We recently published an article taking tech writers to task with regards to their overuse of click-bait articles– those articles that sensationalize a non-event and make mountains out of molehills: Tech Site Journalism Reaches All-Time Low. Controversy sells, don’t ya know.
Once again, a bunch of well-known tech sites have jumped all over a story reporting a supposed security flaw in Windows Defender. A recent report notes that Windows Defender has been updated with a new command-line tool that supports a “DownloadFile” function. Advanced users can utilize this dedicated command-line tool, mpcmdrun.exe (Microsoft Antimalware Service Command Line Utility), to automate Microsoft Defender Antivirus functions. Security researchers revealed that the tool can be used to download any file from the internet, including malware.
As is the way these days, multiple supposedly reputable tech sites have subsequently beaten up the negative connotations associated with this report and completely failed to check out the other side of the story.
Windows Defender Security Issue – A Non-Issue
These click-bait articles are suggesting that attackers could abuse Windows Defender’s new feature to download malware from the internet and take control of your computer. However, they have failed to mention two very important facts:
- To achieve this would require administrator privileges and the tool cannot be used to elevate privileges
- Windows Defender will STILL detect and block any malicious file downloads
In other words, while a user with administrator privileges can use this tool to download any file (including malware), Windows Defender will still scan and block malicious files, such as malware or ransomware. It has now been confirmed that the tool cannot be used to seize system control or infect computers with malware. The obvious conclusion is this new feature is NOT a security threat.
If you’re a Windows Defender user and have read any of these click-bait articles, no need for concern. Windows Defender does not have a security flaw and remains a perfectly safe-to-use antivirus solution.
FOOTNOTE: I am still referring to Microsoft’s built-in antivirus solution as Windows Defender even though I believe the name has now been changed to Microsoft Defender. I continue to do so because that’s the name most users recognize. I think I might have mentioned previously that Microsoft’s naming conventions continue to be a source of irritation.