Windows 10: Microsoft to boost Linux app security with Windows Defender firewall

Microsoft preps new Windows 10 security features to ensure system integrity during start-up and after it's running.
Written by Liam Tung, Contributing Writer

Video: When it comes to malware, Windows 10 is twice as secure as Windows 7.

Microsoft latest preview of its Windows 10 Redstone 5 shows off two core updates coming to Windows Defender services.

Microsoft has released the Windows 10 Insider Preview Build 17650 (RS5), the version of Windows 10 coming later this year after the Spring release of RS4, which may arrive as early as next week. This build is available to Windows Insiders who've opted for the Skip Ahead option.

Along with recent Fluent Design updates to the Windows shell and core apps, Microsoft is applying the scheme to the Windows Defender Security Center app in the new Windows 10.

It's not a drastic departure from the current design but introduces new spacing and padding around the app and dynamically sizes categories on the main page.

See more: IT pro's guide to the Windows 10 Fall Creators Update (free PDF)

Windows Defender Security Center will have Sets support, the tabbing feature coming with the RS 5 release. With Sets enabled, users have an option to choose their own color for the title bar.

The Windows Defender Firewall also now supports Windows Subsystem for Linux (WSL) processes.

Users can add firewall rules for WSL processes and take advantage of firewall notifications for WSL. The firewall can, for example, be configured to show a prompt when a Linux tool wants to connect to external resources.

Separately, Microsoft is updating Windows Defender System Guard, a feature that shipped with the Windows 10 Fall Creators Update last October. The hardware-based security feature enables runtime attestation to ensure the integrity of a system during boot-up and at runtime.

It should help defend against kernel exploits like those seen in WannaCry and NotPetya. The feature is part of Microsoft's work on Windows 10's 'virtualization-based security'.

Microsoft rolled out the updated Windows Defender System Guard in a preview RS4 build in March, which added memory integrity checks.

Runtime attestation should improve antivirus threat detection, and help spot attempts to tamper with the NT kernel. The Spring Windows 10 release will be the first phase of its runtime attestation rollout.

The company will also be providing a Windows Defender System Guard API that allows other services, such as Windows Defender or third-party antivirus, to interface with it.

"We are working towards providing an API that relying parties can use to attest to the state of the device at a point in time," explained members of the Windows Defender research team.

"The API returns a runtime report that details the claims that Windows Defender System Guard runtime attestation makes about the security posture of the system. These claims include assertions, which are runtime measurements of sensitive system properties."


Microsoft is applying Fluent Design elements to the Windows Defender Security Center app in the new Windows 10.

Image: Microsoft

Previous and related coverage

Windows 10 security: Microsoft patches critical flaw in Windows Defender

Just scanning a specially-crafted file could lead to a totally compromised Windows machine.

Windows 10 'Redstone 4' test build adds some Windows Defender security tweaks

Microsoft is continuing to polish its coming Windows 10 release with Fast Ring Insider Build 17120 as it heads toward the finish line.Microsoft makes Windows Defender anti-phishing plugin available for Chrome

A new Microsoft plugin for Google Chrome for Windows users adds Windows Defender support.

Editorial standards