Over time, Windows Defender has become a complete tool for protection against all types of malware, although Microsoft has had to go a long way from a simple basic antivirus to become one of the most reliable security solutions in the market.
To say that Windows Defender today protects more than a billion users of Windows systems and provides results for about 90 billion “encounters” with malicious code every day. Recent massive attacks by ransomware WannaCrypt have reminded us how vulnerable our current systems are and despite the confidence we put in our security software, many of them have not been able to withstand the WannaCrypt attack.
However, many consider today that Microsoft’s Windows Defender solution is more effective than many others, why? Let’s first look at why traditional anti-virus programs are failing against certain malware attacks. Let’s start by saying that today’s attackers are already using more modern infrastructures with cloud capabilities to continually generate new and unknown threats.
Therefore the traditional means to protect their customers are being outdated by this type of threats and this is one of the main reasons why most antiviruses cannot counteract them. What’s more, most attacks are completely new, some statistics from Microsoft itself revealed that 96% of malicious code attacks are seen only once and never repeated. On the other hand, another reason for the failure of traditional antivirus programs is its non-predictive functionality.
Microsoft Windows Defender grows by leaps and bounds
We say this because to a large extent conventional solutions are capable of “fighting” against attacks that are similar to those that already exist, that is, they somehow have certain knowledge based on experience about them. However, what today’s security market needs are expert systems that are capable of exponentially extending protection to a limited number of samples, so they will be prepared to protect their customers from millions of malware samples which, till date, has never been seen before.
That is why it is precisely considered that in these times, Windows Defender becomes a more adequate and effective solution to the most current cyber attacks. Let’s see what the reasons for these claims happen to be. To begin with we will say that Microsoft’s proposal focuses on machine learning, behavior analysis, as well as a complete cloud-based protection system. This way Windows Defender is based on automatic learning models and is equipped from the outset with a protection system focused on working in the Cloud and using linear models to detect malicious codes.
It should be noted that 97% of the malware is detected locally by the user, so Microsoft itself sends this data about suspicious files to the cloud protection system. This way heuristic detections, behavioral analysis and machine learning models based on the joint work of all the clients of the same firm are achieved, as they work together to identify these potential threats and send them to the online protection system.
It is also worth noting that Microsoft’s auto-learning models are integrated into the cloud’s own protection system, so these models can apply tremendous computing power to machine learning models that could never function efficiently in local mode. In fact these Internet protection systems are also connected to the Microsoft Intelligent Security Graph (ISG), which is responsible for collecting reports from billions of sources that detect malware entries and other similar threats. Thanks to the system used and with this extensive framework of protection tools, the Redmond firm ensures that for each malware report received and investigated, the same company provides additional protection for 4,500 threats and 12,000 Windows clients on average.
Also say that Windows Defender has just solved a major RCE failure detected in the search engine itself though Microsoft security software