Microsoft has denied claims that its home-built Windows 10 antivirus could be putting users at risk from online attack.
Doubts had been raised over the security of Windows Defender after Microsoft announced a new feature for the platform that would allow it to download files via the command line.
Some security experts had warned that doing so could mean Windows Defender becomes a vessel through which users might unknowingly download malicious files from the web.
- Do I need an antivirus program in Windows 10?
- These are the best antivirus programs around now
- And here's the best malware removal software
Windows Defender
However Microsoft has now hit back at the claims, with a company spokesperson telling Forbes that, "Despite these reports, Microsoft Defender antivirus and Microsoft Defender ATP will still protect customers from malware. These programs detect malicious files downloaded to the system through the antivirus file download feature."
The company added that the feature could not be used to escalate privileges on Windows machines, despite researchers warning that any tool that widens the potential attack surface on any device needs to be watched carefully.
The controversy stems from the fact that experts were able to use the new command line tool (known as -DownloadFile command-line) as a local user to use the Microsoft Antimalware Service Command Line Utility to download a file from the internet with the following command: “MpCmdRun.exe -DownloadFile -url <url> -path <local-path>”.
Using this technique, one expert (penetration tester Mohammad Askar) was able to download Cobalt Strike malware from a remote location directly via Microsoft Defender, showing the potential risks, despite the company's reply.
While Defender will detect and mitigate any malicious files downloaded using this method, it is unclear whether other popular antivirus services will be able to defend against this avenue of attack, in instances in which native protections have been disabled.
The news comes shortly after Microsoft was also criticized for making it more difficult to manually disable Microsoft Defender in Windows 10, although the app should automatically turn itself off if it detects you're running another antivirus program.
- Here's our list of the best Windows 10 antivirus services around
Via Forbes
