acrolinx updates

windows/security/threat-protection/intelligence/coinminer-malware.md

@@ -31,7 +31,7 @@ Many infections start with:
 
 Mining is the process of running complex mathematical calculations necessary to maintain the blockchain ledger. This process generates coins but requires significant computing resources.
 
-Coin miners are not inherently malicious. Some individuals and organizations invest in hardware and electric power for legitimate coin mining operations. However, others look for alternative sources of computing power and try to find their way into corporate networks. These coin miners are not wanted in enterprise environments because they eat up precious computing resources.
+Coin miners aren't inherently malicious. Some individuals and organizations invest in hardware and electric power for legitimate coin mining operations. However, others look for alternative sources of computing power and try to find their way into corporate networks. These coin miners aren't wanted in enterprise environments because they eat up precious computing resources.
 
 Cybercriminals see an opportunity to make money by running malware campaigns that distribute, install, and run trojanized miners at the expense of other people’s computing resources.
 
@@ -41,12 +41,12 @@ DDE exploits, which have been known to distribute ransomware, are now delivering
 
 For example, a sample of the malware detected as Trojan:Win32/Coinminer (SHA-256: 7213cbbb1a634d780f9bb861418eb262f58954e6e5dca09ca50c1e1324451293) is installed by Exploit:O97M/DDEDownloader.PA, a Word document that contains the DDE exploit.
 
-The exploit launches a cmdlet that executes a malicious PowerShell script (Trojan:PowerShell/Maponeir.A), which then downloads the trojanized miner: a modified version of the miner XMRig, which mines Monero cryptocurrency.
+The exploit launches a cmdlet that executes a malicious PowerShell script (Trojan:PowerShell/Maponeir.A). It downloads the trojanized miner, a modified version of the miner XMRig, which then mines Monero cryptocurrency.
 
 ## How to protect against coin miners
 
-**Enable PUA detection**: Some coin mining tools are not considered malware but are detected as potentially unwanted applications (PUA). Many applications detected as PUA can negatively impact machine performance and employee productivity. In enterprise environments, you can stop adware, torrent downloaders, and coin mining by enabling PUA detection.
+**Enable potentially unwanted applications (PUA) detection**. Some coin mining tools aren't considered malware but are detected as PUA. Many applications detected as PUA can negatively impact machine performance and employee productivity. In enterprise environments, you can stop adware, torrent downloaders, and coin mining by enabling PUA detection.
 
-Since coin miners is becoming a popular payload in many different kinds of attacks, see general tips on how to [prevent malware infection](prevent-malware-infection.md).
+Since coin miners are becoming a popular payload in many different kinds of attacks, see general tips on how to [prevent malware infection](prevent-malware-infection.md).
 
 For more information on coin miners, see the blog post [Invisible resource thieves: The increasing threat of cryptocurrency miners](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/13/invisible-resource-thieves-the-increasing-threat-of-cryptocurrency-miners/).

windows/security/threat-protection/intelligence/coordinated-malware-eradication.md

@@ -20,20 +20,20 @@ ms.topic: article
 
 Coordinated Malware Eradication (CME) aims to bring organizations in cybersecurity and in other industries together to change the game against malware. While the cybersecurity industry today is effective at disrupting malware families through individual efforts, those disruptions rarely lead to eradication since malware authors quickly adapt their tactics to survive.
 
-CME calls for organizations to pool their tools, information and actions to drive coordinated campaigns against malware. The ultimate goal is to drive efficient and long lasting results for better protection of our collective communities, customers, and businesses.
+CME calls for organizations to pool their tools, information, and actions to drive coordinated campaigns against malware. The goal is to drive efficient and long-lasting results to better protect our communities, customers, and businesses.
 
 ## Combining our tools, information, and actions
 
-Diversity of participation across industries and disciplines, extending beyond cybersecurity, makes eradication campaigns even stronger across the malware lifecycle. For instance, while security vendors, computer emergency response/readiness teams (CERTs), and Internet service providers (ISPs) can contribute with malware telemetry, online businesses can identify fraudulent behavior and law enforcement agencies can drive legal action.
+Diversity of participation across industries and disciplines, extending beyond cybersecurity, makes eradication campaigns even stronger across the malware lifecycle. Security vendors, computer emergency response/readiness teams (CERTs), and Internet service providers (ISPs) can contribute with malware telemetry. Online businesses can identify fraudulent behavior and law enforcement agencies can drive legal action.
 
-In addition to telemetry and analysis data, Microsoft is planning to contribute cloud-based scalable storage and computing horsepower with the necessary big data analysis tools built-in to these campaigns.
+Microsoft is planning to contribute telemetry and analysis data to these campaigns. It will also provide cloud-based scalable storage and computing horsepower with the necessary big data analysis tools built-in.
 
 ## Coordinated campaigns for lasting results
 
-Organizations participating in the CME effort work together to help eradicate selected malware families by contributing their own telemetry data, expertise, tools, and other resources. These organizations operate under a campaign umbrella with clearly defined end goals and metrics. Any organization or member can initiate a campaign and invite others to join it. The members then have the option to accept or decline the invitations they receive.
+Organizations participating in the CME effort work together to help eradicate selected malware families by contributing their own telemetry data, expertise, tools, and other resources. These organizations operate under a campaign umbrella with clearly defined end goals and metrics. Any organization or member can start a campaign and invite others to join it. The members can then accept or decline the invitations they receive.
 
 ## Join the effort
 
-Any organization that is involved in cybersecurity and antimalware or interested in fighting cybercrime can participate in CME campaigns by enrolling in the [Virus Information Alliance (VIA) program](virus-information-alliance-criteria.md). It ensures that everyone agrees to use the information and tools available for campaigns for their intended purpose (that is, the eradication of malware).
+Any organization that is involved in cybersecurity and antimalware or interested in fighting cybercrime can participate in CME campaigns by enrolling in the [Virus Information Alliance (VIA) program](virus-information-alliance-criteria.md). Everyone agrees to use the available information and tools for their intended purpose (that is, the eradication of malware).
 
-If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/wdsi/alliances/apply-alliance-membership). If you have questions, [contact us for more information](https://www.microsoft.com/wdsi/alliances/collaboration-inquiry).
+If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/wdsi/alliances/apply-alliance-membership). For any questions, [contact us for more information](https://www.microsoft.com/wdsi/alliances/collaboration-inquiry).

windows/security/threat-protection/intelligence/criteria.md

@@ -1,7 +1,7 @@
 ---
 title: How Microsoft identifies malware and potentially unwanted applications
 ms.reviewer: 
-description: Learn how Microsoft reviews software for privacy violations and other negative behavior, to determine if it is malware or a potentially unwanted application.
+description: Learn how Microsoft reviews software for privacy violations and other negative behavior, to determine if it's malware or a potentially unwanted application.
 keywords: security, malware, virus research threats, research malware, device protection, computer infection, virus infection, descriptions, remediation, latest threats, MMdevice, Microsoft Malware Protection Center, PUA, potentially unwanted applications
 ms.prod: w10
 ms.mktglfcycl: secure
@@ -18,7 +18,7 @@ search.appverid: met150
 
 # How Microsoft identifies malware and potentially unwanted applications
 
-Microsoft aims to provide a delightful and productive Windows experience by working to ensure you are safe and in control of your devices. Microsoft helps protect you from potential threats by identifying and analyzing software and online content. When you download, install, and run software, we check the reputation of downloaded programs and ensure you are protected against known threats and warned about software that is unknown to us.  
+Microsoft aims to provide a delightful and productive Windows experience by working to ensure you're safe and in control of your devices. Microsoft helps protect you from potential threats by identifying and analyzing software and online content. When you download, install, and run software, we check the reputation of downloaded programs and ensure you're protected against known threats. You are also warned about software that is unknown to us.  
 
 You can assist Microsoft by [submitting unknown or suspicious software for analysis](https://www.microsoft.com/wdsi/filesubmission/). This will help ensure that unknown or suspicious software is scanned by our system to start establishing reputation. [Learn more about submitting files for analysis](submission-guide.md)
 
@@ -29,9 +29,9 @@ The next sections provide an overview of the classifications we use for applicat
 
 ## Unknown – Unrecognized software  
 
-No antivirus or protection technology is perfect. It takes time to identify and block malicious sites and applications, or trust newly released programs and certificates.  With almost 2 billion websites on the internet and software continuously being updated and released, it's impossible to have information about every single site and program.
+No antivirus or protection technology is perfect. It takes time to identify and block malicious sites and applications, or trust newly released programs and certificates.  With almost 2 billion websites on the internet and software continuously updated and released, it's impossible to have information about every single site and program.
 
-You can think of Unknown/Uncommonly downloaded warnings as an early warning system for potentially undetected malware, as there is generally a delay from the time new malware is released until it is identified. Not all uncommon programs are malicious, but the risk in the unknown category is significantly higher for the typical user. Warnings for unknown software are not blocks, and users can choose to download and run the application normally if they wish to.
+Think of Unknown/Uncommonly downloaded warnings as an early warning system for potentially undetected malware. There's generally a delay from the time new malware is released until it's identified. Not all uncommon programs are malicious, but the risk in the unknown category is much higher for the typical user. Warnings for unknown software aren't blocks. Users can choose to download and run the application normally if they wish to.
 
 Once enough data is gathered, Microsoft's security solutions can make a determination. Either no threats are found, or an application or software is categorized as malware or potentially unwanted software.
 
@@ -61,11 +61,11 @@ Microsoft classifies most malicious software into one of the following categorie
 
 * **Password stealer:** A type of malware that gathers your personal information, such as usernames and passwords. It often works along with a keylogger, which collects and sends information about the keys you press and websites you visit.
 
-* **Ransomware:** A type of malware that encrypts your files or makes other modifications that can prevent you from using your device. It then displays a ransom note which states you must pay money, complete surveys, or perform other actions before you can use your device again. [See more information about ransomware](ransomware-malware.md).
+* **Ransomware:** A type of malware that encrypts your files or makes other modifications that can prevent you from using your device. It then displays a ransom note that states you must pay money or perform other actions before you can use your device again. [See more information about ransomware](ransomware-malware.md).
 
 * **Rogue security software:** Malware that pretends to be security software but doesn't provide any protection. This type of malware usually displays alerts about nonexistent threats on your device. It also tries to convince you to pay for its services.
 
-* **Trojan:** A type of malware that attempts to appear harmless. Unlike a virus or a worm, a trojan doesn't spread by itself. Instead, it tries to look legitimate and tricks users into downloading and installing it. Once installed, trojans perform various malicious activities such as stealing personal information, downloading other malware, or giving attackers access to your device.
+* **Trojan:** A type of malware that attempts to appear harmless. Unlike a virus or a worm, a trojan doesn't spread by itself. Instead, it tries to look legitimate to tricks users into downloading and installing it. Once installed, trojans perform various malicious activities such as stealing personal information, downloading other malware, or giving attackers access to your device.
 
 * **Trojan clicker:** A type of trojan that automatically clicks buttons or similar controls on websites or applications. Attackers can use this trojan to click on online advertisements. These clicks can skew online polls or other tracking systems and can even install applications on your device.
 
@@ -73,17 +73,17 @@ Microsoft classifies most malicious software into one of the following categorie
 
 ### Unwanted software
 
-Microsoft believes that you should have control over your Windows experience. Software running on Windows should keep you in control of your device through informed choices and accessible controls. Microsoft identifies software behaviors that ensure you stay in control. We classify software that does not fully demonstrate these behaviors as "unwanted software".
+Microsoft believes that you should have control over your Windows experience. Software running on Windows should keep you in control of your device through informed choices and accessible controls. Microsoft identifies software behaviors that ensure you stay in control. We classify software that doesn't fully demonstrate these behaviors as "unwanted software".
 
 #### Lack of choice
 
-You must be notified about what is happening on your device, including what software does and whether it is active.
+You must be notified about what is happening on your device, including what software does and whether it's active.
 
 Software that exhibits lack of choice might:
 
 * Fail to provide prominent notice about the behavior of the software and its purpose and intent.
 
-* Fail to clearly indicate when the software is active and might also attempt to hide or disguise its presence.
+* Fail to clearly indicate when the software is active. It might also attempt to hide or disguise its presence.
 
 * Install, reinstall, or remove software without your permission, interaction, or consent.
 
@@ -93,7 +93,7 @@ Software that exhibits lack of choice might:
 
 * Falsely claim to be software from Microsoft.
 
-Software must not mislead or coerce you into making decisions about your device. This is considered behavior that limits your choices. In addition to the previous list, software that exhibits lack of choice might:
+Software must not mislead or coerce you into making decisions about your device. It is considered behavior that limits your choices. In addition to the previous list, software that exhibits lack of choice might:
 
 * Display exaggerated claims about your device's health.
 
@@ -103,7 +103,7 @@ Software must not mislead or coerce you into making decisions about your device.
 
 Software that stores or transmits your activities or data must:
 
-* Give you notice and get consent to do so. Software should not include an option that configures it to hide activities associated with storing or transmitting your data.
+* Give you notice and get consent to do so. Software shouldn't include an option that configures it to hide activities associated with storing or transmitting your data.
 
 #### Lack of control
 
@@ -119,7 +119,7 @@ Software that exhibits lack of control might:
 
 * Modify or manipulate webpage content without your consent.
 
-Software that changes your browsing experience must only use the browser's supported extensibility model for installation, execution, disabling, or removal. Browsers that do not provide supported extensibility models are considered non-extensible and should not be modified.
+Software that changes your browsing experience must only use the browser's supported extensibility model for installation, execution, disabling, or removal. Browsers that don't provide supported extensibility models are considered non-extensible and shouldn't be modified.
 
 #### Installation and removal