Monday 9 February 2015

Microsoft Malware Protections in the Cloud - MAPS

When I first received my invite to join Google mail (Gmail) years ago, I was immediately surprised by what was missing: a global SPAM directory or registry. I thought to myself - this is the first time that someone knows what people are flagging as SPAM. Once you have a few (or maybe a few thousand) users complaining about a particular email (SPAM) from a particular sender (a SPAMMER) then you could be pretty sure that the email in question was SPAM. It was a crowd-sourced SPAM filter - updated dynamically by now millions of users every day. That omission was quickly corrected by Google, and now I have to say that their collective SPAM filter is very good. As is the more recent incarnation of Hotmail,

Which brings me to the next surprise. If Microsoft knows what people are using, and what kind of errors are occurring on the Windows desktop and server platforms, why doesn't Microsoft have the best crowd-sourced anti-malware and anti-virus system in the world? Who needs a monthly virus definition from Symantec (if you pay your money) when you should have daily, dynamic scans of your systems updated through the collective experience (wisdom) of hundreds of millions of other users?

Well, now you can. Sort of. You can now receive the benefit of other users' experience and dynamic updates through the Microsoft Active Protection Service (MAPS).

The Microsoft Active Protection Service is the cloud service that enables: Clients to report key telemetry events and suspicious malware queries to the cloud, whilst providing real-time blocking responses back to the client.
The MAPS service is available for all Microsoft's antivirus products and services, including:
  • Microsoft Forefront Endpoint Protection
  • Microsoft Security Essentials
  • System Center Endpoint Protection
  • Windows Defender on Windows 8 and later versions
You can join the MAPS program through the free Microsoft anti-virus/malware program using the Settings tab as shown here:

To help manage your privacy concerns, Microsoft reports all data through an encrypted connection and apparently only relevant data is included in the analysis process. If you are an enterprise customer, your data is most likely blocked by your corporate firewall, and therefore your particular threat landscape won't be included in Microsoft's updates.

If you need to find out more about the related confidentiality agreement from Microsoft you can look at the Microsoft System Center 2012 Endpoint Protection Privacy Statement for details

To give you an idea of how this malware telemetry is being exploited, you can see from the following chart that System Center Endpoint Protection is actually contributing roughly 10% of the malware signatures reviewed and included in Microsoft updates. 

That means people like you and I adding to the system - resulting in 10% fewer malware attacks and fewer security incidents.

You can read more about the Microsoft Cloud Protection effort here on the Microsoft Malware Protection home blog page.

No comments: