Thursday, February 22, 2018

Myth Busting: Windows Defender Sucks. !!!NOT!!!

Too many times I hear from people that they don’t want to use Windows Defender. Why? ‘…Because it’s bad and/or because it sucks…’ Duh! Time to bust that myth since the reality is quite different.

Before I take a deeper dive into it, let me show you this:
image
Source: https://www.av-test.org/en/antivirus/home-windows/manufacturer/microsoft/

And:
image
Source: https://chart.av-comparatives.org/chart1.php

As you can see, Windows Defender (version 4.12 specifically) performs very well. Moreover when you consider it’s FREE! Microsoft offers it for NOTHING, zip, nada! And still it delivers and performs! Awesome! And now let me tell you the WHY behind it all.

01 – Darwin’s Law also applies to Windows…
As AV-Test states: There are over 600 million adversaries for Windows! Yes, that’s HUGE! This could work out two ways: Either Windows as a platform ceases to be because of the overwhelming odds against it, OR it adapts, evolves and because of it, becomes stronger.

Since Windows is still around, it seems that the latter has happened! Not without any bumps, quircks and glitches. But still, when looking at ‘the latest & greatest’, Windows 10 I mean, this is true.

By cutting out the weak code, rewriting whole parts of the Windows stack and rethinking about how ‘to do stuff’ Windows has evolved BIG time.

02 – Security is a hard requirement
Microsoft can’t afford it anymore to depend on other vendors for the security of their own ecosystem. This ecosystem begins with your Windows based device and expands into the cloud.

Microsoft has stated some years ago ‘…to be all in…’. And this isn’t marketing mumbo jumbo. Even more with the new mantra ‘mobile and cloud first’, security has become paramount. Whole Microsoft’s future is in the cloud, where your Windows device is just one of the many entrypoints to those cloud based services.

As such, Azure and the entrypoints running Windows have to be safe!

03 – Security Centers, big data and machine learning
So Microsoft not only invests big time in new Azure regions (MEGA datacenters), but also in world wide coverage of security by rolling out security centers, collecting tons of data all about the latest threats. That data is crunched by their own Azure services (Machine Learning, Power BI and so on) in order to detect patterns and to predict the next probable attack vector.

This allows Microsoft to roll out definition files which contain the signatures/hashes of the latests threads. Because of it, Windows Defender grows in strenghth and usability.

04 – The circle
Because Windows Defender is FREE and many people use it on a daily basis, it has a huge install base. As such Windows Defender is the first line of defense against many virusses, worms, trojans and the lot. Much of this information is anonymized and send back to Microsoft’s security centers, allowing them to crunch that data as well.

Because of this information, the next generation of the Windows Defender antimalware client and related definition files becomes even better.

And no, don’t be afraid. Windows Defender won’t send out any other information without your explicit consent:
image

05 – Security begins by yourself!
But please know that security is also your OWN responsibility.You’re the starting point of it all. A good start is to run an up-to-date operating system. When it’s Windows based, go for Windows 10. Forget about the previous versions.

Endpoint Protection
This product/service is the enterprise equivalent of Windows Defender. There are two choices available, on-premise (SCEP, System Center Endpoint Protection) or the cloud based service, Microsoft Intune Endpoint Protection.

Both run the same engine and use the same definition files, providing the same level of protection as Windows Defender. On top it all, it delivers centralized management of the configuration, like the type of scans, exclusions, the responses when something is found and so on.

Recap
Gone are the days that Microsoft’s antivirus solution didn’t work properly. Instead it has grown up to a level where it competes with well known antivirus solutions from other vendors. Of course, per situation a certain solution works out better, like more advanced central management, remidiation and so on.

But still, Windows Defender delivers on what’s meant to do: protect your system(s) against all kind of threads, or as AV-Test states ‘adversaries’.

Next time I bump into someone stating Windows Defender ‘…isn’t good enough…’ I’ll send him/her the link to this posting first Smile



No comments: