Ransomware has been hot topic recently and Microsoft has been at the heart of it. After several high-profile attacks in recent weeks, the pressure is on software vendors to ensure their products are protected. Microsoft has often talked up the security on Windows 10 and the company will take it further with anti-ransomware features.
With Windows 10 build 16232, Microsoft is previewing the capability to block ransomware. At the moment, the build is available to Windows Insiders.
Ransomware presents software with new problems to tackle. It modifies and changes a system, locking it down and often making it unusable. Microsoft is previewing a Windows 10 feature called Controlled Folder Access, which will be integrated into Windows Defender.
With this ability, the platform will designate specific directories as “protected” with some folders (like Documents) being protected by default. Essentially, this means these folders can only be accessed by apps on a whitelist. Any attempt by malware to infiltrate the folder would be blocked by Windows Defender.
Microsoft hasn't said which apps will be whitelisted at default, but we imagine many of its own for sure.
At least in theory, Windows 10 will be able to stop ransomware from infecting a machine. Of course, whether it is as strong as it sounds in practise remains to be seen. Nevertheless, it is good to see Microsoft continue to be proactive in its attempt to combat cybercrime.
As this is currently running through the Insider program, it will not launch until the Fall Creators Update.
WannaCry and Nyetya
There have been two major attacks recently. Firstly, the WannaCry ransomware attack was close to home for Microsoft. It was spread through a Windows backdoor that had previously been used by the NSA.
WannaCry was so damaging and costly that Microsoft even rolled out a patch for out-of-support build like Windows XP.
The second major attack was this week's Nyetya. Potentially more damaging than WannaCry, the malware crippled institutions around the world. However, while it was original believed to be ransomware, there has been some doubt cast about its intended purpose.