|
|
|
|
|
|
by opie34
3241 days ago
|
|
|
It is my opinion that the author's primary concern is that Windows Defender (or any antimalware suite [1][2]) has a huge attack surface, due to the high privileges assigned, and the huge amounts of file formats supported (which require custom or 3rd party parsing libraries.) Sandboxing substantially reduces that attack surface, by placing the parsing engines, and the untrusted executable in protected environments. I agree with your sentiment that sandboxing will require more complex interactions between sandboxes for antimalware suites to act on pre-existing threats (and minimizing the required privileges for the 'SYSTEM'-level process that must act on those threats.) [1]: https://www.engadget.com/2016/06/29/google-symantec-antiviru...
[2]: https://www.engadget.com/2016/01/13/trend-micro-security-pas... |
|
|