Participatory Extensible Security

In the past, I’ve explained how security products combine sensors and throttles with threat intelligence to protect users and devices from attack. I’ve also outlined how the evolution of software, including increased complexity and a focus on privacy, have made it harder than ever for sensors and throttles to function effectively, leading to security and reliability risk. The Current Landscape Today in the Windows ecosystem, we have a few cases of “participatory extensible security” (PES). PES is extensible on both sides: An “enlightened” client can participate by asking for security help Any security product can extend protection to any client One PES example is the IOfficeAntivirus interface, which gets called on file downloads and document opens to tell installed antivirus software “I got a new file. Scan it for viruses?” (This direct call isn’t entirely redundant behavior in a world with Real-time Protection, but it’s close). The more prominent example of PES is an API called AMSI…