Not all Windows machines are equal when it comes to malware. Microsoft has thrown down a new $25,000 malware challenge to data scientists and academics on the Kaggle research crowdsourcing site.
The company is asking researchers to develop an algorithm that can “predict if a device is likely to encounter malware given the current machine state”.
Clearly, low hanging fruit here would be a Windows XP machine that hasn’t been patched since mainstream support was dropped. And as Microsoft has gone to lengths to point out that Windows 10 has better defenses than Windows 8 and Windows 7.
But Microsoft is expecting researchers to go beyond comparisons between Windows versions, and include other variables such as whether a machine is online or offline, their patch status, the CPU and architecture, its location in the world, default browser, and whether there is active antivirus.
It also includes whether a Windows 10 device is in Microsoft’s locked down S Mode, specific device types, different OEMs, the number of cores in a CPU, and whether the machine is using hard disk or solid state drives.
Microsoft’s Windows Defender Research team note that Kaggle participants will be using 9.6GB trove of anonymized data from 16.8 million devices — a tiny fraction of the billion devices Microsoft patches each month.
The competition is organized by Microsoft’s Windows Defender ATP Research team -- a service exclusive to Windows 10 enterprise customers -- with the help from academic partners Northeastern University and Georgia Institute of Technology.
Microsoft stresses the data set is “fresh” and that it intends to use the contest results to improve preventative protection.
“Not all machines are equally likely to get malware; competitors will help build models for identifying devices that have a higher risk of getting malware so that preemptive action can be taken,” explains Chase Thomas and Robert McCann of the Windows Defender Research team.
Microsoft in 2015 ran another malware-focussed Kaggle competition, asking machine learning researchers to help it group together various malware strains.
At the time it hoped to address the challenges of polymorphic malware, or the proliferation of malware caused by malware authors creating slight variations in code in order to evade detection by antivirus. Microsoft was looking to machine learning to improve detection through better classification of common variants of the same malware.
But that was before the world had seen WannaCry and NotPetya in mid-2017. The two outbreaks nearly exclusively impacted Windows 7 PCs and for the most part spread throughout an enterprise network after one PC had become infected.
As NCCGroup recently reported, seemingly minor Windows configuration changes could have drastically reduced NotPetya's ability to spreading within a network. That could have made a major difference to firms like Maersk and TNT Express that reported losses over $300 million each.
"Results from the contest will help us identify opportunities to further improve Microsoft’s layered defenses, focusing on preventative protection," wrote Thomas and McCann.