Video: When it comes to malware, Windows 10 is twice as secure as Windows 7.
Microsoft latest preview of its Windows 10 Redstone 5 shows off two core updates coming to Windows Defender services.
Microsoft has released the Windows 10 Insider Preview Build 17650 (RS5), the version of Windows 10 coming later this year after the Spring release of RS4, which may arrive as early as next week. This build is available to Windows Insiders who've opted for the Skip Ahead option.
It's not a drastic departure from the current design but introduces new spacing and padding around the app and dynamically sizes categories on the main page.
Windows Defender Security Center will have Sets support, the tabbing feature coming with the RS 5 release. With Sets enabled, users have an option to choose their own color for the title bar.
The Windows Defender Firewall also now supports Windows Subsystem for Linux (WSL) processes.
Users can add firewall rules for WSL processes and take advantage of firewall notifications for WSL. The firewall can, for example, be configured to show a prompt when a Linux tool wants to connect to external resources.
Separately, Microsoft is updating Windows Defender System Guard, a feature that shipped with the Windows 10 Fall Creators Update last October. The hardware-based security feature enables runtime attestation to ensure the integrity of a system during boot-up and at runtime.
It should help defend against kernel exploits like those seen in WannaCry and NotPetya. The feature is part of Microsoft's work on Windows 10's 'virtualization-based security'.
Microsoft rolled out the updated Windows Defender System Guard in a preview RS4 build in March, which added memory integrity checks.
Runtime attestation should improve antivirus threat detection, and help spot attempts to tamper with the NT kernel. The Spring Windows 10 release will be the first phase of its runtime attestation rollout.
The company will also be providing a Windows Defender System Guard API that allows other services, such as Windows Defender or third-party antivirus, to interface with it.
"We are working towards providing an API that relying parties can use to attest to the state of the device at a point in time," explained members of the Windows Defender research team.
"The API returns a runtime report that details the claims that Windows Defender System Guard runtime attestation makes about the security posture of the system. These claims include assertions, which are runtime measurements of sensitive system properties."
Previous and related coverage
Just scanning a specially-crafted file could lead to a totally compromised Windows machine.
Microsoft is continuing to polish its coming Windows 10 release with Fast Ring Insider Build 17120 as it heads toward the finish line.Microsoft makes Windows Defender anti-phishing plugin available for Chrome
A new Microsoft plugin for Google Chrome for Windows users adds Windows Defender support.