Windows 10 will allow apps to actively scan their content for malware

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Windows 10 will have a new mechanism that will allow software developers to integrate their applications with whatever antimalware programs exist on users' computers.

The goal of the new AMSI (Antimalware Scan Interface) is to let applications send content to the locally installed antivirus product to be checked for malware.

According to Microsoft, this can have important benefits when dealing with script content in particular, because malicious scripts are commonly obfuscated to bypass antivirus detection. Scripts also typically get executed in the memory of the applications that are designed to interpret them, so they don't create files on disk for antivirus programs to scan.

"While the malicious script might go through several passes of deobfuscation, it ultimately needs to supply the scripting engine with plain, unobfuscated code," Lee Holmes, principal software engineer at Microsoft, said in a blog post. "When it gets to this point, the application can now call the new Windows AMSI APIs to request a scan of this unprotected content."

Scripting is not the only type of content that can be scanned with this new feature. Communication apps could scan instant messages for viruses before displaying them to users and games could scan plugins before installing them, Holmes said.

The Windows developer reference for AMSI says that the mechanism allows for "file and memory or stream scanning, content source URL/IP reputation checks, and other techniques." So, it potentially supports many types of content in many use cases.

Read more: http://www.infoworld.com/article/29...-actively-scan-their-content-for-malware.html
 

Martin_C

Level 1
Verified
Mar 10, 2015
36
Will software developers actually allow this, sounds important, yet is only optional?

@Huracan : Any developer that develops anything that processes code, should implement this.

It's not a question of IF developers should use this.

They will be shooting themselves in the foot if they don't, since these new API's will finally allow any program to have the unobfuscated code scanned prior to running, installing or accessing.

As your preferred security solutions implements support for it in their Windows 10 editions and as your everyday applications starts using it, you will have a never seen before level of security.
It will no longer be up to the security vendors to try and make extensions, filters and so on for a select group of supported apps AND trying to keep these updated.

This will be a great relief to security vendors not having to spend development man hours on and much better for compatibility with new builds of every app.

With these new API's pretty much anything can have anything checked by your AV solution of choice.

In my opinion it will be a selling point to use apps that support this, since that's what we all want - to have unknown code validated before run.
 

comfortablynumb15

Level 7
Verified
May 11, 2015
326
Who knows with this kind of thing. It sounds good on paper, but the proof lies in the implementation. You also have to immediately start thinking like a hacker and wonder "Now how do I avoid or use this for my advantage?". I don't put a lot of faith in Microsoft when it comes to getting security right. We'll see.
 

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,712
"The goal of the new AMSI (Antimalware Scan Interface) is to let applications send content to the locally installed antivirus product to be checked for malware."

Nice to see they're implementing this technology to any antivirus and not just their own Windows Defender.
 
  • Like
Reactions: Ink

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Quality control is a must so there's nothing to worry about for developers unless decline for some reason which will be questionnable.
 
  • Like
Reactions: frogboy

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top