Antivirus is dead, but Windows Defender is not, says Microsoft

Antivirus kingpin Norton long ago pronounced antivirus dead, but just as Microsoft patched a flaw in its own ‘antivirus’ product found by Google, it joined the chorus.

Antivirus is still considered a necessary evil for many Windows users and some Mac users. While antivirus or anti-malware product can offer protection, they’re often blamed for tripping up a host computer, missing new malware, or, as Microsoft revealed on Monday, opening a door for hackers to take control of your computer.

Microsoft’s own “Defender for Windows Antivirus” was one of the products affected by a flaw that allowed a remote attacker to take over a Windows machine if it merely received an email containing the attacker’s malicious code.

Tavis Ormandy and Natalie Silvanovich, Project Zero researchers from Microsoft’s arch rival Google, found that the core of Redmond's malware scanning engine allowed an attacker to install malware on a Windows machine. The bug affected Microsoft’s consumer and enterprise products.

At the same time as Microsoft’s published an advisory responding to Ormandy’s find, it also posted a blog and white paper about Windows Defender Antivirus, explaining why -- in a mobile-first, cloud-first world -- Defender is fit to protect against emerging threats.

In the blog post, titled “Antivirus evolved”, Holly Stewart, a senior program manager from Microsoft’s malware protection centre, says that “antivirus, is, practically speaking—dead”, referring to signature-based antivirus. This claim isn’t new. Symantec’s consumer brand Norton admitted this in 2014, echoing similar claims that have been bandied about for over a decade.

Despite Windows Defender still having the word “Antivirus” in its name, she argues the Microsoft product shouldn’t be viewed as obsolete. Like other former antivirus-branded products, Microsoft’s Defender has evolved.

She goes on to ask “What does ‘antivirus’ even mean?”, comparing the term with the way “Coke” is used as a catch-all term for fizzy drinks.

“Saying “antivirus” is similar to when you hear a Southerner (like myself) say “Coke” when referring to a carbonated beverage. Or like when my partner, who is from the UK, says it’s time to “Hoover” the house, when he really means to vacuum,” says Stewart.

Stewart highlights that Windows Defender is using machine learning, behavioral analysis, the cloud, and heuristics to detect threats. She notes that 97 percent of malware is detected locally on a machine, while the remainder — the most intensive work — is handled in the cloud and Microsoft’s machine learning models known as as the Microsoft Intelligence Security Graph.

“We have quick, linear models, of course, in addition to more intensive models like Deep Neural Networks. However, to run hundreds of these models simultaneously to report a verdict in milliseconds, you need serious power that you would not want to impose upon a single computer,” she explains.