How Reliable Are Default Windows Security Apps?
The first computer my family owned ran Windows 95. It had just arrived, and we purchased a computer with it so that we could have easy access to this new-fangled thing called “the Internet.” At the time, no one in my family had thought much about security, and neither had the developers of Windows. There was no firewall, no antivirus and no account control.
Today, Windows comes has all of these features built in or available for download. Microsoft isn’t exactly considered a trustworthy company by many of its customers, however, which begs the question – do these features actually work?
The first built-in firewall for Windows shipped with Windows XP in 2001 under the name “Internet Connection Firewall.” It was extremely basic and not turned on by default, which allowed a number of worms to easily spread between 2001-2004. Microsoft responded by revising the firewall and changing the name to Windows Firewall with the release of XP Service Pack 2.
It is hard to say how effective a firewall is because it’s difficult to test them. Unlike security software, which can be reviewed by rounding up known viruses and throwing them again the software to see if they’re detected and quarantined, firewalls do not lend themselves to objective testing.
The main weakness with Windows Firewall is that the default configuration usually allows outbound connections even if they do not match a rule. You can change this, however, by opening Windows Firewall, going to Advanced Settings and then opening Windows Firewall Properties. Please note that if you choose to block outbound connections you will be see many permission prompts and/or will experience connectivity issues with some software.
What is certain is that a firewall is better than no firewall. The task of a firewall is to block unauthorized access by outside sources and alert the user, providing the option to allow access if the source is recognized. All software firewalls, including Windows Firewall, do this without issue. This drastically reduces the chance that a worm will be able to infect your PC.
Microsoft Security Essentials
Strictly speaking, Microsoft still does not ship Windows with an anti-virus. However, they do now offer free software called Microsoft Security Essentials . You can download and install it on any version of Windows Vista or Windows 7 and the 32-bit edition of Windows XP.
Early tests of MSE showed were positive, but some more recent results have been disappointing. The AV-Test scorecard for November-December of 2011 gave it a score of 2 out of 6 for protection and an August 2011 test from AV Comparatives only awarded the software a rating of “Advanced,” which is decent but not outstanding.
Some perspective must be applied to these results. The AV-Test scorecard for November-December of 2011 gave it a score of 2 out of 6 for protection and an August 2011 test from AV Comparatives only awarded the software a rating of “Advanced,” which is decent but not outstanding.
This means that your chances of being infected by malware are low. However, your chances are even lower if you use Avast! Free AntiVirus instead. Users who are not technically included may feel more trusting of the Microsoft branded product, but at this moment using Avast! is a better idea.
User Account Control
If you want the definition of irony, try this. User Account Control was added to provide much-needed against malware, which could easily escalate permissions and change critical system files without the user knowing. Users found the feature annoying and promptly turned it off, reversing the work Microsoft had put in to making Windows more secure.
Annoying though it may be, UAC does its job. I always recommend that it be kept on and UAC prompts be carefully scrutinized. Denying access to an unusual permission request can mean the difference between a functioning computer and one that is infected or even disabled – at least until you reinstall Windows.
So, let’s return to the beginning. Are the default Windows security applications reliable?
In my opinion, yes. If you use all three of these features and keep Windows Update on (so that security exploits are patched) you will be protected from the vast majority of threats. No security solution is perfect, but the trio above is good enough.
Microsoft Security Essentials is the only weak link, but even it provides protection against over 90% of malware threats. That’s not a bad number even if it’s below most other products on the market.
Geeks who are particularly concerned with security will absolutely want to look at third-party security software, but for everyone else the simplicity of the default Windows security apps makes them an acceptable choice.