Microsoft对所有Windows用户的最大目标之一是安全性,了解Microsoft如何识别恶意软件(Malware)和可能不需要的应用程序(Potentially Unwanted Applications)会很有趣。我们最近谈到了Edge 中可能不需要的应用程序阻塞,(Potentially Unwanted Application blocking in Edge,)这是确保Windows体验保持安全的方法之一。
Microsoft使用多管齐下的方法来帮助其客户管理风险。
这种方法包括三个关键要素:
- 高质量的安全更新——使用世界一流的工程实践来生成高质量的安全更新,可以放心地部署到 PC 生态系统中超过十亿个不同的系统中,并帮助客户最大限度地减少对其业务的干扰;
- 基于社区(Community)的防御 –在调查Microsoft软件中的潜在漏洞时, Microsoft与许多其他方合作。微软(Microsoft)希望通过行业的协作力量以及合作伙伴、公共组织、客户和安全研究人员来减少对漏洞的利用。这种方法有助于最大限度地减少对Microsoft客户业务的潜在干扰;
- 全面(Comprehensive)的安全响应流程——采用全面的安全响应流程,帮助Microsoft有效管理安全事件,同时提供客户所需的可预测性和透明度,以最大限度地减少对其业务的干扰。
在大型软件项目的开发过程中,要完全防止漏洞的引入是不可能的。只要是人类编写软件代码,没有任何软件是完美的,并且会出现导致软件不完善的错误。一些缺陷(“错误”)只会阻止软件完全按预期运行,但其他错误可能会带来漏洞。并非所有漏洞都是平等的;某些漏洞将无法被利用,因为特定的缓解措施会阻止攻击者使用它们。尽管如此(Nevertheless),给定软件中存在的一定百分比的漏洞可能会被利用。
Microsoft如何识别恶意软件(Malware)和PUP(PUPs)
Microsoft使用的四个主要分类依据或标准是:
- 恶意软件或恶意软件
- 不需要的软件
- 消费者反馈
- 可能不需要的应用程序(Applications)( PUA ) 或可能不需要的程序(Programs)( PUP )。
有些软件不一定有害,但确实会破坏Windows体验。他们通过在用户不知情的情况下安装应用程序或未经同意提供广告来做到这一点。
1]恶意软件
这些是危害用户安全的应用程序和软件。他们可以窃取您的个人信息、信用卡信息,甚至锁定您的文件。最后一个称为勒索软件(Ransomware),这是我们近年来看到的最严重的恶意软件形式之一。这也是Windows 安全(Windows Security)引入Controller Folder Access和 OneDrive Personal Vault的原因之一。
以下是Microsoft(Microsoft)将软件识别为恶意软件的方法或过程列表:
- 后门
- 下载器
- 滴管
- 开发
- 黑客工具
- 宏病毒
- 混淆器
- 密码窃取者
- 勒索软件
- 流氓安全软件
- 木马
- 木马点击器
- 虫。
相关: (Related: ) 病毒、木马、蠕虫、广告软件、间谍软件、Rootkit、恶意软件、后门等之间的区别
2]不需要的软件
这些软件会破坏您的 Windows 体验。根据微软(Microsoft)的说法,软件应该让用户保持控制,而不是相反。根据行为,Microsoft可以识别并警告用户属于这些类别的任何不需要的应用程序。
缺乏选择(Lack of choice)
没有明确意图、在后台传输数据、安装或删除软件、对用户隐藏的软件属于此类。如果不需要的软件触发有关设备健康的错误警报或要求付款以修复它,Microsoft还会对它进行分类。(Microsoft)有大量软件声称可以加快您的计算机速度。他们通过创建虚假声明来做到这一点,然后让您购买专业版来修复它。
缺乏控制(Lack of control)
任何接管浏览器体验、更改搜索设置、未经同意重定向网络流量或未经用户同意修改内容的软件。我们已经看到很多用于在安装过程中更改默认搜索引擎或安装工具栏的软件。可能是最烦人的问题之一。
安装卸载体验差(Poor Installation and Uninstallation Experience)
即使您手动卸载某些应用程序,它们也不会完全卸载。他们留下了不断对系统做恶作剧的程序。当您尝试卸载它时,他们中的一些人会尽力避免通过隐藏Add/Remove
广告和广告(Advertising and advertisements)
虽然可以做广告,但应该征得用户同意。一些应用程序宣传他们的内部软件或第三方软件来赚钱。最糟糕的是,它们让您通过下载文件或打开网页来点击此类广告。它们甚至会挡住整个视图,而且您可能永远找不到此类广告的关闭按钮。
3]消费者反馈
如果您看到或体验过此类软件,您可以随时提交软件进行分析(submit a software for analysis)。 Microsoft还结合使用Windows 安全(Windows Security)性,使消费者可以轻松报告此类应用程序。如果很多用户多次报告某个软件,就会引发危险信号。
一个经典的例子是CCleaner。曾几何时,它是所有Windows用户必备的应用程序。后来许多用户报告说该实用程序无法再推荐。 Microsoft Answers将 CCleaner 链接列入黑名单。
4 ] 潜在(] Potentially)有害应用程序 ( PUA )
可能不需要的应用程序(Potentially Unwanted Applications)不是恶意软件,但Microsoft会阻止下载属于上述类别及更多类别的任何应用程序或软件。PUA(PUAs)是那些表现出以下行为或属于以下类别的应用程序:
- 广告
- 激流(Torrent)
- 加密采矿(Cryptomining)
- 捆绑(Bundling)
- 营销
- 逃避
- 行业口碑不佳。
我希望这篇文章能帮助您了解Microsoft或任何安全公司如何识别恶意软件和可能不需要的应用程序。
How does Microsoft identify Malware & Potentially Unwanted Applications
One of the biggest goals of Microsoft fоr all Windows users is security, and it would be interesting to know how Microsoft identifies Malware and Potentially Unwanted Applications. We recently talked about Potentially Unwanted Application blocking in Edge, and it is one of the ways to make sure Windows experience remains safe.
Microsoft uses a multipronged approach to help its customers manage their risks.
This approach includes three key elements:
- High quality security updates – using world class engineering practices to produce high quality security updates that can be confidently deployed to over a billion diverse systems in the PC eco-system and help customers minimize disruptions to their businesses;
- Community based defense – Microsoft partners with many other parties when investigating potential vulnerabilities in Microsoft software. Microsoft looks to mitigate exploitation of vulnerabilities through the collaborative strength of the industry and through partners, public organizations, customers, and security researchers. This approach helps to minimize potential disruptions to Microsoft’s customers’ businesses;
- Comprehensive security response process – employing a comprehensive security response process that helps Microsoft effectively manage security incidents while providing the predictability and transparency that customers need in order to minimize disruptions to their businesses.
It is impossible to completely prevent vulnerabilities from being introduced during the development of large-scale software projects. As long as human beings write software code, no software is perfect and mistakes that lead to imperfections in software will be made. Some imperfections (“bugs”) simply prevent the software from functioning exactly as intended, but other bugs may present vulnerabilities. Not all vulnerabilities are equal; some vulnerabilities won’t be exploitable because specific mitigations prevent attackers from using them. Nevertheless, some percentage of the vulnerabilities that exist in a given piece of software poses the potential to be exploitable.
How does Microsoft identify Malware & PUPs
The four major basis or criteria for classifications by Microsoft uses are:
- Malicious Software or Malware
- Unwanted software
- Consumer Feedback
- Potentially Unwanted Applications (PUA) or Potentially Unwanted Programs (PUP).
Some of the software is not necessarily harmful, but it does spoil Windows experience. They do it by either installing applications without user knowledge or serve advertisements without consent.
1] Malicious software
These are applications and software which compromise user security. They can steal your personal information, credit card information, and even lock down your files. The last one is called Ransomware, which is one of the worst forms of malware we have seen in recent years. It is one of the reasons why Windows Security introduced Controller Folder Access and OneDrive Personal Vault.
Here is the list of methods or process Microsoft classifies to identify the software as a Malware:
- Backdoor
- Downloader
- Dropper
- Exploit
- Hacktool
- Macro virus
- Obfuscator
- Password stealer
- Ransomware
- Rogue security software
- Trojan
- Trojan clicker
- Worm.
Related: Difference between Virus, Trojan, Worm, Adware, Spyware, Rootkit, Malware, Backdoor, etc
2] Unwanted software
These are the software that disrupts your Windows experience. According to Microsoft, software should keep the user in control, and not the other way round. Depending on the behavior, Microsoft can identify and then warn the user about any Unwanted Applications that fall into these categories.
- Lack of choice
- Lack of control
- Installation and removal
- Advertising and advertisements.
Lack of choice
A software without clear intent, transfer data in the background, installs or removes software, hides from users fall into this category. Microsoft also classifies unwanted software if it triggers false alarms about your device’s health or asks for payment to fix it. There are tons of software that claim to speed up your computer. They do it by creating false claims and then offer you to buy the pro version to fix it.
Lack of control
Any software which takes over browser experience, change search settings, redirect web traffic without consent, or modify the content without user consent. We have seen a lot of software which used to change the default search engine or install toolbars during installation. Probably one of the most annoying problems.
Poor Installation and Uninstallation Experience
Some apps do not entirely uninstall even when you manually uninstall them. They leave behind programs that keep doing something rouge to the system. Some of them try their best not to get uninstalled by either hiding from Add/Remove programs or misleading prompts or pop-ups when you try to uninstall it.
Advertising and advertisements
While it is ok to advertise, but it should take user consent. Some apps advertise their inhouse software or third party software to make money. The worst part is that they make you click such an advertisement either by downloading files or opening a webpage. They even block the entire view, and the chances are that you will never find a close button for such advertisements.
3] Consumer Feedback
If you see or experience such software, you can always submit a software for analysis. Microsoft also uses Windows Security in conjunction with this making it easy for consumers to report about such applications. If a lot of users report a software a lot of times, it raises a red flag.
A classic example is CCleaner. At one point in time, it was a must-have application for all Windows users. Later many users reported that the utility could not be recommended anymore. Microsoft Answers blacklisted CCleaner links.
4] Potentially unwanted application (PUA)
Potentially Unwanted Applications are not malware, but Microsoft blocks download of any application or software that falls into the above categories and more. PUAs are those applications which show the following behaviors or fall into these categories:
I hope the post helped you to understand what it takes for Microsoft or probably any security company to identify malware and potentially unwanted applications.