New Delhi, Sep 20: After a series of cyber attacks — including “WannaCrypt” ransomware that exploited a vulnerability in an outdated Microsoft software that was still in use — jolted the world in recent months, the key today is to keep software updated to thwart hackers, a top Microsoft executive has said.
Two new ransomware families like “WannaCrypt” and “Petya” targeted dated Windows operating systems and created havoc across the world, including at some places in India.
Now, with the official rollout of Windows 10 “Fall Creators” update slated for October, Microsoft wants to stay one step ahead in identifying and preventing security threats.
“If you are running Windows 10 and have the ‘Fall Creators’ update, then you are completely protected from those specific malwares,” Vineet Durani, Director, Windows and Surface Business, Microsoft India, told IANS in an interview.
The “Fall Creators” update would feature “controlled folder access” inside its Windows Defender Security Centre that would enable users to secure data through “protected” folders.
“This is an ever-changing landscape. If anybody comes and says, hey, here is a piece of technology and you are completely protected for life, that is not going to happen. That is the reason we build an update or version twice a year because we want to stay a few steps ahead of whatever is out there,” Durani noted.
Microsoft spends over $1 billion every year on cyber safety and security-related research and development.
The company advises users and organisations to install all available security updates — including the previous patch MS17-010 — and ensure that automatic updates are enabled.
Windows 10 OS includes mitigations that prevent common exploitation techniques by cyber threats.
“As India gets more digital (which is now happening at a faster pace than ever), we now have the advantage of moving fast because we do not have too much of a legacy (digital) as a country,” Durani said.
The company has also introduced security features such as Microsoft “Credential Guard” and Microsoft “Hello”.
“We have this tech called the ‘Credentials Guard’ that basically stores your credentials in the hypervisor layer — that is the layer between hardware and software. It does not come with the Original Equipment Manufacturer (OEM) version. One has to buy it as an additional capability so that larger organisations can use it,” Durani told IANS.
“We have worked with partners like Intel and AMD to enable it. The feature is enabled on modern hardware like 5th-gen Intel processors and onwards,” the Microsoft executive added.
Windows “Hello” lets the user set up a quick biometric login instead of a password. With this feature, the user is promised enterprise-grade security without having to type in a password.
Microsoft devices such as Surface Pro 4, Surface Book and most personal computers (PCs) with fingerprint sensors are already compatible with Windows “Hello” and more devices that can recognise your face and fingerprints will be available in the near future.
According to Microsoft’s “Security Intelligence” report, financial institutions have always been popular phishing targets because of their potential for providing direct illicit access to bank accounts of the victims.
Sites that targeted financial institutions accounted for the second-largest share of both attacks and impressions during the first quarter of 2017 and accounted for the largest share of impressions in February and March this year, the report said.
Microsoft would roll out the “Fall Creators” update for Windows 10 on October 17 which will include Virtual Reality (VR) and Mixed Reality (MR) support.
Announcing the availability at the Internationale Funkausstellung (IFA) industry show in Berlin earlier this month, Terry Myerson, Microsoft’s Executive Vice President for Windows and Devices, said that the free update will also include a new photo app and many tweaks to the overall design and usability of Windows 10.