When it comes to defending against malware, installing an anti-virus is the first step many users will take. Choosing the right application can prove to be an overwhelming task, however, simply due to the sheer number of options available. For users grappling with this question, their best option is likely already installed to their device.
Starting with the release of Windows 10, Microsoft began packaging the platform with a new built in anti-virus: Defender. Located within Windows Security Center, this app was designed with a clear focus on device security compared to other options.
While many third-party services typically have additional features, like Performance Boost or Junk File scan, they often don’t provide any more functionality from a security standpoint. If your primary concern is getting an Anti-Virus that will be able to detect and remove threat, however, then Windows Defender is likely to be more than enough to meet your needs.
Yet as a service built into the Windows platform, its natural to wonder if it is doing enough to protect you; without the actual act of installing an application, many users may feel “naked” to threat, in a way. This is where it may be helpful to consider the full feature set included to get a sense of what is actually provided by Defender:
- Scan – Full search through file directory for malicious code and processes that may be affecting performance. Can be automated to occur in the background at specific intervals of time.
- Quarantine – Malware is isolated from the core of the operating system to prevent further changes to the system
- Remove – Service destroys malware traces from the quarantine
- Firewall – Manage how incoming data may interact with your device
- Screenfilter – Block malicious code from running when browsing the web (Edge Only)
- SecureBoot – Prevent malicious code from running when device is started
- Controlled Folder Access – Restrict unauthorized applications from making changes to files in specially designated folders (Designed to prevent data loss from Ransomware)
Unlike other anti-virus, Defender is embedded directly within the Windows 10 ecosystem and therefore has the benefit of being intrinsically linked with the platform it is designed to protect. For example, the above SecureBoot feature runs before Windows even loads, which would be impossible with other anti-viruses. Similarly, the Protected Folder feature requires access to Windows’ permissions system.
Overall, this benefit allows Defender to extend its reach within the operating system and provide greater coverage.
A More Comprehensive Solution
For users that require a more involved security solution, the best options are not to consider a different application, but to upgrade the version of Windows Defender used. Thus far this post has focused on the free Defender version packaged into standard Windows 10 licenses. In enterprise versions of the OS, however, Windows Defender includes additional Endpoint Protection features to enable more proactive defenses called Advanced Threat Detection (ATP).
While the base version of Defender provides detection services on a per-scan basis, ATP features an “always-on” methodology to identify threats faster. Such threats include files and processes running on a device consistent with those defined by Microsoft’s database of malware signatures. Due to the built-in nature of Defender compared to other anti-virus, this also allows the service to block malicious processes from running once detected and even provide automatic remediation (Quarantine and Removal).
Furthermore, the services employs a more comprehensive set of responses to halt the spread of more complex attacks that proliferate through IT networks (WannaCry, etc.). This includes automatic removal of an infected device from a network once threat has been detected.
A major differentiator of ATP is its agility. Leveraging Microsoft’s machine learning platform, ATP also updates its malware signature definitions in real-time by receiving cloud sourced data from all other endpoints utilizing the service. That means as soon as a new threat is detected anywhere in the world, all other endpoints will be updated with information on the processes used and exploited by the malware which can then be blocked.
Today, cyberthreat is less a means to sow chaos than it is a viable revenue stream for bad actors. As such, those with more at stake are the most likely to be specifically targeted: businesses. So, while consumer-grade Windows Defender may be the best option for more common forms of threat, Windows Defender ATP can provide the most proactive defense against advanced and persistent threats.
As a top tier Microsoft partner, Metro CSG can assist your organization in implementing this service for your users. If you seek stronger defenses against modern threats, don’t hesitate to contact our team!