Does Windows 10’s Security Boost Make Antivirus Obsolete?

With the Windows 10 Creators Update this spring, the venerable Windows Defender got a new name—Microsoft Windows Defender Security Center—and a leap in functionality. In addition to antivirus, it manages Windows Firewall, SmartScreen Filter, and Microsoft's parental control system, and also helps with PC health and performance issues.


By comparison, there's little visible change to Defender with this week's Windows 10 Fall Creators Update, and certainly not enough to make you give up your third-party antivirus, as I'll explain.


Ransomware Protection


That's not to say the upgrades this time around aren't beneficial. Ransomware is a huge worry these days, and Microsoft has put a simple kind of ransomware protection right into Windows Defender. It's not turned on by default, however, and it's hard to find. Dig into the antivirus settings, find the setting called Controlled Folder access, and turn it on.


Once activated, this feature prevents unauthorized programs from making any changes to files in your Documents, Videos, Movies, Music, and Favorites folders. But you can add to the list of protected folders. Bitdefender, Panda Free Antivirus, and Trend Micro do almost exactly the same thing; Panda goes a bit farther, preventing unauthorized programs from even reading protected documents.


Windows Defender Security Center Controlled Access

If ransomware attempts to encrypt those files, Windows Defender stops it and displays a warning. The same thing happens if you use an uncommon program to edit your documents or photos. I demonstrated that in testing by using a text editor that I wrote myself. Nobody else has it, so it's decidedly uncommon. Windows Defender rose to the occasion, blocking my changes. It also blocked a simple ransomware simulator that I wrote.


Had I wanted Windows Defender to trust my tiny text editor, I would have had to dig into settings and manually add it to the trusted list. With Bitdefender, Panda, and Trend Micro, you can add a program to the trusted list right from the warning pop-up.


Settings for Security Geeks


Over time Windows has incorporated numerous technologies to make life difficult for malware writers. The introduction of Data Execution Prevention (DEP) completely wiped out a type of attack that concealed malicious code in memory marked as reserved for data. Some old hacking techniques worked because they knew where to find certain operating system elements in memory. With Address Space Layout Randomization (ASLR), those attacks fail. And so on.


This edition of Windows Defender exposes settings for DEP, ASLR, and various other protective technologies. But unless you already knew about DEP and ASLR before reading this, you're not qualified to change those settings. Leave them alone!


Windows Defender Security Center Exploit Protection

Settings for Security Über-Geeks


Ransomware protection and access to exploit settings are the only visible differences an ordinary Windows 10 user will see in this latest Windows Defender. As for invisible differences, Microsoft didn't have specifics for me, but there are surely plenty of tweaks, enhancements, and bug fixes under the hood. However, if you're the SecOps (security operations) administrator for a big company, managing many installations of Windows Defender in Windows 10 Enterprise, there's a lot for you to love.


Those exploit protection settings? You can set them and monitor them remotely. You can see all actions taken by the antivirus on all the computers you manage. You can even see if an employee clicked through to a dangerous URL despite receiving a warning. A big, pretty dashboard gives an overview of security throughout the company.


Windows Defender Application Guard, codenamed Barcelona during development, invisibly isolates programs downloaded using Edge or Internet Explorer, letting them run without making permanent changes until they're verified as safe (or wiped out as malicious).


For the vast majority of us (yes, I include myself) these features are completely out of reach. If you really are a SecOps expert and want to know more, check out this summer blog post about Windows Defender. Once again, these features and everything else in the Windows Defender ATP (Advanced Threat Protection) system apply only to Windows 10 Enterprise.


Can Windows Defender Keep You Safe?


The most important consideration, of course, is how good Windows Defender is at its main job, keeping malware off your PC. For a deep dive into how good this antivirus is, you can read my full review of Windows Defender. I'll give you the condensed version. Yes, the ransomware protection works, but the basic defense against malware isn't up to snuff. For one thing, Windows Defender doesn't even try to stop adware or PUPs (Potentially Unwanted Programs). Most products at least give you the choice.


Windows Defender's antivirus lab test scores are improving, but they're coming up from dismal. All four test labs that I follow include it, as well as Avast, and AVG, our Editors' Choice products for free antivirus. Microsoft's aggregate lab score is 7.5 out of 10 possible points. You might think 7.5 out of 10 sounds like a decent showing—it's a solid grade of C in report card terms, after all. It's actually among the very lowest of scores I've recorded, however. AVG and Avast earned 9.3 and 9.0 points, respectively. When you're defending against malware that can destroy your data, invade your privacy, and empty your bank accounts, a C just doesn't cut it.


In my hands-on testing, Windows Defender made a decent showing against a static malware collection, but it had an advantage. It processed those same samples this past spring. Given that fact, I expected to see 100 percent detection. Tested with malware-hosting and fraudulent websites, it made a seriously poor showing.


Keep Your Antivirus


Yes, the ransomware protection added to Windows Defender with the Windows 10 Fall Creators Update is nice to have. Preventing untrusted programs from modifying your important documents is a workable technique, one used by other free and commercial antivirus utilities. But for the average user, that's about the extent of the enhancements.