Microsoft is adding Linux, Android, and firmware protections to Windows

Screenshot of antivirus protection.

Microsoft is moving forward with its promise to extend enterprise security protections to non-Windows platforms with the general release of a Linux version and a preview of one for Android. The software maker is also beefing up Windows security protections to scan for malicious firmware.

The Linux and Android moves—detailed in posts published on Tuesday here, here, and here—follow a move last year to ship antivirus protections to macOS. Microsoft disclosed the firmware feature last week.

Premium pricing

All the new protections are available to users of Microsoft Advanced Threat Protection and require Windows 10 Enterprise Edition. Public pricing from Microsoft is either non-existent or difficult to find, but according to this site, costs range from $30 to $72 per machine per year to enterprise customers.

In February, when the Linux preview became available, Microsoft said it included antivirus alerts and “preventive capabilities.” Using a command line, admins can manage user machines, initiate and configure antivirus scans, monitor network events, and manage various threats.

“We are just at the beginning of our Linux journey and we are not stopping here!” Tuesday’s post announcing the Linux general availability said. “We are committed to continuous expansion of our capabilities for Linux and will be bringing you enhancements in the coming months.”

The Android preview, meanwhile, provides several protections, including:

  • The blocking of phishing sites and other high-risk domains and URLs accessed through SMS/text, WhatsApp, email, browsers, and other apps. The features use the same Microsoft Defender SmartScreen services that are already available for Windows so that decisions to block suspicious sites will apply across all devices on a network.
  • Proactive scanning for malicious or potentially unwanted applications and files that may be downloaded to a mobile device.
  • Measures to block access to network resources when devices show signs of being compromised with malicious apps or malware.
  • Integration to the same Microsoft Defender Security Center that’s already available for Windows, macOS, and Linux.

Last week, Microsoft said it had added firmware protection to the premium Microsoft Defender. The new offering scans Unified Extensible Firmware Interface, which is the successor to the traditional BIOS that most computers used during the boot process to locate and enumerate hardware installed.

The firmware scanner uses a new component added to virus protection already built into Defender. Hacks that infect firmware are particularly pernicious because they survive reinstallations of the operating system and other security measures. And because firmware runs before Windows starts, it has the ability to burrow deep into an infected system. Until now, there have been only limited ways to detect such attacks on large fleets of machines.

It makes sense that the extensions to non-Windows platforms are available only to enterprises and cost extra. I was surprised, however, that Microsoft is charging a premium for the firmware protection and only offering it to enterprises. Plenty of journalists, attorneys, and activists are equally if not more threatened by so-called evil maid attacks, in which a housekeeper or other stranger has the ability to tamper with firmware during brief physical access to a computer.

Microsoft has a strong financial incentive to make Windows secure for all users. Company representatives didn’t respond to an email asking if the firmware scanner will become more widely available.

Librem 5 backers have begun receiving their Linux phones

When Ars spoke to Purism founder and CEO Todd Weaver two weeks ago, the Librem 5 had been “shipping” for a month but not to backers—only to Purism employees and inside developers. Weaver talked a little about the unexpected hardware issues the company had been experiencing late in the game, including a batch of phone boards missing a 10kOhm resistor, and he gave us an updated schedule for when the phones would resume shipping. More importantly, Weaver said backers would begin receiving their phones by the first week of December.

Thankfully, the company met this latest deadline on time. On November 27, Ars reader Azdle posted a comment to the thread—”Just because I can, hello from my freshly-received Librem 5 phone! (And, no, I don’t work for Purism, I’m just an early backer.” Azdle was also kind enough to share some unboxing pictures and some commentary about what, exactly, a Librem 5 phone from the Birch shipment is—and what it’s not.

What the Librem 5 isn’t (yet)

First of all, it’s not really a “phone” yet. There’s no audio when attempting to place a phone call. The cameras also don’t appear to work yet. Azdle reports “installing and opening up Cheese”—Cheese is a very basic Linux video application, installed by default in many distros—”I just get a message saying ‘no device found.'” There’s also effectively no power management yet, so the Librem doesn’t last long on battery. It takes a long time to charge as well.

The software needs polish in lots of places: Azdle notes that few apps so far understand mobile screen layouts, and there’s no obvious indications as to which apps have or have not been updated. The charging LED doesn’t light up when the phone’s off—although the phone is actually charging. And fine-tunables like kinetic scroll—the ability to flick a scroll-thumb down hard, and expect it to keep scrolling for pages and pages like a thrown rock—still need tuning.

With that said, we recommend putting down the pitchforks and snuffing the torches for now. This isn’t supposed to be a finished, working, retail-ready phone—it’s a (mostly) working prototype, made available in very small numbers to extremely early backers who knew what they were getting into.

Listing image by Azdle