Google security researcher Tavis Ormandy has ported Windows Defender to Linux. The idea is not to make Linux more safe, the port is made to help making Windows more secure.
Ormandy is a team member of Google’s Project Zero, which tries to find vulnerabilities in popular software, and recently found a critical vulnerability in the engine that is used by Windows Defender and other Microsoft security software. By exploiting the vulnerability an attacker could take over Windows without any user interaction.
To find vulnerabilities a method called fuzzing is used. This method is popular amongst security researchers and involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failing built-in code assertions or for finding potential memory leaks.
Surprise, I ported Windows Defender to Linux. 😎https://t.co/7eP48O87Vi
— Tavis Ormandy (@taviso) May 23, 2017
By porting Windows Defender Ormandy hopes to have found a scalable and efficient way of fuzzing self-contained Windows libraries on Linux. Currently, without the Linux port, this is very challenging and efficient, according to Ormandy. His port should change that, as he explains, “I’ve found that porting components of Windows Antivirus products to Linux is often possible. This allows me to run the code I’m testing in minimal containers with very little overhead, and easily scale up testing.”
To demonstrate what his software, called loadlibrary, can do, he now first ported Windows Defender.
Loadlibrary is open source and available on open source hosting website Github.