Zero day vulnerability is a weakness in software that hasn't yet been discovered by software manufacturers or cybersecurity professionals, but has been discovered by hackers. Therefore, there would be a part of the system that would remain unprotected until a successful exploitation of it becomes known. Only then a patch would be made by the software manufacturers and any new types of malware would be added to antivirus databases. Due to their nature, zero day vulnerabilities are notoriously difficult to defend against. However, Microsoft is making an attempt to do so by Windows 10 Anniversary Update.
Instead of relying on known malware patterns, like antivirus software packages do, Windows update allows the system to monitor any new software for suspicious patterns of behaviour. "Sandboxing" technique is applied to processes that a third-party software runs. The processes are isolated in such a way that they cannot affect any significant parts of the system. If any of these processes show signs of malicious behaviour within the "sandbox", it would not be allowed to openly run within the OS.
However, the bad news for consumer that the security update with the full set of features will only be available to those who have bought the most expensive version of the OS, Windows Enterprise E5. This is different from how Microsoft handled its security patches in the past, as it launched its Trustworthy Computing initiative in 2002, where the company promised to provide equal level of protection to all of its users. However, some features of the security updates will be made available to all Windows 10 users.
Microsoft representatives stressed that the new update is a supplement to an antivirus rather than its replacement, so the users would still need to have an up-to-date antivirus package and a firewall. Likewise, the security feature is not a replacement for good security practices. For example, all software packages and plugins need to be kept up to date to ensure that any vulnerabilities within them have been patched.
For more information, follow this link:
Published by Mobile Tech Tracker
Posted on 4 Feb 2017