By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.

Microsoft announced today that Windows Defender is the first antivirus to gain the ability to run inside a sandbox environment. In software design, a "sandbox" is a security mechanism that works by separating a process inside a tightly controlled area of the operating system that gives that process access to limited disk and memory resources. The idea is to prevent bugs and exploit code from spreading from one process to another, or to the underlying OS. A sandbox escape is one of the most complex pieces of exploitation malware, or a hacker can perform, and running programs inside sandboxed environments are considered an optimal security measure and good software architecture. Microsoft says it started working on porting Windows Defender to a sandbox environment after "security researchers both inside and outside of Microsoft have previously identified ways that an attacker can take advantage of vulnerabilities in Windows Defender Antivirus's content parsers that could enable arbitrary code execution." The most infamous of these researchers is Google's Tavis Ormandy, who identified several of these types of vulnerabilities, including one that he labeled "crazy bad." During many of his bug reports, Ormandy had privately and publicly recommended that Microsoft move Windows Defender to a sandbox and prevent attackers from using it as a way to take over Windows PCs. Learn more by navigating to OUR FORUM.