Windows Defender, now known as Microsoft Defender, is one of the best antivirus for Windows 10. This is Microsoft’s antivirus that is included in the operating system to protect us from the zero minute. The latest security tests show that, although it has some small performance problems, Windows Defender is one of the best antivirus that we can install in Windows 10. However, Microsoft is not satisfied with it, but wants to be the best. And with this novelty that has just arrived in security software, you are one step closer to achieving it.
In addition to the Windows Defender that we all have installed on Windows, Microsoft has a more advanced version of its antivirus, designed for users within companies, which brings with it additional functions and features. This advanced version is known as Microsoft Defender ATP , or Advanced Threat Protection. ”
Microsoft’s antivirus is capable of scanning the entire operating system and detecting practically any threat that hides in it without problems. And it does so even before the virus, Trojan or any malware manages to carry out its task. However, there is a type of virus that, by its nature, is not detectable by most antivirus. They are what are known as rootkits.
How rootkits work
These viruses are characterized by hiding inside the BIOS, or UEFI , of computers. Being out of the operating system, antivirus can hardly find them once installed. Generally, these threats reach victims’ computers just like any other, that is, hidden within other programs or through exploits.
Unlike normal viruses, which are installed within the operating system, rootkits do so in the BIOS or UEFI of the computer. In the firmware. Therefore, even if we format the PC, this malware is not removed. Even if we change hard drives, malware is still present . The only way to completely remove it is to completely erase the Flash memory from the motherboard, with the risks that this implies.
Rootkits are usually much simpler threats than viruses and Trojans, as they are much smaller programs. Its purpose is to serve as the basis for other more complex attacks. For example, they can open back doors on the PC , change the boot order of the computer, install dangerous drivers, and even interfere with the boot process to disable security measures and clear the way for other viruses.
Paid antivirus, complete security suites, often have detection modules for these threats. Although they can hardly be removed. However, Microsoft Defender is now able to find these threats and remove them from the PC to strengthen our security.
Microsoft Defender now detects BIOS or UEFI viruses
The new feature of Microsoft Defender ATP now allows Windows Antivirus to scan the BIOS or UEFI of the PC and find any possible threats that may have been hidden in the firmware of the computer. To do this, this new protection module uses different techniques to find this type of undetectable virus:
- Anti-rootkit system for UEFI through the SPI interface.
- Full file system scanner, also analyzing the content inside the firmware chip.
- Behavior- based engine , detecting possible exploits and suspicious behavior.
When Microsoft Defender detects a threat of this type, it will show us a warning just like with any other threat. The difference is that the malware detected in the UEFI will not be automatically removed as it can happen with a virus (for security), but we will have to choose if we want to remove it manually.
Security has been one of the weakest pillars of Windows throughout its history. However, right now it can be one of your strongest points thanks to this antivirus and the large number of security systems and functions that come with Windows 10. Better late than never.