Introducing ESET Endpoint Antivirus for Windows on ARM
While Microsoft makes a strong pitch for the success of Windows on ARM64 by integrating x86 and x64 emulation layers, the thirst for native speeds (and improved security) is not slaked yet.
Microsoft’s release of an ARM64-based Windows operating system in 2017 aimed to address well-known criticisms over their previous forays into the world of ARM – the discontinued Windows RT, Windows Phone and Windows 10 Mobile. The gripes were many and various: “You can only use apps from the Windows Store.” “I can’t compile my applications for ARM.” “This is a dwarfed version of Windows.” For security software vendors, there was no supported way for third-party app developers to access the low-level interfaces needed to build firewalls and perform security-related tasks like real-time scanning. Frustration seemed to outpace excitement.
Eventually, the first 2-in-1 laptops with Windows 10 on ARM64 shipped: the Asus NovaGo and HP Envy x2. To be useful from the get-go, Microsoft equipped their operating system with an emulation layer that would allow most x86 (32-bit) desktop applications to run on the ARM64 processor. Then with the release of Visual Studio 15.9 in 2018, Microsoft further empowered app developers with tools to compile their apps for ARM. Finally, with the release of the x64 (64-bit) emulation layer to Windows Insiders in late 2020, many experienced the hope that ARM’s compatibility pains were set to be eased at last.
While the chief selling points of ARM-based laptops largely remain their built-in LTE connectivity, including 5G, and very long battery life (over 20 hours), the ability to run familiar applications at native-like speeds remains a challenge for the relevance of Windows on ARM in the future. Simply put, running resource-intensive applications on top of an emulation layer inevitably downgrades performance, and some applications – or, at least, some of their features – cannot run via emulation at all.
This leads app developers to consider the market demand and the investment required for them to port their apps to ARM. In some cases, it is very easy – perhaps little more than recompiling the source code for the new platform and operating system. In others, much more effort is required – as is the case with security software. In either case, testing is critical when a new technology is being scaled.
ESET has set out to reengineer its ESET Endpoint Antivirus for Windows to run natively on ARM64 in response to requests from multiple business customers. In parallel, ESET has also created a native ARM build of ESET Management Agent so that businesses can manage ARM-based Windows devices using their familiar ESET PROTECT console.
If securing ARM-based Windows devices is on your radar, whether out of operational needs or out of curiosity to test a unique security solution, or if you have a need to protect your existing Surface Pro X machines, look no further.
Does native ARM malware exist?
A month after Apple released its lineup of devices powered by its new M1 chips – a proprietary adaptation of ARM – GoSearch22 emerged as the first instance of malicious code native to the platform. About two months later, newly discovered adware targeting Macs called Silver Sparrow also appeared sporting a malicious M1 native binary.
With regard to malware targeting Windows on ARM machines, obviously malware authors are just as able to run traditional x86 binaries via the emulation layer, and they can also recompile their malware for ARM32 or ARM64. Once the x64 emulation layer for Windows on ARM is in public release, the entire spectrum of x64-based malware will certainly be able to take a stab at the new attack surface. While some x64 (and x86) malware binaries will be hampered – or not be able to run at all – via emulation, other malware, having only simple functionality, can be expected to run without issues on the Windows on ARM platform. The same applies to malicious scripts, so long as there is a suitable script interpreter.
Of course, there are some types of malicious websites, spam, phishing and scams that do not care at all about which operating system or hardware platform potential victims might be using – and users deserve better protection against these threats and tricks. Therefore, keep security in mind just as much as your favorite applications if experimenting with, or adopting, Windows on ARM64 devices.