Windows Defender Can't Stop Malware by Itself
Windows 8's built-in Windows Defender software was recently put through the equivalent of computer security "Hell Week" by anti-virus firm BitDefender.
The built-in security software went up against the 100 most frequent malware infections, and managed to keep out 85 percent of the bugs. But to the researchers' dismay, the new operating system failed to catch several common pieces of malware.
Windows 8 lets in Trojans at a much higher rate than any other type of malware, the Bitdefender researchers found. Without a complementary third-party anti-virus program, Windows 8 users will be more vulnerable to the results of Trojan infections, such as stolen identities and credit-card numbers, and will be more likely to have their PCs drafted into botnets.
"Shortly put, if the piece of malware to be run does not require UAC [user account control] elevation, does not try to install a rootkit driver and if it's not intercepted by Windows Defender, it gets executed," Bitdefender explained on its Labs blog.
Part of the problem stems from Microsoft's efforts at preserving reverse compatibility with older versions of Windows. That legacy code allows most software built for Windows XP to run on Windows 8, and on every version in between.
Unfortunately, it's not possible to maintain older software compatibility without supporting old malicious code as well. It's a tradeoff we accept to save time and money on new software and installations.
As many security experts have said before, Windows Defender should be thought of as a supplement to anti-virus software, not a replacement.
The onboard Windows security software is great at deflecting rootkits, which, according to Bitdefender, accounted for just 5 percent of all malware. But when it comes to the other stuff, Defender needs help.
That's evident, based on the fact that the 7-year-old Zlob Trojan, as well as several commons worms, got past Windows Defender with no problems in Bitdefender's tests.
If you're a Windows 8 user, or are thinking about becoming one, remember that cybercriminals are always hard at work on ways to exploit the newest security features.
Without a doubt, Windows Defender is a leap in the right direction for Microsoft. But without third-party anti-virus software, Defender may be a mediocre defense at best.
Follow Ben on Twitter @benkwx.