Microsoft is moving forward with its promise to extend business security protections to non-Windows platforms with the general launch of a version of Linux and a preview of one for Android. The software maker is also tightening Windows security protections to look for malicious firmware.
The Linux and Android moves, detailed in posts released Tuesday here, here and here, follow a move last year to send antivirus protections to macOS. Microsoft revealed the firmware feature last week.
All new protections are available to Microsoft Advanced Threat Protection users and require Windows 10 Enterprise Edition. Microsoft’s public pricing is non-existent or hard to find, but according to this site, costs range from $ 30 to $ 72 per machine per year for business customers.
In February, when the Linux preview was available, Microsoft said it included antivirus alerts and “preventative capabilities.” Using a command line, administrators can manage users’ machines, start and configure antivirus scans, monitor network events, and manage various threats.
“We are just at the beginning of our Linux journey and we will not stop here!” Tuesday’s post announcing the general availability of Linux said. “We are committed to continually expanding our capabilities for Linux and will bring you improvements in the coming months.”
Meanwhile, Android Preview provides various protections, including:
- Blocking phishing sites and other high-risk domains and URLs accessed through SMS / text, WhatsApp, email, browsers, and other applications. The features use the same Microsoft Defender SmartScreen services that are already available for Windows, so decisions to block suspicious sites will apply to all devices on a network.
- Proactive scanning for potentially unwanted or malicious files and applications that can be downloaded to a mobile device.
- Measures to block access to network resources when devices show signs of being compromised by malicious applications or malware.
- Integration with the same Microsoft Defender Security Center that is now available for Windows, macOS and Linux.
Last week, Microsoft said it had added firmware protection to the Microsoft Defender premium. The new offering scans the Unified Extensible Firmware Interface, which is the successor to the traditional BIOS that most computers used during the boot process to locate and list installed hardware.
The firmware scanner uses a new component added to virus protection already built into Defender. Hacks that infect firmware are particularly harmful because they survive reinstalls of the operating system and other security measures. And since the firmware runs before Windows starts, it has the ability to dig deep into an infected system. Until now, there have only been limited ways to detect such attacks in large fleets of machines.
It makes sense that extensions to non-Windows platforms are available only to businesses and have an additional cost. However, I was surprised that Microsoft is charging a premium for firmware protection and only offering it to businesses. Many journalists, lawyers and activists are equally threatened, if not more, by so-called evil servant attacks, in which a housekeeper or other stranger has the ability to manipulate the firmware during a brief physical access to a computer.
Microsoft has a strong financial incentive to make Windows safe for all users. Company representatives did not respond to an email asking if the firmware scanner would be more widely available.