it can also expose your PC to malware. Sites that offer pirated software and media are also often used to distribute malware when the site is visited. Sometimes pirated software is bundled with malware and other unwanted software when downloaded, including intrusive browser plugins and adware. + +Users do not openly discuss visits to these sites, so any untoward experience are more likely to stay unreported. -Pirated software is often bundled with malware and other unwanted software, including intrusive browser plugins and adware. To stay safe, download movies, music, and apps from official publisher websites or stores. Consider running a streamlined OS such as [Windows 10 Pro SKU S Mode](https://www.microsoft.com/windows/windows-10-s?ocid=cx-wdsi-articles), which ensures that only vetted apps from the Windows Store are installed. ## Don't attach unfamiliar removable drives -Some types of malware can spread by copying themselves to USB flash drives or other removable drives. Also, there are malicious individuals that intentionally prepare and distribute infected drives—leaving these drives in public places to victimize unsuspecting individuals. +Some types of malware can spread by copying themselves to USB flash drives or other removable drives. There are malicious individuals that intentionally prepare and distribute infected drives—leaving these drives in public places to victimize unsuspecting individuals. Only use removable drives that you are familiar with or that come from a trusted source. If a drive has been used in publicly accessible devices, like computers in a café or a library, make sure you have antimalware running on your computer before you use the drive. Avoid opening unfamiliar files you find on suspect drives, including Office and PDF documents and executable files. ## Use a non-administrator account -At the time they are launched, whether inadvertently by a user or automatically, most malware run under the same privileges as the active user. This means that by limiting your own privileges, you can prevent malware from making consequential changes to your computer. +At the time they are launched, whether inadvertently by a user or automatically, most malware run under the same privileges as the active user. This means that by limiting account privileges, you can prevent malware from making consequential changes any devices. By default, Windows uses [User Account Control (UAC)](https://docs.microsoft.com/windows/access-protection/user-account-control/user-account-control-overview) to provide automatic, granular control of privileges—it temporarily restricts privileges and prompts the active user every time an application attempts to make potentially consequential changes to the system. Although UAC helps limit the privileges of admin users, users can simply override this restriction when prompted. As a result, it is quite easy for an admin user to inadvertently allow malware to run. @@ -98,9 +96,7 @@ Microsoft provides comprehensive security capabilities that help protect against * [Microsoft Exchange Online Protection (EOP)](https://products.office.com/exchange/exchange-email-security-spam-protection) offers enterprise-class reliability and protection against spam and malware, while maintaining access to email during and after emergencies. -* [Microsoft Safety Scanner](https://www.microsoft.com/wdsi/products/scanner) helps remove malicious software from computers running Windows 10, Windows 10 Tech Preview, Windows 8.1, Windows 8, Windows 7, Windows Server 2016, Windows Server Tech Preview, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008. NOTE: This tool does not replace your antimalware product. - -* [Microsoft Security Essentials](https://www.microsoft.com/download/details.aspx?id=5201) provides real-time protection for your home or small business PC that guards against viruses, spyware, and other malicious software. For Windows 7, Windows Vista. See Windows Defender Advanced Threat Protection for later versions of Windows. +* [Microsoft Safety Scanner](https://www.microsoft.com/wdsi/products/scanner) helps remove malicious software from computers. NOTE: This tool does not replace your antimalware product. * [Microsoft 365](https://docs.microsoft.com/microsoft-365/enterprise/#pivot=itadmin&panel=it-security) includes Office 365, Windows 10, and Enterprise Mobility + Security. These resources power productivity while providing intelligent security across users, devices, and data. @@ -108,21 +104,14 @@ Microsoft provides comprehensive security capabilities that help protect against * [OneDrive for Business](https://support.office.com/article/restore-a-previous-version-of-a-file-in-onedrive-159cad6d-d76e-4981-88ef-de6e96c93893?ui=en-US&rs=en-US&ad=US) can back up files, which you would then use to restore files in the event of an infection. -* [Windows Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) provides comprehensive endpoint protection, detection, and response capabilities to help prevent ransomware. In the event of a breach, Windows Defender ATP alerts security operations teams about suspicious activities and automatically attempts to resolve the problem. This includes alerts for suspicious PowerShell commands, connecting to a TOR website, launching self-replicated copies, and deletion of volume shadow copies. Try Windows Defender ATP free of charge. The following are all a part of Windows Defender ATP: - * [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) is built into Windows 10 and, when enabled, provides real-time cloud-powered protection against threats. - - * [Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview) helps protect your employees from untrusted sites by opening the site in an isolated Hyper-V-enabled container, separate from the host operating system. - - * [Windows Defender Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/credential-guard/credential-guard) uses virtualization-based security to isolate secrets so that only privileged system software can access them. - - * [Windows Defender Exploit Guard](https://cloudblogs.microsoft.com/microsoftsecure/2017/10/23/windows-defender-exploit-guard-reduce-the-attack-surface-against-next-generation-malware/) protects files in key folders with controlled folder access. - - * [Windows Defender Firewall with Advanced Security](https://docs.microsoft.com/windows/security/identity-protection/windows-firewall/windows-firewall-with-advanced-security) blocks unwanted inbound network connections. It can also control which applications on your computer can initiate outbound connections and can warn of malware suddenly trying to establish a remote connection. - - * [Windows Defender System Guard](https://cloudblogs.microsoft.com/microsoftsecure/2017/10/23/hardening-the-system-and-maintaining-integrity-with-windows-defender-system-guard/) protects and maintains the integrity of the system as it starts up and after it’s running. It also validates that system integrity has truly been maintained through local and remote attestation. +* [Windows Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) provides comprehensive endpoint protection, detection, and response capabilities to help prevent ransomware. In the event of a breach, Windows Defender ATP alerts security operations teams about suspicious activities and automatically attempts to resolve the problem. This includes alerts for suspicious PowerShell commands, connecting to a TOR website, launching self-replicated copies, and deletion of volume shadow copies. Try Windows Defender ATP free of charge. * [Windows Hello for Business](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-identity-verification) replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN. It lets user authenticate to an Active Directory or Azure Active Directory account. +### Earlier than Windows 10 (not recommended) + +* [Microsoft Security Essentials](https://www.microsoft.com/download/details.aspx?id=5201) provides real-time protection for your home or small business PC that guards against viruses, spyware, and other malicious software. For Windows 7, Windows Vista. See Windows Defender Advanced Threat Protection for later versions of Windows. + ## What to do if you have a malware infection Windows Defender Antivirus helps reduce the chances of infection and will automatically remove threats that it detects. diff --git a/windows/security/intelligence/transparency-report.md b/windows/security/intelligence/transparency-report.md index 90e4221cbf..b5fca954c3 100644 --- a/windows/security/intelligence/transparency-report.md +++ b/windows/security/intelligence/transparency-report.md @@ -11,15 +11,15 @@ author: levinec ms.date: 07/25/2018 --- -# Industry antivirus tests +# Top scoring in industry antivirus tests -Microsoft security stack continually performs well on independent tests. +Antivirus capabilities in Windows Defender ATP **consistently receives high scores** from independent tests, making it a top choice in the antivirus market. That is because Microsoft has built the most secure version of its platform in Windows 10, making it much more difficult for exploits, malware, and other threats to infect devices. -## Top scoring in independent tests +Windows Defender ATP [next generation](https://www.youtube.com/watch?v=Xy3MOxkX_o4) protection detects and stops malware at first sight by using a model that leverages predictive technologies, [machine learning](https://cloudblogs.microsoft.com/microsoftsecure/2018/06/07/machine-learning-vs-social-engineering/), [artificial intelligence](https://cloudblogs.microsoft.com/microsoftsecure/2018/02/14/how-artificial-intelligence-stopped-an-emotet-outbreak/), behavioral analysis, and other evolutions. That is why it [is the most deployed in the enterprise](https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10). -Microsoft has worked hard to make our capabilities increasingly more effective by utilizing heuristic detections, machine learning, behavioral analysis, and other evolutions. That is why [Windows Defender Antivirus is the most deployed in the enterprise](https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10). +Millions of devices are protected from malware outbreaks and cyberattacks every day, sometimes [milliseconds after a campaign starts](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign/). In many cases, customers may not even know they were protected. -The time and effort Microsoft puts into improving Windows Defender Antivirus continues to show in the form of consistently high scores from independent tests. +The excellent results on independent industry tests is just one indication of quality we provide. ## AV-TEST @@ -49,7 +49,7 @@ The graphs below show Windows Defender AV’s detection rates in “Real World AV-Comparatives is an independent organization offering systematic testing for security software such as PC/Mac-based antivirus products and mobile security solutions. -The results show the AV Comparatives Enterprise Real-World Protection Test +The results show the AV Comparatives Enterprise Real-World Protection Test, which evaluates the “real-world” protection capabilities with default settings. The goal is to find out whether the security software protects the computer by either hindering the malware from changing any systems or remediating all changes if any were made. ### **March-June 2018** @@ -59,7 +59,7 @@ Blocked (malware was successfully blocked by AV): **98.7%** ## Factors not represented in the tests -It is important to remember that [Windows Defender ATP](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=cx-blog-mmpc) (which integrates our antivirus capabilities and the whole Windows security stack) provides a much larger set of protection features that are not factored into the tests. These features provide **additional layers of protection** that help prevent malware from getting onto devices in the first place. +It is important to remember that [Windows Defender ATP](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=cx-blog-mmpc) (which integrates our antivirus capabilities and the whole Windows security stack) provides a much larger set of protection features that are not factored into the tests. These features provide [additional layers of protection](https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses/) that help prevent malware from getting onto devices in the first place. To see these capabilities for yourself sign up for a [90-day trial of Windows Defender ATP](https://www.microsoft.com/windowsforbusiness/windows-atp?ocid=cx-blog-mmpc) today, or [enable Preview features on existing tenants](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection).