Microsoft is arguably the most influential technology company in history. Nearly 30 years after its first release, Windows is still the world’s most popular operating system. As of 2018, it’s installed on 88.4 percent of computers worldwide.
But with great power comes great responsibility, and many have found Microsoft’s approach to security lacking. Maybe you’re in that group.
From Windows 10 privacy concerns to critical zero-day exploits, there has been a lot of cause for concern. But despite these woeful examples, there may still be reasons to be cheerful!
1. Windows Defender
For almost two decades, Windows security has been something a joke. Around the turn of the millennium, the internet exploded into our lives, connecting computers worldwide for the first time. The phenomenal growth of the internet gave rise to a torrent of pop-ups and malware ridden downloads—issues we still struggle with today.
But with no built-in antivirus protection, Windows devices were prime targets for hackers and criminals around the world. Microsoft began righting the ship in 2009, with the release of their free antivirus software Microsoft Security Essentials (MSE).
Although it ran on Windows 7, Vista, and XP, MSE was derided for its poor virus detection and prevention. Windows 8 and 10 shipped with a re-engineered version of MSE known as Windows Defender which was turned on by default.
In December 2017, it was awarded 6/6 for protection by AV-TEST. As it requires no setup or user intervention, it is one of the most significant improvements in digital security. Microsoft estimates that Defender now protects more than 300 million devices worldwide.
2. Windows Hello
According to the website Have I Been Pwned, in the first six months of 2018 more than 100 million accounts were breached. With such high numbers, there’s a pretty good chance that one of your accounts found itself entangled in these breaches too.
These aren’t isolated events either. Data breaches are happening so frequently that it can be hard to keep up. The necessary time spent changing passwords, setting up password managers, and monitoring your accounts for suspicious activity makes them a nightmare to deal with.
Windows Hello is a biometric authentication system that comes bundled with Windows 10. Hello signals the first step in Microsoft’s four-step strategy to a password-less future. With Hello enabled, you can log in to your Windows devices with just your face or fingerprint.
Hello has integrations with some of your most popular apps like Dropbox and OneDrive. Microsoft also has plans to work with more service providers to integrate Hello. They estimate that 43 million Windows users are already using Hello, predominantly in the workplace, to improve their security.
3. Machine Learning and Social Engineering
Social engineering—the practice of manipulating victims into sharing confidential or sensitive information—doesn’t always happen in person.
You’ve probably seen emails purportedly from your bank, but sent from a non-official email address. It may try to trick you into trusting the email by using your bank’s logos, headers, font, and even your personal information. The emails use emotive language, often preying on fear, urgency, and empathy.
The aim of these emails is for you to download a malicious attachment, or to enter login credentials the attacker can steal.
With over 50 percent of Windows 10 devices using Defender as their default anti-virus, Microsoft has a unique position to influence how attacks spread. Their solution was to capitalize on the rise of machine learning and integrate it into Windows Defender. You may be wondering how that would prevent social engineering attacks.
Microsoft trained their models using historical examples of malicious files used in malware and phishing campaigns. Antivirus software traditionally relies upon regularly updated definitions to compare files against. Defender can now analyze and identify potential malware before its first infection.
4. Digital Crimes Unit
Cybercrime is a problem globally, not just for Microsoft. But that doesn’t mean that the Redmond giant is willing to sit on its considerable experience and resources while criminals profit at our expense.
Microsoft’s Digital Crimes Unit (DCU) is “an international team of attorneys, investigators, data scientists, engineers, analysts and business professionals based in 30 countries.”
The team regularly works with law enforcement around the world to combat cybercrime, with a focus on three main areas: malware, phishing, and images of child abuse. One of the most common phishing attacks is tech support scams. Microsoft estimates these scams cost victims more than $1.1 billion annually in the US alone.
Since 2014, the DCU has received more than 180,000 reports of support scams, which has allowed them to leverage Artificial Intelligence to locate the source of the attack. Operating in conjunction with Europol and the FBI, in 2013 the DCU disrupted the ZeroAccess botnet which was responsible for hijacking results across all major search engines.
To combat the approximately 720,000 images of child abuse uploaded each day, Microsoft developed PhotoDNA. The system creates a hash of known images to enable companies using PhotoDNA to compare images against. More than 100 organizations now use PhotoDNA including Facebook, Twitter, and law enforcement.
5. Microsoft Edge Security
At this point, it’s safe to say that Internet Explorer lost the browser wars. Microsoft’s infamous default browser has just 3.12 percent market share against Chrome’s 58.94 percent. In part, this is because Internet Explorer (IE) became synonymous with malware, popups, and spam-riddled toolbars.
Microsoft didn’t help themselves either as they took longer to patch critical flaws than their competitors. Although they did eventually start taking these issues seriously around the release of Windows 7, Chrome, Firefox, and Safari had all eaten away at IE’s market share.
Windows 10 marked a new era for Microsoft, so it seemed fitting that their latest operating system would ship with a brand new default browser. Microsoft Edge shares a similar logo to IE, but that’s where the similarities end.
All legacy code was scrapped, and the browser was developed with EdgeHTML for modern web standards and interoperability. IE’s toolbars are gone too, replaced by Extensions which can be installed through the Windows Store.
Are You Willing to Give Microsoft Another Chance?
Windows 10 hasn’t done Microsoft’s reputation any favors. The default privacy settings and invasive digital assistant Cortana have only cemented the belief that Microsoft can’t be trusted. Some might even argue that the flaws in Microsoft’s software caused the proliferation of malware and viruses.
Whether the blame rests on their engineering or the high availability of Windows machines, Microsoft hasn’t been idle in addressing the problem.
Windows Defender may be the only antivirus software you’ll ever need. Their efforts in tackling criminal enterprises, and use of machine learning against social engineering are making us safer online. With their focus on password-less authentication systems, Microsoft clearly wants to make our future more secure too.