Microsoft recently announced that its free Security Essentials product and Windows Defender provides only a baseline for the AV industry but not the comprehensive protection of paid AV solutions.
While Microsoft’s announcement caused a ripple of dissatisfaction among customers who assumed that their product was on a par with security suites offered by ISVs, such as Kaspersky and McAfee, Security Essentials has been languishing in the lower ranks of independent AV test results for the last couple of years.
Essentials and Defender receive definition updates, usually no more than once a day, compared to the many daily updates that come with the more established products. This has always been the case, and indicates that you are going to be left without the best possible protection for much of the day.
Microsoft AV protects against the most serious and prevalent threats, while paid solutions are updated more quickly to protect users against emerging threats, can additionally block spam email, have more sophisticated firewalls, and often include an Intrusion Detection System (IDS). As such, Security Essentials has never been able to provide the same protection of a full AV suite.
That depends, but in the majority of cases it is a good idea. Running a modern edition of Windows on new hardware can go a long way to reduce the likelihood of infection, along with making sure that the operating system and third-party apps are kept up-to-date. Additional measures, such as removing administrative privileges from users, application whitelisting, and UEFI Secure Boot, can go a long way to help better protect PCs.
Despite my general disdain for some of the more popular AV suites – no names mentioned – antivirus is still an important layer of defence, especially if you are putting corporate data into the hands of employees.
Microsoft Security Essentials may prove to be enough if best practices are followed and sensible precautions taken when using systems that are appropriately protected by least privilege and other protection technologies, but I’d reserve that for my own personal computers and for anyone who is tech-savvy enough to avoid online dangers.
Sometimes, the best of us can be caught out. In the end it comes down to what kind of data you are trying to safeguard and how large you consider the risk of compromise.