microsoft may use AI to fight cyberattacks in its next major windows update

[JohnnyCorporalTech]

following the recent increase in cyperattacks, Microsoft could very well be working on baking a highly advanced Security AI into the latest itteration of Windows 10. 

Quote

In its Fall Creators Update, Microsoft will use a wide range of data coming from its cloud programs such as Azure, Endpoint and Office to create an artificial intelligence antivirus that can pick up on malware behavior, said Rob Lefferts

The update will be featured in an update to Windows Defender Advanced Threat Protection, utalising the information gathered from the uses system allong with data from the microsoft security cloud. 

Quote

If new malware is detected on any computer running Windows 10 in the world, Microsoft said it will be able to develop a signature for it and protect all the other users worldwide. The first victim will be safe as well because the virus will be set off in a virtual sandbox on the cloud, not on the person's device.

If microsoft is able to nail the accuracy of their security AI, then this could go a long way in protecting, or even preventing major outbreaks of windows based security vulnerabilities. 

I completely agree with Rob Lefferts statement:

Quote

If we're going to stay on top of anything that is changing that fast, you have to automate.

Cyber attaks are becoming a regular occurance and unless we can create something that can proactivly prevent and protect against these incidents, we wil have a major issue on our hand, and i think that microsoft is taking the first step towards that. 

 

 

What do you guys think? is it ok for microsoft to 'review' your PC so that they can protect against future security vulnerabilities?

 

Sources:

https://www.cnet.com/news/microsoft-build-smart-antivirus-using-400-million-computers-artificial-intelligence/

 

https://www.engadget.com/2017/06/28/microsoft-windows-fall-creators-update-security/

[SCHISCHKA]

I can imagine every computer programming teaching lab will set this thing off just by students making mistakes. We actually had someone take down the buildings networking with denial of service because they had an infinite loop in their code, I also think it may have fork bombed the computer, all unintentionally

[SCHISCHKA]

8 minutes ago, JohnnyCorporalTech said:

 

What do you guys think? is it ok for microsoft to 'review' your PC so that they can protect against future security vulnerabilities?

Fuck Microsoft. This is going to get reverse engineered and abused. The way I read it, it's like a kill switch. What happens when I trick it into thinking my competitors software is malware?

[tom_w141]

Windows 11 Skynet

[SCHISCHKA]

1 minute ago, tom_w141 said:

Windows 11 Skynet

Sky net is a saint compared to big software corporations. Has more human emotions too. Did skynet ever lie about its intentions? Did skynet ever try to monopo... wait yea skynet was pretty sucky. Fuck skynet.

[tom_w141]

Just now, SCHISCHKA said:

Sky net is a saint compared to big software corporations. Has more human emotions too. Did skynet ever lie about its intentions? Did skynet ever try to monopo... wait yea skynet was pretty sucky. Fuck skynet.

I was half way into your response thinking "I dunno man Skynet was pretty bad " Then I saw the rest.

[SCHISCHKA]

9 minutes ago, tom_w141 said:

I was half way into your response thinking "I dunno man Skynet was pretty bad " Then I saw the rest.

I think skynet could be accepted as our robot overlord if people understood it better and there wasn't so much apocalyptic mass extinction. Skynet is not a bad guy he's just a little misunderstood. It's not like he kidnapped an orphan boy, committed various acts of property crime, violence against police, and released psychiatric ward convicts

[goodtofufriday]

So what happens to false positives? I run apps that frequently get false positives. Will i still be able to use them? 

[Lurick]

45 minutes ago, tom_w141 said:

Windows 11 Skynet

Skynet and Skynet v2.0 are the names of my SSIDs. Skynet is WPA-2 and Skynet v2.0 is WPA-2 Enterprise, lol

 

[zMeul]

so ... MicroSoft is creating its own BotNet 

[SCHISCHKA]

18 minutes ago, goodtofufriday said:

So what happens to false positives? I run apps that frequently get false positives. Will i still be able to use them? 

You will have to call ms customer services and hold the line for several hours

[LAwLz]

I have a feeling this will lead to some 2001 a space oddysis shit. 

"I'm sorry LAwLz. I'm afraid I can't let you run this program". 

It's especially worrying because Microsoft has made it so that you can't fully disable their antivirus program built into Windows (on top of doing shady things like automatically disabling and uninstalling competing av solutions). 

 

But I am sure the MSDF will defend the potential removal of customer control because "think of the average Joe who doesn't know what he is doing". Kind of like they did when control over updates were removed. 

[Sniperfox47]

1 hour ago, LAwLz said:

I have a feeling this will lead to some 2001 a space oddysis shit. 

"I'm sorry LAwLz. I'm afraid I can't let you run this program". 

It's especially worrying because Microsoft has made it so that you can't fully disable their antivirus program built into Windows (on top of doing shady things like automatically disabling and uninstalling competing av solutions). 

 

But I am sure the MSDF will defend the potential removal of customer control because "think of the average Joe who doesn't know what he is doing". Kind of like they did when control over updates were removed. 

To be fair this is no different from the "Malware Cloud" that Bitdefender uses (which is also based on a neural net), which in turn is just a more advanced form of the cloud heuristics a lot of other AVs are using at this point.

 

And again to be fair, them uninstalling Antivirus products during an update *does* have legitimate reasons. I don't know how long I had to fight with updating my Mother's computer to 1607 because some random ELAM driver for the AV she used didn't want to play nice with the new build and the update kept crashing.

 

Say what you will about their telemetrics, but Neural Net AV heuristics are a good move, provided they let you turn them off.

[ChineseChef]

1 hour ago, Sniperfox47 said:

snip- provided they let you turn them off.

Which MS has repeatedly shown they have little interest in, and want to remove more and more power from the owners, I mean renters, of their OS.

[DXMember]

WHITELISTING !!!!!!!!

[Stefan1024]

So, when the engineers fail to make an OS that's not easely hackable, you use an AI to detect the bad stuff?

How about removing bugs in the first plase? Also basicly all anti virus programs use machine learning algorithms (not neutonal nets, but statistical algorithms). Microsoft just added theier "phone home" stuff and now the marketing tries to sell it to you as a neu innovation.

[captain_to_fire]

5 hours ago, JohnnyCorporalTech said:

If new malware is detected on any computer running Windows 10 in the world, Microsoft said it will be able to develop a signature for it and protect all the other users worldwide. The first victim will be safe as well because the virus will be set off in a virtual sandbox on the cloud, not on the person's device.

I'm pretty sure Bitdefender and other third party AVs already had this similar feature. Also a virtual sandbox in the cloud? How about improving heuristics and implementing sandboxing when scanning locally so that malware can't exploit it and use it as a conduit for malware execution? 

[yian88]

windows getting worse news....

[captain_to_fire]

2 hours ago, DXMember said:

WHITELISTING !!!!!!!!

I'm hoping they won't suddenly release an update turning all PCs running Windows 10 Home & Pro into the oh so secure Windows 10S. 

But this is Microsoft we're talking about here. I can enumerate from the top of my head the stuff they force user's throats. 

[WMGroomAK]

On 6/28/2017 at 4:27 AM, JohnnyCorporalTech said:

Cyber attaks are becoming a regular occurance and unless we can create something that can proactivly prevent and protect against these incidents, we wil have a major issue on our hand, and i think that microsoft is taking the first step towards that.

Not sure if you caught it yet, but Microsoft will also be pushing out a 'new tool' called Controlled Folder Access within Defender that will block and blacklist unauthorized apps from making changes to designated folders.  Supposedly there will be a set of folders that are defaulted to this that you cannot remove, but you can add other folders and apps to the access list.  I think that this tool can probably go either way as far as how intrusive MS is being versus how much additional security Defender will be providing.

 

https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-controlled-folder-access-to-fend-off-crypto-ransomware/