santiago silver - Fotolia
Desktop administrators are responsible for providing adequate antivirus protection for the desktops they manage, so they should learn how to evaluate antivirus options and choose the best one for their users.
However, administrators can't always choose the most expensive and feature-rich option; they also have to factor in the cost-effectiveness that purchase decision-makers desire. Free is as cheap as it gets, and Microsoft Windows Defender is built into the OS.
The cheapest option isn't always the most effective, so IT should learn what Windows Defender is and what it can do for enterprise desktops.
The history of Windows Defender
Microsoft first released Windows Defender, a replacement for Windows AntiSpyWare, in October 2006 and Microsoft included it with Windows XP and Server 2003 at no additional cost. Microsoft designed it to work as a service, ensuring Windows Defender would protect the system even when users are not logged on.
With Windows Vista and Windows 7, Microsoft included Windows Defender as a built-in component, but it was superseded by Microsoft Security Essentials (MSE), an add-on product which improved native protections against a wider list of malware. Defender was still part of the OS but was disabled when someone installed MSE. MSE is not available beyond Windows 7, but Microsoft merged most of its functionality into Defender in Windows 8 and Windows 10.
While various versions of Windows 10 Defender have admin functions located in different places, the most updated version of Windows 10 displays the service in the Windows Security Center. As in previous versions, Windows 10 OSes come with Windows Defender preinstalled by default, and admins can manage Defender via the Windows Security Center. For example, organizations could interact with Windows Defender and a third-party antivirus service from a vendor such as McAfee from the Windows Security Center (Figure 1).
Note: Windows Security Center will default to whatever third-party service administrators install, but Windows Defender is still present.
Is Windows Defender enough, or do organizations need third-party antivirus software?
In terms of reliability, Windows Defender has taken its lumps. Some antivirus testing organizations used Defender as a baseline, meaning it was the lowest level of compliance. In one comparison, AV-Test.org rated Microsoft Defender last among all antivirus products in malware protection.
Typical users are interested in protecting against common threats, but enterprise organizations need more than that. For example, Windows Defender and other low-level antivirus don't protect against adware. Average users may be able to live with this gap in protection, but an enterprise organization or even a small business can't. And last, common users don't require the high level of support or functionality to run on multiple OSes that is essential to enterprise organizations.
Some antivirus features that are important to the enterprise include:
- security against outside hackers;
- ease of use for administrators;
- support via phone, email, online chat;
- performance during scans;
- centralized monitoring and management;
- enterprise-level threat protection;
- business-class firewall software;
- compatibility with OSes other than Windows -- Linux, Android, iOS and macOS devices, for example;
- removal of adware, malware, spyware
- dedicated ransomware protection;
- anti-theft protection;
- data shredding;
- password management;
- real-time threat protection; and
- web protection (Figure 2).
It is obvious that Windows Defender, a free service, can't provide all these requirements. In fact, it has the following deficiencies:
- It does not remove adware -- other products offer the feature, but they may require an add-on to do so.
- Centralized monitoring and management -- this is available as a separate Microsoft product, Advanced Threat Protection, and PowerShell scripts that can add enhanced monitoring.
- It provides no protection against ransomware -- the only exception to this is it allows copying of folders on the affected system to OneDrive to save them.
- It requires manual install or browser add-ons -- this applies to browsers other than Internet Explorer or Edge.
- Protection results are not solid -- it may deliver false positives.
In addition to these deficiencies, Windows Defender support is limited to logging tickets to a non-dedicated team. Administrators using Windows Defender have to log a ticket with a generic Microsoft Support team, which could delay getting issues to the right Microsoft support technician to get it resolved. More importantly, administrators cannot log issues using phone, email or online chat.
The final entry in this list of deficiencies is likely the killer for most businesses. If a business is being held hostage by ransomware and needs immediate intervention, it probably doesn't want to rely on an online ticketing system that may not respond for a couple of days.
Across the board, Windows Defender ranks poorly compared to paid and even free antivirus options.
Finding the best antivirus for Windows desktops in the enterprise
All of the top-line antivirus products protect against popular malware threats such as rootkits, spyware, trojans, phishing and spam. Organizations should look for differences in other key antivirus metrics and features such as system performance during scans, general malware protection and support methods. Pricing and licensing are also significant factors, but they vary significantly depending on volume discounts, service bundles and other factors. Thus, a reasonable price comparison is not straightforward enough to include.
It should be no surprise that McAfee and Norton have some of the most impressive feature sets. Both vendors have been pillars of the antivirus market for more than a decade. This maturity gives them a huge advantage over newer products. McAfee is also a popular choice by ISPs, such as Charter and AT&T, to protect their customers' systems.
Organizations looking to purchase antivirus licenses may want to look beyond a single comparison and would prefer to look at an aggregation of different antivirus reviews and comparisons. For example, an IT pro or executive may want to compare McAfee, Kaspersky, Norton and Bitdefender for antivirus, but they may not trust a single comparison table or graphic.
The following ranking aggregates antivirus comparisons from across the web and yielded the following list of the top seven antivirus offerings:
- Avast Pro
- ESET Endpoint Security
Microsoft Defender is miles ahead of where it was a few years ago and is a decent enough antivirus product for the public. Windows Defender is simply not sufficient to support an enterprise organization, though it could support a small business with a few management add-ons. A more complete, robust product is necessary for the enterprise.
Of course, every organization will have its own criteria by which to evaluate an antivirus product. As with any software purchase evaluation, it is important to identify critical features, price and technology requirements, identify products that will meet those needs, and narrow products to the top two or three for a closer evaluation. At bare minimum, Windows Defender will protect Windows devices out of the box until a new product is installed.
Editor's Note: Using extensive research into antivirus software, this author focused on leading vendors currently on the market. His research included expert review sites such as bestantiviruspro.com.