Microsoft is adding a bunch of significant new security features in Windows 8, including Early Launch Anti Malware (ELAM), Unified Extensible Firmware Interface (UEFI), and the first edition of Windows Defender to protect not just against malware but also against viruses. In this article, we’ll describe Windows 8’s overall security feature set, while also reviewing the new Defender and drawing comparisons between Defender and other antivirus (AV) packages, including the pre-existing Microsoft Security Essentials (MSE).
Until Windows 8, Windows Defender protected against spyware only. Now, it also takes on viruses and other breeds of malware. The new Defender looks and feels nearly identical to the company’s free downloadable AV suite, Microsoft Security Essentials (MSE). An interesting thing is that MSE does not run on Windows 8, underscoring the fact that the new Defender and MSE are also functionally quite similar.
Microsoft has said that Defender on Windows 8 provides an acceptable minimum level of protection, and that it will disable itself automatically if another antivirus suite is installed (such as a Norton , McAfee, or Kaspersky suite, for example). As I see it, this is essentially the same as saying that it would be best to have a full-fledged third-party suite aboard, but that Defender will also keep you covered to an extent.
Other Security Improvements in Windows 8
Before drilling down into Windows Defender, let’s take a quick look at some of the other security improvements Microsoft has built into Windows 8: ELAM; UEFI and Secure Boot; and Bootkit Detection.
Early Launch Anti Malware (ELAM)
Malware has plagued Microsoft operating systems in the past by getting hold of the system before it is fully started — that is, before AV software gets a chance to start and deal with the malware. ELAM is a type of boot-start driver that loads before all other drivers. An ELAM driver is included by default in Windows 8, but Microsoft has also made is possible for third-party developers to produce their own ELAM drivers.
Unified Extensible Firmware Interface (UEFI) and Secure Boot
In Windows 8, UEFI replaces the Basic Input Output System (BIOS) which has been powering computers for over two decades and is overdue for a replacement. Secure Boot, a part of UEFI, allows for a security policy to be implemented before the operating system (OS) loads. In contrast, the older BIOS did not allow for this level of control.
Related to UEFI’s Secure Boot is Bootkit Detection, a feature to help combat very low-level malware — commonly known as a “bootkit” — that tries to load before the OS does. New detection tools are included in Windows 8 for this purpose. Microsoft did not release these kinds of tools with earlier versions of Windows.
Performance: Windows Defender
User Interface (UI)
Those familiar with MSE should get a feeling of deja vu in taking a gander at Defender’s UI. The windows in Windows 8 have a slightly different look, but otherwise, MSE and the new Defender present the same appearance, for all intents and purposes.
The Windows 8 edition of Defender gives you an easy-to-read interface. The Home screen provides a clean look at your system’s status, displaying green for good and red for the opposite. There are two status indicators below the overall status icon. These show whether real-time protection is enabled and whether the definitions are up-to-date.
There is no dedicated scanning section like you’d receive with third-party security software. Instead, on the main screen, you will notice an area over to the right which shows scan options. This is about as simple as you can get.
There are three other tabs in the interface: Update, History and Settings. Update allows you to manually update the malware definitions. The definitions are updated automatically, but not as frequently as we see from third-party vendors such as Norton and McAfee. In fact, sometimes I’ve found the definitions in Defender to be several days out of date. Threats can develop overnight, so this is a little long. However, you can manually update the definitions whenever you like.
The History section shows quarantined items from past scans. Lastly, the Settings tab holds basic controls including the ability to exclude certain files from being detected as threats. Strangely, it gives you no way to control the frequency of the automatic updates here; the updates just “happen.”
Defender is hard to find in the operating system without searching for it. Yet this can be a good thing for many users, who don’t want security software to be intrusive.
I evaluated Defender’s proactiveness by going to a test site run by Eicar.org and trying to download infected files through Internet Explorer. Defender detected the files immediately upon download, although it didn’t prevent me from getting the prompt to download the file. In other words, the new Defender is proactive, but not quite as proactive as some third-party software.
Time it Takes to Do a Full System Scan
I scanned my external backup hard drive containing 122GB of data in a a total of 13 minutes. This is very speedy. Also, Defender didn’t take up more than half of my CPU’s processing power — indicating that it’s quite possible for a user to do other things at the same time without getting slowed down by the scan.
Microsoft might not intend for Defender in Windows 8 to replace a full third-party AV suite. However, among lots of users, this will most likely be the effect. Defender provides far more protection than no antivirus software. Defender has some down sides compared to our favorite paid third-party suites. Updates aren’t as frequent and Defender is not as proactive. Defender doesn’t cost anything extra, though — and the many Windows users who don’t typically install any AV software will be better off because of its inclusion.