Malwarebytes for Windows ARM

[Amaroq_Starwind]

Now that Microsoft provides tools for making native ARM64 apps for Windows 10, and now that the ARM Cortex-A76 is in development, I feel like this would be a great opportunity to port Malwarebytes over to ARM, especially as it means that there could be some integration with the Qualcomm Smart Protect API.

As a disclaimer, I apologize if there are weird formatting errors, or if errant URLs happen to slip through.

(I'm not a big fan of the mobile website's forced WYSIWYG editor, its lack of buttons, its lack of a preview post function, and especially the inability of editing my own posts...)

Microsoft, Qualcomm and Google work together to bring Google Chrome to Windows 10 on ARM: https://9to5google.com/2018/11/19/microsoft-google-chrome-windows-10-arm/
	Qualcomm Smart Protect, or as I'd like to call it, MBAM-on-a-Chip: https://www.qualcomm.com/news/onq/2015/08/31/snapdragon-820-countdown-snapdragon-smart-protect-detects-more-mobile-malware
	Microsoft Blog post on Windows 10 ARM development: https://blogs.windows.com/buildingapps/2018/11/15/official-support-for-windows-10-on-arm-development/amp/
	Microsoft ARM documentation: https://docs.microsoft.com/en-us/windows/arm/
	The future of ARM CPUs: https://www.forbes.com/sites/jeanbaptiste/2018/08/22/how-arm-just-ruined-the-launch-of-qualcomms-windows-10-pcs/amp/ 

Further discussion is always welcome. I'd love to hear everyone's thoughts on an ARM64 port of Malwarebytes. 🦊

[Amaroq_Starwind]

*sighs*

Why did you have to go and break on me, spoiler tag?

[Amaroq_Starwind]

So... No comments on an MBAM for Win10 ARM64? 😕

[exile360]

Greetings,

Please correct me if I'm wrong, but doesn't Windows Mobile only have an extremely minuscule part of the current market share for mobile platforms/devices?  Assuming I'm interpreting the data correctly, it appears to be only just over one-tenth of one percent:

Mobile OS Market Share

If you were referring to something else please let me know.

Thanks

[Amaroq_Starwind]

Not mobile, specifically. Some laptops and even a few desktops are being made with ARM64 processors now, and the ARM version of Windows 10 is actually a port of the desktop operating system (and it even has an emulator for x86 programs, but it's a slow one). Microsoft recently released tools for compiling ARM64 code within Visual Studio.

[exile360]

Right, but that's just like WinRT, right?  It's used on devices like ultra portables and tablets, which again, show extremely low~non-existent numbers.  By the way, just in case you were curious, Windows 7 still holds close to a 42% market share while Windows 10 still has yet to overtake it, currently around 32.3%, though thankfully the much more vulnerable XP is now down to less than 5%, close to the same amount as the latest version of Mac OS X.

[exile360]

By the way, judging by the comments in this Forbes article things aren't looking so good for the platform at the moment, with not even Microsoft being willing to support the OS with native versions of its own Office suite of applications (it instead uses an emulator and only runs 32-bit/x86 Windows code even though the CPUs themselves are actually 64-bit/x64 architecture meaning they'll take the associated performance hit that comes with such emulation as well as being limited to only 4Gb max RAM access for any Windows software they run).

That's not to say that it's impossible, but unless their market reach increases pretty dramatically in the upcoming year, I don't expect many developers or vendors to jump onboard to support the platform.  It does appear to be very energy efficient, which is essential for mobile devices, however the performance may not meet the expectations of Windows users which they would need to bridge that gap between powerful Windows 10 PCs and thin and light mobile computing devices for the platform to be taken seriously.  At least that's my opinion, and one of the reasons I've stuck with a full PC for all of my computing tasks and still use an old flip phone to this day as I only use the phone to make and receive calls and the occasional text; I leave all web activities and other computing tasks to my much more robust laptop whose specs you can see in my signature.

[Amaroq_Starwind]

If you check out the dates, though; both the Windows blog about official support for ARM development and the thing about Google Chrome are by far the most recent, having been published within the past couple of weeks (give or take a few days). And the fact Visual Studio can now be easily configured for targeting ARM64 instead of x86 or x64 means that porting any existing applications to ARM is almost trivial compared to the hassle it used to be as long as you don't include any architecture-specific code in the source files. And for some reason, I highly doubt that Malwarebytes was written entirely in x86 ASM, despite  how much I often wish that were the case. 

Only as developers continue to put work into porting their stuff to ARM64 will even more developers be encouraged to do the same, and I think the Malwarebytes name would carry a lot of weight in that regard.

[Amaroq_Starwind]

Oh, and that whole Qualcomm Smart Protect API thing? Yeah, if there's an SDK for that, then such a thing would probably only make Malwarebytes even better.

[David H. Lipman]

1 hour ago, Amaroq_Starwind said:

< snip >

Only as developers continue to put work into porting their stuff to ARM64 will even more developers be encouraged to do the same, and I think the Malwarebytes name would carry a lot of weight in that regard.

No, it wouldn't.  It would be a case of the cart leading the horse.

Malwarebytes has an anti malware solution on Windows NT because of it being a High-Value Target of malicious actors.

 

 

[Amaroq_Starwind]

Some malicious software can escape JIT emulation AFAIK (vulnerabilities exist in literally everything, just look at JIT-compilation with Java), and both ARM-targeting (though not Windows specifically) and platform agnostic malware already exist, and Chrome making it to Windows 10 ARM is already a big deal. Additionally, more people are gonna be using the platform because it can also emulate x86 applications, but I for some reason doubt that any existing x86 anti-malware suites could do their job effectively in an emulated environment.

If there is ever an ARM version, it could be a more or less silent release, with the installer being updated to download ARM-based components as necessary on ARM-based hardware... and hopefully the amount of effort won't be too much of a loss if it later turns out that Windows 10 for ARM completely dies like Windows RT did. But I'm not a developer, so take my posts on this subject with a fistful of salt.

If the OS does take off however, then it would probably help MBAM fans like myself sleep a little better knowing that an effective and trustworthy anti-malware suite is already available for the platform by the time it gets to that point... though then again, there is also Windows Defender, and who knows what Microsoft is gonna do for the ARM-version of that (if they do anything at all).

I think I'll leave it here for tonight, and pick up this discussion again another time. Got a lot of unrelated things to take care of, and I shouldn't put them off any longer. Goodnight!

[Amaroq_Starwind]

I found another article today which may be relevant to this thread, though I was mainly looking at unrelated things (such as upgrading my laptop from 32-bit Windows to 64-bit Windows) and thus my attention on the article wasn't 100% there. Figured I would link the article, since it may be worth a read.

https://www.zdnet.com/article/windows-10-on-arm-s-versus-pro-emulation-and-64-bit-app-support/

The .NET Core libraries are really useful for other reasons too, because it can be used to make a program less dependent on having up-to-date external runtimes, or more resilient against future updates breaking something. Also good for cross-platform development.

[exile360]

If the OS does take off and becomes a target of threats, it is likely that Malwarebytes would then look into developing protection for the platform, however I'm with David in that I believe it's too early at this point to do so as we just don't know what the future of this platform will be and whether or not it will even succeed/remain supported by Microsoft, and since nothing is known at this point about any threats that might target this platform, developing protection for it would also be more of a placebo than anything else as there is no guarantee that the protections created would be effective against whatever methods the bad guys might decide to use to attack the OS (and signature based detections could not be developed since, at least as far as I know, no actual malware samples exist for this platform either, so creating even a basic malware scanner would be impossible at this point).

[Amaroq_Starwind]

Well it's still Windows, and there might be vulnerabilities in the x86 CPU emulator. At the bare minimum, it could protect against existing threats in the event that they somehow happen to escape the emulation stage.

[exile360]

Yes, there might be, but again, without any samples or any details on such vulnerabilities there is nothing Malwarebytes could do to secure it.  The entire basis of how Malwarebytes works in Windows comes from the knowledge of how threats work in Windows and what the vulnerabilities are, thus it is able to secure and harden the system as well as detect threats that attack it.

Edited December 3, 2018 by exile360