Windows 8: How Secure Is It?

Several antivirus companies have raised concerns about Microsoft’s latest operating system, Windows 8. The software giant claims that with Windows Defender, users will not need to worry about malware. But is this the truth?To be honest, the situation currently degenerates into a “he said, she said” discussion. Clearly, antivirus companies have a vested interest in selling their software, and would like to show that Windows 8 is not nearly as safe as Microsoft claims. Microsoft, in the meantime is betting big on its new operating system; I’ve written elsewhere about the gamble. So who is right?It’s hard to say, but there’s new evidence to add. CSO discussed a study recently released by antivirus vendor Bitdefender claiming that 15 percent of the most common malware made it past Windows Defender. Bitdefender’s chief security strategist, Catalin Cosoi, stated that “The conclusion is clear: using your PC without a security solution is extremely risky.”Going by the actual numbers, Bitdefender’s study found that Windows Defender missed 61 pieces of malware out of 385 used against Windows 8. Of course, one could easily spin this the other way, as a number of reporters covering this story have, by pointing out that Windows Defender did, in fact, protect against 85 percent of the malicious software thrown at it. Brian Prince, writing for eWeek, for example, noted that without Windows Defender, 234 of the 385 malware samples ran successfully on Windows 8.This much of the message is clear: if you’re going to run Windows 8, you will need something to protect your computer. Windows Defender, which comes with the operating system and will be receiving its first Patch Tuesday updates next week, is clearly something. But is it enough?CSO raises a couple of interesting points in that regard. First, Windows Defender’s technology includes the ability to detect malware before it even has a chance to run; it also makes it more difficult for users to unwittingly install malware in the first place. This newer technology might make it more difficult for hackers to even gain an initial foothold. Second, CSO pointed out that “without knowing how the system was configured for the test, it is impossible to know if the OS would have performed any better with a third-party antivirus product.”Does it make sense, then, to buy a third-party antivirus for Windows 8? The antivirus vendors would like you to think so. And in certain situations, it just might. Windows Defender is designed to simply protect against antiviruses. But antivirus software created by third-party vendors often does much more. Some help protect against identity theft; links on social networking sites that point to malicious websites; phishing attacks; and even websites blacklisted for other reasons – to allow parents to control where their children can go online, for example.IDC analyst Charles Kolodgy, quoted by CSO, has the right of it: “What Microsoft has done is create a minimum bar that all paid vendors need to exceed.” And these days, Windows Defender and antivirus software need to protect users not just from malicious software and hackers, but from themselves – so they don’t open that bad attachment in that hacked e-mail message, or click on the link leading to the malicious website. Windows Defender may or may not do better than BitDefender’s study indicates, but there does seem to be a gap in coverage and possible features – one which all antivirus vendors should be working to fill. At the very least, however, Windows Defender is doing a much better job than we’re used to seeing from Microsoft. Here’s hoping that continues to improve.