Skip to main content

Microsoft brings Windows 7 and 8.1 into the Defender fold, but there is a catch

Announcing Windows Defender Advanced Threat Protection

Microsoft said on Monday, February 12 that its Windows Defender Advanced Threat Protection (ATP) subscription service for the enterprise is coming to Windows 8.1 and Windows 7. Previously an exclusive for Windows 10, the company is now offering the service on older platforms due to the slow transition to Windows 10 in the corporate environment. There is still a mixture of Windows-based devices, thus a need for a single security platform across Microsoft’s three operating systems for the best protection possible. 

This is not the version of Windows Defender installed on mainstream Windows 10 PCs. Instead, Windows Defender ATP is an all-in-one subscription service with several components: Intelligence-driven security analytics, application control, anti-virus, firmware protection, exploit defense, and so on. It’s a loaded package that covers multiple devices in the corporate environment and managed by the company’s security team using a cloud-based interface. 

Windows Defender is a native component of Windows 10, but the upgrade process from Windows 7 and 8.1 within the corporate environment costs both time and money. Large companies simply can’t upgrade all PCs to Windows 10 in one huge swing. The transition will take time, so Microsoft is now responding to requests for a Windows-based solution that covers all thee operating systems. 

The catch is that these customers must be in the process of moving their PCs to Windows 10. That means all PCs with Windows 7 and Windows 8.1 are scheduled to receive the Windows 10 upgrade. Throwing Windows Defender support onto these two platforms is more of a temporary fix so that corporate IT can better manage multiple devices with the three operating systems until the upgrade process is complete. 

Specifically, Windows 7 and Windows 8.1 machines will only have Windows Defender ATP Endpoint Detection and Response (EDR) functionality. According to Microsoft, this component provides “comprehensive monitoring tools to help you spot abnormalities and respond to attacks faster.” All events are made visible in the cloud-based console for Windows Defender ATP subscribers. 

“Security teams benefit from correlated alerts for known and unknown adversaries, additional threat intelligence, and a detailed machine timeline for further investigations and manual response options,” Microsoft says. 

This endpoint solution for Windows 7 and Windows 8.1 can run side by side with third-party anti-virus products, but the company suggests Windows Defender Antivirus, aka System Center Endpoint Protection for the enterprise. Microsoft will provide a public preview of Windows Defender ATP for the two older platforms this spring followed by a full launch sometime during the summer. 

Microsoft introduced its Windows Defender ATP service in March 2016 built specifically for the enterprise. It provides attack detection, attack analytics (who/how/why), response recommendations, network analysis, and so on. It’s continuously updated by Microsoft and works alongside other native services including Microsoft Advanced Threat Analytics and Office 365 Advanced Threat Protection. 

Editors' Recommendations

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Microsoft Windows Defender extension offers Chrome users extra protection
google implementing aggressive policies in chrome themes header

If you're a Chrome user, you'll have one more choice this week for defense against phishing while you're on the internet. Even though Microsoft and Google compete in a number of areas -- Windows 10's Microsoft Edge browser is a direct competitor to Chrome -- Microsoft is making nice with its frenemy by releasing its Windows Defender Browser Protection extension for Chrome browsers.

Although solutions already exist for Chrome -- Google, for its part, displays a bright, red screen whenever you visit a website suspected of phishing or scam -- Microsoft claims that Windows Defender for Chrome is superior and can stop more threats. When the company highlighted the merits of its Microsoft Edge browser, it noted that Windows Defender is 99 percent effective at thwarting threats. Chrome was effective at just 87 percent of the time, and Firefox had a 70 percent effective rate. In theory, with Windows Defender available as an extension and working in Chrome, Chrome users should benefit from the same level of protection as Microsoft Edge.

Read more
Microsoft’s Windows 7 Meltdown update granted access to all data in memory
microsoft building tab support into windows 10 upgrade popup

Security researcher Ulf Frisk reports that patches to address the Meltdown processor flaw on Windows 7 (64-bit) and Windows Server 2008 R2 machines created a far greater vulnerability. He claims the new flaw allows any process to read everything stored in memory "at gigabytes per second." It also allows processes to write to arbitrary memory without "fancy exploits." 
"Windows 7 already did the hard work of mapping in the required memory into every running process," Frisk states. "Exploitation was just a matter of read and write to already mapped in-process virtual memory. No fancy APIs or system calls required -- just standard read and write!" 
Because of the amount of data stored in memory is rather large and complex, Windows PCs track data using addresses listed on virtual and physical "maps" or "pages."  The reported problem resides with a four-level in-memory page table hierarchy the processor's Memory Management Unit uses to translate the virtual addresses of data into physical addresses stored in the system memory. 
According to Frisk, Windows 7 and Windows Server 2008 R2 have a self-referencing entry on Page Map Level 4 (PML4) in virtual memory with a fixed address. This address is only made available to the operating system's lowest, most secure level: The kernel. Only processes with a "supervisor" permission have access to this address and the data on this table. 
But Microsoft's Meltdown patches released at the beginning of 2018 set the permission to "user." That means all processes and applications can access all data stored in memory, even data only meant to be used by the operating system. 
"Once read/write access has been gained to the page tables it will be trivially easy to gain access to the complete physical memory, unless it is additionally protected by Extended Page Tables (EPTs) used for Virtualization," Frisk writes. "All one has to do is to write their own Page Table Entries (PTEs) into the page tables to access arbitrary physical memory." 
To prove this discovery, Frisk added a technique to exploit the vulnerability -- a memory acquisition device -- in the PCLeech direct memory access toolkit. But if you're trying to test the vulnerability on a Windows 7 or Windows Server 2008 R2 machine updated on March Patch Tuesday, you're out of luck. Microsoft switched the PML4 permission back to "supervisor" as part of the company's blanket of security fixes for the month. 
The memory problem surfaced after Microsoft distributed its Meltdown and Spectre security fixes in the January Patch Tuesday update. Windows 7 (64-bit) and Windows Server 2008 R2 machines with the February Patch Tuesday updates are also vulnerable. Devices with Windows 10 and Windows 8.1 are not vulnerable. 
That said, Windows 7 and Windows Server 2008 R2 devices owners are encouraged to update their machines with the most recent patches distributed in March. But Frisk notes that he discovered the vulnerability after Microsoft's March Patch Tuesday update, and has not been able to "correlate the vulnerability to known CVEs or other known issues." 

Read more
Still using Windows 8.1? You’re on your own now
microsoft mainstream support windows 81 windows81

Microsoft has officially ended mainstream support for Windows 8.1, marking the second-to-last milestone in the four-year-old operating system's lifecycle. The last will come in 2023, when Microsoft will end all support for it. In the meantime, users can at least expect security updates, but no further improvements.

As keen as Microsoft is to get as many of its billion-plus users running the latest version of its operating system, the company has always maintained an extended support system for its historical platforms. They don't last forever though, with Microsoft periodically ending first improvement support and finally security fixes at specific points throughout their lifecycle. Windows 7 with Service Pack 1 saw its mainstream support end in January 2015, while Windows Vista lost all support in April 2017.

Read more