Windows 10 comes pre-installed with Windows Defender antivirus, which users who upgrade from Windows 8.1 will find familiar. The built-in antivirus does a fair enough job protecting a PC from cyber threats. It automatically scans programs you open. It refreshes with every Windows 10 update, and has useful, easy to navigate functionality for running deeper scans.
Best of all, it is free and does not bother you too much with popups.
But Windows Defender has somewhat of a mixed reputation in the industry. The Germany-based AV-TEST.org, the de facto authority in independent testing of antivirus software, scored Windows Defender 9.5 out of a possible 18 points in a February 2015 evaluation—last place among the tested software. Its score improved to 13.5/18 in August, and it even outperformed several paid antivirus solutions.
In that testing, Windows defender caught 95 percent of what AV-TEST calls “widespread and prevalent malware” and 85 percent of zero-day attacks. Those are admirable numbers for a free solution. Truth be told, if you are keeping your browser up to date, avoiding shady torrent sites and pirated software, and using common sense with spam e-mails, Windows Defender can suffice just fine.
But is Windows Defender enough protection in an organizational setting? Many IT professionals will tell you that it is probably not, and recommend installing more robust security software. “A free solution will not match the protection and support you’ll get from a paid solution,” explains CJ Wood, a Maryland based IT director of a national furniture retailer. A lot of it comes down to users, who might not use as much common sense when it comes to safe and secure Internet habits.
So which Windows 10 antivirus should you pick? If you opt for paid antivirus software, AV-TEST has yet to post results for testing in Windows 10, but historically their rankings favor solutions from Trend Micro, Kaspersky Lab, and Bitdefender. Wood mentioned he runs ESET for his workplace Windows 10 environment, and uses Webroot for his home network. Discussion board respondents on Spiceworks and Reddit run the gamut, suggesting Avira, Vipre, NOD 32, and others.
Since most paid antivirus software works more or less the same way, users should select antivirus software that matches their infrastructure and usage needs rather than choosing a brand name. It is all about finding the right package with the right features bundled in. If you are a small business that is mostly BYOD with maybe a few application and file servers, you should pick an antivirus solution that fits that. Before making a purchase, make a couple lists. The first one should be “Things You Need” which are the non-negotiable items; the second one should be “Nice to Have” items. Then start shopping for feature sets that satisfy those items.
In addition to choosing based on your needs, IT experts recommend taking a layered approach to security. “In addition to traditional antivirus, I like to install real-time protection like MalwareBytes as an added layer of security,” Wood says. “For corporate networks, use a hardware firewall, perform DNS content filtering either by the firewall or something like OpenDNS in addition to your antivirus and real-time malware protection. It is also advisable to work in e-mail spam protection like SpamStopsHere or EdgeWave.”
All vendors offer some sort of tiered licensing structure. For example, Trend Micro Worry Free Business Security is designed for SMB users. It is designed as an all-in-one solution and has some firewall filtering features, and is a relatively lightweight solution (the Services package is cloud hosted, and the Standard package is self-hosted) that does not bog down a small network. The Advanced package costs more per user, and adds additional security like anti-phishing measures and mobile security management features.
Read more about the proper way to layer antivirus and antimalware solutions.
Business users concerned with cyber security should pay attention to the human element. Employees left untrained in security best practices—differentiating between strong and weak passwords, visiting unauthorized websites, and identifying phishing and keylogging scams—are among the most dangerous threats to network security. “Take the extra step in educating users to gain ‘common sense’ to prevent getting infected,” Wood advises.
Read more about how to conduct anti-phishing training in the workplace.
All said, Windows 10 security should not differ significantly from recent operating systems in that best practice will be determined by selecting an antivirus that suits the size and scope of your business, bolstering that solution with multiple security layers, and making sure your users are adequately versed in avoiding risky online behavior.