Windows 10 preview toughens up security with stronger vetting of antivirus apps

Ethernet malware

Microsoft has unleashed another Windows 10 preview build, with only relatively minor changes, but nonetheless there’s an interesting move on the security front.

Build 17672 (for Redstone 5, the update due later this year) has been made available to those testers in the ‘skip ahead’ program and fast ring, and it contains a major change when it comes to how Windows 10 deals with third-party antivirus software (from the likes of Bitdefender or Kaspersky, to cite a couple of big-name examples).

Going forward, the Windows Security Center will require any antivirus app to run as a protected process for it to be shown in the UI of the Center. Furthermore, as well as not being displayed in the Center, these apps will also have Windows Defender Antivirus enabled alongside them.

In other words, Microsoft wants there to be a double layer of security in the case of an antivirus app which doesn’t run as a protected process.

As Digital Trends observed, protected processes were something Microsoft first introduced with Windows 8.1. Antivirus software is often targeted by attackers, in order to disable or work around it, so they can subsequently get malware on a PC – and the idea of a protected service is to defend apps against that danger.

If an antivirus app is running as a protected process, only code signed by Microsoft or the security firm that made the software can be allowed to load into that process, meaning that efforts to leverage malicious code against the software should be defeated.

Microsoft explained when it first launched this concept: “Windows uses code integrity to only allow trusted code to load into the protected service. Windows also protects these processes from code injection and other attacks from admin processes.”

The upshot, in simple terms, is that you’re more secure from clever attacks trying to subvert an antivirus app, and you can’t argue with that.

Defensive measures

It’s also interesting to see that Windows Defender is going to be automatically switched on to run side-by-side with any antivirus software which doesn’t run as a protected process.

You may recall that last year, there was a pretty major spat between antivirus vendor Kaspersky and Microsoft over the way that Windows 10 handled third-party security software.

The feud was resolved in the end, but the central accusation Kaspersky made was that Microsoft was deactivating ‘incompatible’ antivirus products during major Windows 10 upgrades, and switching on Windows Defender instead.

So this is a somewhat sensitive area, historically, although Microsoft isn’t switching off any third-party antivirus here, just running Windows Defender alongside it. And doubtless the software giant will argue that’s for the user’s own good, in the case that the antivirus app in question doesn’t run as a protected process.

It’s also worth noting that if you want to turn off this feature, you can do so by editing the Registry; check out the instructions in Microsoft’s blog post. The ability to do that, however, will be removed when this arrives in the release version of Windows 10.

The other changes in this new preview build are just minor tweaks and bug fixes, which are all listed in the aforementioned blog post.

On a final note, if you think Windows Defender isn't great compared to other antivirus software, then you might want to think again. Okay, so it might not be a champion of the security world, but our review of the latest version shows that it’s actually got a fair bit going for it.

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).