Microsoft is building a smart antivirus using 400 million PCs

An upcoming security update will incorporate machine learning from millions of computers fending off malware, the company says.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
3 min read
Enlarge Image

This is the new dashboard for Windows Defender Advanced Threat Protection.


Microsoft is turning to artificial intelligence to create the next generation of antivirus software.

The company is under massive pressure to deliver a cybersecurity solution that will work for millions of computers, as hackers ramp up attacks and raise the stakes. In recent weeks, for example, the WannaCry ransomware devastated more than 200,000 computers worldwide, many of which were running outdated versions of the Windows operating system.

This led Microsoft to release updates in mid-June to fix vulnerabilities identified by the National Security Agency, allowing older systems to protect against "potential nation-state activity."

To prevent the next global malware crisis, an upcoming update will rely on machine learning from more than 400 million computers running Windows 10, Microsoft said Tuesday. 

In its Fall Creators Update, Microsoft will use a wide range of data coming from its cloud programs such as Azure, Endpoint and Office to create an artificial intelligence antivirus that can pick up on malware behavior, said Rob Lefferts, director of program management for Windows Enterprise and Security. The upgrade is coming to Windows Defender Advanced Threat Protection, with new features like browser-focused Application Guard and cloud-related Device Guard and Exploit Guard.

If new malware is detected on any computer running Windows 10 in the world, Microsoft said it will be able to develop a signature for it and protect all the other users worldwide. The first victim will be safe as well because the virus will be set off in a virtual sandbox on the cloud, not on the person's device.

Microsoft sees artificial intelligence as the next solution for security as attacks get more sophisticated.

"If we're going to stay on top of anything that is changing that fast, you have to automate," Lefferts said.

About 96 percent of detected cyberattacks are brand new, he noted.  

With Microsoft's current researchers working at their fastest pace, it can take a few hours to develop protections from the first moment they detect malware. 

It's during those few hours when people are really hit by malware. Using cloud data from Microsoft Office to develop malware signatures is crucial, for example, because recent attacks relied on Word vulnerabilities.

After Microsoft claimed that its new Surface Laptop could not be hit with ransomware, CNET sister site ZDNet hired a hacker to do just that, using a Word exploit. With the artificial intelligence update, Microsoft said that won't happen again.

"If Word were to start allocating memory in big chunks, when it never does, we would be able to detect that," Lefferts said. "We built the machine learning models around common applications like Word."

The security features will only be available for enterprise customers and businesses at first, but the expectation is to roll it out for all customers eventually.

The update will also bring new protections for the browser -- where viruses like Fireball have infected more than 5 million devices -- but only for those using Microsoft Edge.

CNET Magazine: Check out a sample of the stories in CNET's newsstand edition.

Logging Out: Welcome to the crossroads of online life and the afterlife.