Is Windows Defender Good Enough?

Is Windows Defender Good Enough?

Remember when Norton, McAfee, and Webroot ruled the world, and we were all buying separate antivirus security suites for our computers? These days, many of us have forgotten about these products and instead just opt for the built-in protection offered by Windows Defender now called Windows Security. Yet, paid anti-malware software still exists. So is there any reason to actually shell out money for it these days?

To answer, let's explore what Windows Security does and does not do. It used to be that the protection built into Windows was relatively bare bones, but these days, Windows Security is a fairly comprehensive solution. Most tech reviewers have noticed that Windows Security does a pretty good job of detecting, stopping, and quarantining the usual viruses and malware with multiple sites ranking it higher than quite a few paid options, both in terms of how many pieces of malicious code it stops as well as having a low number of false positives.

Windows Security uses two common strategies to accomplish this high success rate. The first is by examining signatures against a database. Microsoft publishes definition updates for Windows PCs multiple times a day with signatures for newly-found malware, and then Windows Security downloads these and compares them to possible threats. The second strategy is the use of heuristics, analysis of program behavior without using specific definitions or signatures. This way, if a zero-day or undiscovered threat makes its way onto your system and behaves suspiciously, Windows Security can block it even if it's never been seen before.

This is a pretty powerful one-two punch for most home users, but it does still have its limitations. Is Windows Defender Good Enough?One is that Windows Security tends to rely somewhat heavily on being able to connect to Microsoft servers and access malware data stored in the cloud. A recent AV comparables test noted that Windows Security only detected around 2/3 of threats when its Internet connection was lost, which lagged behind most paid competitors, which tend to store more of the resources they need locally.

Of course, most of us are online consistently these days, but it's something to think about if, say, a piece of malware you've unwittingly downloaded decides to act up when you're not connected the Internet, like when you're on a plane, for example. More advanced paid software might also be less dependent on a signature database and more dependent on cloud AI to more robustly prevent against new and evolving threats.Is Windows Defender Good Enough? Indeed, this has helped some of Windows Defender's competitors who slightly outperform it in terms of detection rates, and some paid services do throw in extra features such as including a VPN service, monitoring your home network for vulnerabilities, or providing alerts when one of your accounts or passwords is involved in a data breach.

But while these might not sound like compelling reasons to pay for security software at home, moving away from relying on just Windows Security might be a good idea for businesses and organizations who have to secure lots of computers at once and might not be able to ensure their employees are always following best practices.

This approach is commonly called endpoint security since it involves robustly protecting user-facing end points, which have historically gotten weaker protection than servers. Endpoint security is being provided by a growing number of companies these days such as CrowdStrike, HP Wolf Security, Central 1, FireEye, and even Microsoft. It typically not only includes the usual antivirus and anti-malware functions, but advanced features like automatically restoring a system's bios if it gets attacked, more deeply examining files to detect malicious code, sandboxing processes in memory, so malware can't spread to other parts of the system, keeping the security software running with a hardware controller even if the operating system is compromised, and allowing for easy remote management.

So if you have a bunch of computers you're trying to keep on lockdown, or if you need extra security for data that you just can't afford to lose, it might be worth investing in a security solution you actually pay for. Otherwise, rolling with Windows Defender is probably fine. Is Windows Defender Good Enough?Just be careful what you click on, as nobody legitimate is going to offer you tech support through a shady-looking webpage riddled with spelling errors.

In case you have found a mistake in the text, please send a message to the author by selecting the mistake and pressing Ctrl-Enter.

Comments (0)

    No comments yet

You must be logged in to comment.

Sign In / Sign Up