Once upon a time, an antivirus program would be the one of the first pieces of software you would install on a new Windows PC. Now, that’s much less common. Many users instead now rely on the Windows Security tool that’s built into Microsoft’s operating system to keep them protected against viruses and malware. And yet, there are still plenty of antivirus and anti-malware security solutions for Windows. So should you be installing one of these packages? The answer, as you might expect, is that it depends. We won't take you through the entire history of Microsoft Windows and its security features, but it's helpful to go back to September 2009: This was when a new program called Microsoft Security Essentials got added to the operating system. In the years since, that program has evolved and changed to become the Windows Security application you'll find preinstalled on your system today. To find it, open the Start menu and look for “windows security.” You'll see all the various components that make up the program on the Home tab, and they’re all things that used to be handled by third-party programs: virus and malware threat protection, a firewall for locking down the network, and browser controls for stopping potentially dangerous downloads, for example. The Windows Security suite is designed to be as low-maintenance as possible, and most users aren't going to need to do anything with it—it'll simply run quietly in the background, watching out for viruses and other threats. Scans of the system and downloads of the latest virus definitions are handled automatically without any user input, though you can run scans manually (via Virus & threat protection). Open up the Device security tab and you're able to see some of the other built-in protections in Windows, which will depend in part on the hardware components in your PC. The safeguards you'll see here, such as the trusted platform module, prevent malware from interfering with core Windows functions and running software that hasn't been authorized. So you've got Windows Security on your system, and you should also have a modern, up-to-date web browser installed. Browsers like Google Chrome and Apple's Safari come with a whole host of security protections to identify dodgy websites, protect you from nasty downloads, and block bad code from running in your browser. These safeguards built into modern browsers provide another important layer of protection. Don't underestimate the value of updates for your browser and for Windows itself either. A significant number of malware packages exploit older software, which is why Microsoft and the browser makers are continually issuing updates to plug holes and patch up vulnerabilities. If you're running the latest version of Windows and the latest version of your browser, that's another line of defense. Antivirus software typically adds several elements to the mix, though it varies between packages: You might get a VPN included, for example, as well as parental controls, a password manager, and some secure cloud storage for your files. There are also often monitoring tools to look out for data hacks and leaks that might include your personal information (from credit card numbers to login details). Dedicated antivirus programs will often be more proactive than Windows' own solution, scanning incoming data as it arrives on the network and looking out for connected devices—like smart home gadgets—that may not have comprehensive privacy and security protections of their own. As the built-in Windows antivirus tool has improved, these third-party options have evolved to offer more and more functionality. There's no simple yes or no answer as to whether you need an antivirus program on Windows. It's your choice, and if you want to go without one, then you do so at your own risk. The products offered by the big names in the business like Bitdefender and Norton are certainly effective and reliable when it comes to keeping malicious code away from your Windows system. At the same time, an up-to-date version of Windows, plus Windows Security, plus a current web browser, is a pretty robust setup for most users—and one that a lot of viruses and other malware are going to struggle to get through. Your online activities affect your level of safety too: Spend a lot of time watching and downloading pirated content, for example, and your risk level goes up. It's a bit like driving in some ways. Observe the speed limits, keep your eyes on the road, follow the signs, stick to the parts of town you're most familiar with, and you're going to stay out of trouble most of the time—but you're going to be even safer in an armored car and with a police escort. It's worth noting that neither setup is 100 percent guaranteed to keep you safe all of the time. Also, it's ironic, but sometimes installing an antivirus program comes with its own security risks. For more please visit OUR FORUM. Unsurprisingly, with little more than a year to run before Windows 10’s unpopular end-of-life becomes reality, speculation continues to mount as to whether Microsoft will relent and extend support or remove the hardware hurdles preventing millions from upgrading. But here’s the bad news if you have such hopes—Microsoft has just issued a little-noticed, dressed-up warning for the 70% yet to upgrade. This comes by way of an innocuous post from Microsoft’s Digital Inside Track blog, “which tells the story of how Microsoft uses its own technology.” This particular post trumpets Microsoft’s own upgrade to Windows 11, which “makes secure-by-default viable thanks to a combination of modern hardware and software. This ready out-of-the-box protection enables us to create a new baseline internally across Microsoft, one that level sets our enterprise to be more secure for a hybrid workplace.” The post was published just ahead of the most recent Patch Tuesday—which revealed yet more zero-days for Windows users to contend with, and includes a timely comment from David Weston, the company’s vice president of Enterprise and OS Security: “We’ve made significant strides to create chip-to-cloud Zero Trust out of the box. Windows 11 is redesigned for hybrid work and security with built-in hardware-based isolation, proven encryption, and our strongest protection against malware.” If there was any doubt that this is an unapologetic trumpeting of the new hardware hurdle, the post’s headline alone should be confirmation enough: “Hardware-backed Windows 11 empowers Microsoft with secure-by-default baseline,” with the article reinforcing that “this new baseline for protection is one of several reasons Microsoft upgraded to Windows 11… The new hardware-backed security features create the foundation for new protections. This empowers us to not only protect our enterprise but also our customers.” Putting aside the non-starter of Microsoft not upgrading. The hardware hurdle is TPM—the PC’s Trusted Platform Module, of course, with Windows 11 mandating TPM 2.0, “a critical building block for protecting user identities and data,” Weston says. “For many enterprises, including Microsoft, TPM facilitates Zero Trust security by measuring the health of a device using hardware that is resilient to tampering common with software-only solutions.” And then the final clincher. “The hardware-backed features of Windows 11 create additional interference against malware, ransomware, and more sophisticated hardware-based attacks… By enforcing a hardware requirement, we can now do more than ever to keep our users, products, and customers safe.” This is all another way of saying that with Windows 10 you get the opposite. Less secure from all those threats. And in the current environment, Microsoft’s warning is one you simply cannot ignore. The post was published just a few weeks after Microsoft shut down the well-publicized “/product server” workaround, which I commented at the time was a clear signal that hurdles were not about to be relaxed. And while the internet has been abuzz in recent weeks with articles on the workarounds that remain, one can assume that where those can also be shut down, they very likely well be at some point. All of which highlights the real challenge for the 70% of Windows users yet to make the leap to Windows 11—replacing expensive hardware with no secondary market to push old hardware into. Canalys calculates that this hyper-scale refresh would result in “roughly a fifth of devices becom[ing] e-waste due to incompatibility with the Windows 11 OS. This equates to 240 million PCs. If these were all folded laptops, stacked one on top of another, they would make a pile 600km taller than the moon.” To learn more visit OUR FORUM. Microsoft Windows powers more than a billion PCs and millions of servers worldwide, many of them playing key roles in facilities that serve customers directly. So, what happens when a trusted software provider delivers an update that causes those PCs to immediately stop working? As of July 19, 2024, we know the answer to that question: Chaos ensues. In this case, the trusted software developer is a firm called CrowdStrike Holdings, whose previous claim to fame was being the security firm that analyzed the 2016 hack of servers owned by the Democratic National Committee. That's just a quaint memory now, as the firm will forever be known as The Company That Caused The Largest IT Outage In History. It grounded airplanes, cut off access to some banking systems, disrupted major health care networks, and threw at least one news network off the air. Microsoft estimates that the CrowdStrike update affected 8.5 million Windows devices. That's a tiny percentage of the worldwide installed base, but as David Weston, Microsoft's Vice President for Enterprise and OS Security, notes, "the broad economic and societal impacts reflect the use of CrowdStrike by enterprises that run many critical services." According to a Reuters report, "Over half of Fortune 500 companies and many government bodies such as the top US cybersecurity agency itself, the Cybersecurity and Infrastructure Security Agency, use the company's software." CrowdStrike, which sells security software designed to keep systems safe from external attacks, pushed a faulty "sensor configuration update" to the millions of PCs worldwide running its Falcon Sensor software. That update was, according to CrowdStrike, a "Channel File" whose function was to identify newly observed, malicious activity by cyberattackers. Although the update file had a .sys extension, it was not itself a kernel driver. It communicates with other components in the Falcon sensor that run in the same space as the Windows kernel, the most privileged level on a Windows PC, where they interact directly with memory and hardware. CrowdStrike says a "logic error" in that code caused Windows PCs and servers to crash within seconds after they booted up, displaying a STOP error, more colloquially known as the Blue Screen of Death (BSOD). Repairing the damage from a flaw like this is a painfully tedious process that requires manually rebooting every affected PC into the Windows Recovery Environment and then deleting the defective file from the PC using the old-school command line interface. If the PC in question has its system drive protected by Microsoft's BitLocker encryption software, as virtually all business PCs do, the fix requires one extra step: entering a unique 48-character BitLocker recovery key to gain access to the drive and allow the removal of the faulty CrowdStrike driver. In that case, McAfee had delivered a faulty virus definition (DAT) file to PCs running Windows XP. That file falsely detected a crucial Windows system file, Svchost.exe, as a virus and deleted it. The result, according to a contemporary report, is that "affected systems will enter a reboot loop and [lose] all network access." The parallels between that 2010 incident and this year's CrowdStrike outage are uncanny. At its core was a defective update, pushed to millions of PCs running a powerful software agent, causing the affected devices to stop working. Recovery required manual intervention on every single device. Plus, the flawed code was pushed out by a public security company desperately trying to grow in a brutally competitive marketplace. Less than a month earlier, according to a report from The Stack, CrowdStrike released a detection logic update for the Falcon sensor that exposed a bug in the sensor's Memory Scanning feature. "The result of the bug," CrowdStrike wrote in a customer advisory, "is a logic error in the CsFalconService that can cause the Falcon sensor for Windows to consume 100% of a single CPU core." The company rolled back the update, and customers were able to resume normal operations by rebooting. At the time, computer security expert Will Thomas noted on X/Twitter, "[T]his just goes to show how important it is to download new updates to one machine to test it first before rolling out to the whole fleet!" In that 2010 incident, the root cause turned out to be a complete breakdown of the QA process. It seems self-evident that a similar failure in QA is at work here. Were these two CrowdStrike updates not tested before they were pushed out to millions of devices? Part of the problem might be a company culture that's long on tough talk. In the most recent CrowdStrike earnings call, CEO George Kurtz boasted about the company's ability to "ship game-changing products at a rapid pace," taking special aim at Microsoft: Complete details are posted on OUR FORUM. |
Latest Articles
|