MICROSOFT IS PLANNING make Defender, its Windows-integrated malware package, just a little more credible with the arrival of an option to run it inside a sandbox, making it far less likely to cause bigger problems for your machine.
The new sandboxed version will quarantine the dodgy code inside the sandbox, meaning it can't infect the main operating system more thoroughly.
Sandboxing itself is easy enough. The difficulty comes from making sure that the constant stream of data in and out of the protected environment doesn't cause a significant system degradation.
After all, we all had enough of that with patching Meltdown and Spectre.
It also has do be as secure as it possibly can be because otherwise, it's not really an anti-virus suite, is it?
"Putting Windows Defender Antivirus in a restrictive process execution environment is a direct result of feedback that we received from the security industry and the research community," explains Microsoft in a blog post.
"While it was a tall order, we knew it was the right investment and the next step in our innovation journey."
On the subject of performance, Microsoft seems quietly smug:
"To ensure that performance doesn't degrade, we had to minimize the number of interactions between the sandbox and the privileged process, and at the same time, only perform these interactions in key moments where their cost would not be significant, for example, when IO is being performed."
To begin with, this feature is available in the latest version of the Microsoft Windows Insider Program. At some point, it will reach us lowly plebs, but lest we forget that hurrying through updates has not gone well for us (or Microsoft) in the past.
That said, if you're feeling determined, you can add a registry value of (setx /M MP_FORCE_USE_SANDBOX 1) to trigger it now. At your own risk as ever.
The blog post in question gives a far more detailed look at what the sandbox does, what it doesn't and why we should care anyway. μ
iPhone fans may have opted for a $29 battery over a $1,000 handset
Surface and third-party devices with an unfortunate kink are on the way
Sounds like someone needs some media training
Performance is lacking compared to Google flagships