Is Windows Defender Enough Security?

Windows Defender Security Center (“Defender” for short) is the latest name for the built-in suite of anti-malware and security features in Windows 10. Historically, Defender and its antecedents have been mediocre offerings. So mediocre, in fact, that multiple test labs rated it dead last in effectiveness. But recently, Microsoft has focused on making Defender a comprehensive, safe, and free choice for all your security needs. Let’s see how close it has come…

Will Windows Defender Defend You?

Windows Defender started life as an anti-spyware tool for Windows XP, Vista and Windows 7. It then morphed into Microsoft Security Essentials, which was billed as a full-blown antivirus program. It morphed again with the arrival of Windows 8 and 10, and was once again called Windows Defender. There are many alternatives I have written about in the past but lets take a closer look at the “New Defender”.

So why the change from Microsoft Security Essentials To Windows Defender Security Center? Microsoft’s answer for this failure or blessing was that MSE was a “baseline” upon which third-party developers were expected to improve. So two years later, Still NO Improvements to speak of..








But with Defender’s latest incarnation (part of the Windows 10 Fall Creators Update released in October 2017) things may have finally changed for the better. We do not have performance tests from independent labs like AV-TEST or AV-Comparatives yet. Those labs may be working on their next round of reports right now. But AV-Comparatives published a note on the Fall Creators Update version of Defender, noting some encouraging advances.

Exploit Guard, an extra layer of protection against exploitation of vulnerabilities, used to be available only in Enterprise editions of Win 10. Now it’s in the consumer versions, too, and it is enabled by default.

Exploit Guard includes four kinds of protection. Exploit protection is applied to operating system processes and to third-party apps. Attack Surface Reduction techniques minimize hacks via malware that exploits vulnerabilities in MS Office, JavaScript and other scripting languages, and email-based malware. Network protection extends the Smart Screen real-time online protection in the MS Edge browser to your Win 10 network, even if you are not running Edge. Controlled Folder Access helps protect key system and data files from being altered by malware or encrypted by ransomware. To see the nitty-gritty of Exploit Guard, type “Windows Defender” in the search box and open Windows Defender Security Center from the results. Then click on “app and browser control.” Scroll down to the “Exploit protection settings” link and click it. Do not turn off any of the features shown unless you understand what they are and have a good reason to disable them.

Oddly, one interesting new feature of Exploit Guard is turned off by default. “Controlled folder access” protects your files and folders against unauthorized alterations, such as the addition of malicious scripts to documents, or encryption by ransomware. I recommend enabling it; here’s how:

Open Defender, click on the icon labeled “Virus and threat protection,” then click on the link labeled “Virus and threat protection settings.” Scroll down to “Controlled folder access” and move the slider control to the “on” position. While you’re there, you can click the link labeled “Protected folders” to see exactly that. You can add a folder to be protected, too. Back up one page, return to “Controlled folder access,” and you will find another link to “Allow an app through Controlled folder access,” in case you ever need to give a new app permission to access files in a controlled folder.

Similar security features are part of the paid versions of several third-party security suites. Windows 10 now throws them in free of charge. The jury is still out on exactly how well they work, but Defender (at least in Windows 10) has definitely moved a long way in the right direction. But until we can get a sense of real security with Defender, I recommend Malewarebytes  and a GOOD Anti-Virus such as Panda or a free version of Avast.

Have a Great Week!