Microsoft is building a smart antivirus using 400 million PCs by Alfred Ng.
Malware delivery takes a giant leap forward with the MS Fall Creators Update:
…
If new malware is detected on any computer running Windows 10 in the world, Microsoft said it will be able to develop a signature for it and protect all the other users worldwide. The first victim will be safe as well because the virus will be set off in a virtual sandbox on the cloud, not on the person’s device.Microsoft sees artificial intelligence as the next solution for security as attacks get more sophisticated.
“If we’re going to stay on top of anything that is changing that fast, you have to automate,” Lefferts said.
About 96 percent of detected cyberattacks are brand new, he noted.
With Microsoft’s current researchers working at their fastest pace, it can take a few hours to develop protections from the first moment they detect malware.
It’s during those few hours when people are really hit by malware. Using cloud data from Microsoft Office to develop malware signatures is crucial, for example, because recent attacks relied on Word vulnerabilities.
…
Two scenarios immediately come to mind:
- The “malware” detection is “false,” the file/operation/URL is benign but now 400 million computers see it as “malware,” or,
- Due to MTM attacks, false reports are sent to Windows computers on a particular sub-net.
Global security decision making is a great leap, but the question is in what direction?
PS: Did you notice the claim “96 percent of detected cyberattacks are brand news…?” I ask because that’s inconsistent with the documented long lives of cyber exploits, Website Security Statistics Report 2015 (WhiteHat Security).