When it comes to warding off malware, installing an antivirus is the first step many users should take. Choosing the right application, however, can be very difficult simply because of the multitude of options available. For users who deal with this topic, the best option is probably already installed on their device.
With the release of Windows 10, Microsoft began adding a new built-in virus protection feature to the platform: Defender. This app, located in the Windows Security Center, is designed with a clear focus on device security versus other options.
While many third-party services typically have additional functions such as performance boost or junk file scan, they often do not offer any additional functionality from a security point of view. However, if your primary concern is to find an anti-virus that is capable of detecting and removing threats, then Windows Defender is likely more than sufficient to meet your needs.
But as a service built into the Windows platform, it’s natural to wonder if it’s doing enough to keep you safe; Without the actual installation of an application, many users may feel “unarmed” in some way to a threat. At this point, it can be helpful to look at the full range of functions to get an impression of what Defender actually offers:
FEATURES OF MICROSOFT WINDOWS DEFENDER ANTIVIRUS
Scanning – Fully searches the file directory for malicious code and processes that can affect performance. Can be automated to run in the background at certain intervals.
Quarantine – Malware is isolated from the core of the operating system to prevent further changes to the system.
Remove – The service destroys malware traces from quarantine.
Firewall – Manage how incoming data can interact with your device.
Screen Filters – Block malicious code from running while browsing the web (Edge only).
SecureBoot – Prevent malicious code from running when the device starts up.
Controlled folder access – Prevent unauthorized applications from making changes to files in specially designated folders (designed to prevent data loss from ransomware).
In contrast to other antivirus programs, Defender is embedded directly into the Windows 10 ecosystem and therefore has the advantage of being closely linked to the platform it is supposed to protect. For example, the SecureBoot function above runs before Windows even loads, which would be impossible with other antivirus programs. The Protected Folders function also requires access to the Windows authorization system.
Overall, this benefit allows Defender to extend its reach within the operating system and provide greater coverage.
A MORE COMPREHENSIVE SOLUTION: WINDOWS DEFENDER ATP
For users who need a more complex security solution, the best options are not to consider another application but to upgrade the version of Windows Defender they are using. So far this article has focused on the free Defender version that is included in standard Windows 10 licenses. However, in enterprise versions of the operating system, Windows Defender includes additional Endpoint Protection features to allow for a more proactive defense known as Advanced Threat Protection (ATP).
While the basic version of Defender provides detection services on a scan basis, ATP has an “always-on” method to detect threats more quickly. These threats include files and processes running on a device that matches those defined in Microsoft’s malware signature database. Due to the built-in function of Defender compared to other antivirus programs, the service can also block malicious processes and even carry out automatic countermeasures (“Quarantine and Removal”).
In addition, the services employ a broader range of measures to stop the spread of more complex attacks that spread over IT networks (WannaCry, etc.). This includes the automatic removal of an infected device from a network as soon as a threat is detected.
A key differentiator from ATP is its agility. Utilizing Microsoft’s machine learning platform, ATP also updates its definitions of malware signature in real time by pulling cloud-based data from all other endpoints using the service. This means that as soon as a new threat is detected anywhere in the world, all other endpoints are updated with information about the processes used and exploited by the malware and can then be blocked.
CONCLUSION – IS WINDOWS DEFENDER SUFFICIENT?
Today, cyber threats are less a means of wreaking havoc than a viable source of income for malicious actors. Hence, those with more to lose are most at risk: companies. So while consumer-grade Windows Defender may be the best option for more common forms of threats, Windows Defender ATP can provide the most proactive defense against advanced and persistent threats.