You Don’t Need An Antivirus With Windows 8

With Windows 8 out a lot of users are wondering whether they need antivirus with Windows 8, or if they need to pay for an antivirus, or do something else entirely. In my opinion if you’ve been paying for an antivirus for Windows XP, Vista, or 7, you can consider cancelling that next subscription if you’re moving to 8. In my last post about Windows 8 security I glazed over Microsoft Security Essentials and I wouldn’t call what I said ‘positive.’ For my quick non-security oriented review of Windows 8 Release Preview click here.

This post will highlight why MSE is the type of antivirus a consumer needs and why it might be the right choice for Windows 8 users.

Microsoft Is Best Suited For The Job

The fact is that Microsoft created Windows. It’s a closed source project and antivirus companies spend a ton of money just trying to figure it out. Microsoft has a massive advantage here. They know what their code is like, they know where there’s most likely to be a hole, they have the ability to “tap” systems with crash reports or opt-in data collection on a level no antivirus company can ever match. They simply have the most data.

The fact that only Microsoft has access to the source code is one major reason why you should be trusting them to secure your system.

Years Of Practice

We’re a long way away from Windows XP. Windows is not so full of holes as it used to be, Vista brought many security mitigation techniques and a new MAC system to the operating system and Windows 8 expands further on that with new techniques and a new MAC system.

The Windows system has been hacked and torn apart for years and Microsoft has not sat idly by. The company has created new tools such as EMET, which are very effective at what they do. They’ve seriously improved their patch response time and there simply is no comparison between Windows 8 security and Windows XP.

Microsoft has seen years of malware. They know what they’re up against and at this point you’d better believe they know a few ways to fight back.

Reinforced Throughout The Operating System

Microsoft has made it clear that Microsoft Security Essentials is just one layer. Windows 8 also includes SmartScreen, a reputation based heuristics filter that acts system wide to inform and protect users from unknown files that are potentially dangerous. The focus of SmartScreen is on 0day malware and samples that an antivirus might normally not catch.

Where MSE stops SmartScreen begins, picking up slack. Antiviruses are inhibited by their inability to deal with the unknown, something that they will always struggle with. SmartScreen aims to specifically deal with the unknown using heuristics based on file reputation. File reputation essentially checks how “popular” the file is – how many systems it’s been seen on. Only a major company could pull off something like this and Microsoft is absolutely the best company for it – no antivirus can be installed on more Windows systems than exist.

Windows 8 Was Built With MSE In Mind

The fact is that Microsoft didn’t built Windows 8 thinking “let’s create a system that works great with Sophos and Mcafee” they built a system to work with MSE and they built MSE to work with the system. Layered security means understanding which layers are important and which needs to be covered, having full control over every layer leads to a potentially more secure system.

Consistent Heuristic Scores And Low False Positives “grades” antivirus software and Microsoft Security Essentials does fairly well. It’s not amazing but it’s not terrible, and that’s fine because it’s reinforced by other areas of Windows. What it is, consistently, is quiet. Heuristics is basically a way of “guessing” something – you use heuristics for spam filters, antivirus, language analysis, anything where you need to guess. Naturally this is going to lead to wrong guesses and in an antiviruses case that’s a false positive. MSE has very few false positives, often the lowest or second lowest compared to other antiviruses. Almost all of the antiviruses that get higher heuristic detection scores also have tons of false positives (you can see the correlation) and I think that having few false positives is just as important as having high detection rates.

If my AV is constantly telling me that files that I know are good are actually bad I won’t trust it. And when the time comes and the file I think is good is actually bad and my AV alerts me I simple won’t believe it. We’re all familiar with The Boy Who Cried Wolf, same principal here.

So Is Windows 8 Impregnable?

Well, while I’m very pleased that Microsoft has stepped up its security I think there is still need for some set up to get the system closer to where it should be. I still don’t consider Windows 8 to be as secure as my own configured Linux system but there are significant improvements and for the average user I think we can expect things to go smoothly.

Much of what’s in Windows 8 is untested and may not work out well in the real world. I’m optimistic about some features and not so much about others. Time will tell. I’ve had the Windows 8 Developer Preview, Consumer Preview, and now Release Preview all installed so I have a fair bit of experience with it though.

And, of course, as Windows 8 popularity rises so will hackers interest in bypassing its features so it’s still important to take the extra measures and to keep up with patches. MSE has consistently had decent heuristics with low false positives, which I think is very important.

6 thoughts on “You Don’t Need An Antivirus With Windows 8

  1. Antivirus? A knowledgeable person like you surely knows how much good AV programs actually are. I hate them. Whenever I see somebody saying “you’re an idiot for not having AV, and you would need it even on your Linux system!” I know they don’t know a thing about security. Does AV prevent remote code execution and zero day exploits? No. Does AV prevent any exploits? No. How many people with AV are infected? Most people have AV, and of those, many are infected. Any sane person could see they are FUD made by “security” companies to suck your money.
    The real protection is from people like you who know security works and can give useful advice to people less knowledgeable.

    • On Linux there is virtually no reason for an antivirus – there are no payloads that target Linux users in the wild therefor it holds no purpose. Heuristics detection for malware is also all about Windows (check which registry entries it creates, etc) so it holes no use there. The only reason to run an antivirus on Windows is to prevent the spread of Windows malware through emails or some such thing, I don’t see this as a big reason to use one so I don’t on Ubuntu (or Windows 8 for that matter.)

      Antiviruses as they exist today are not great but I wouldn’t say they’re entirely without use. An antivirus aims to do what no other security mechanism can – not a sandbox, not common sense, not memory protections. It aims to give you answers – definitive answers as to whether a program is malicious.

      For an average user this is fairly important as they’re susceptible (we all are, but ‘common’ users more than any) to social engineering. A sandbox won’t help here, not a common one at least, So an antivirus basically tries to see if the file is malicious or not.

      They suck at it, they give tons of false positives, they require constant updating, and they’re generally pretty heavy on resources compared to other systems. But they attempt to make decisions about security for the user, which is important.

      As with my other post about dissatisfaction about the state of security I feel very much the same way about antivirus. I consider detection to be incredibly important but I don’t think any AVs take a proper approach.

    • Hi Patrick,

      I predicted a long time ago that Microsoft’s 0 day protection in MSE would drop considerably as it gained in popularity. From the test results linked you can still see it maintains much better performance and much fewer false positives.

      As I state in the post, they are layering MSE with SmartScreen. SmartScreen is aimed directly at catching 0day malware, the area that MSE does so poorly with in this test.

  2. I installed Windows 8 the weekend before last and I find it to be pretty darn cool. I am sorry to say that I found out about the 3rd party antivirus the hard way and paid for it before finding out that it would act like a virus with Win8. Oh well.

  3. A ‘Wow Post’ Man! 🙂
    You Written It With Awesome Perfection, It Completely Cleared My Doubts On To Install An Anti-Virus On My Windows 8 That I Installed For First Time Today Or Not 😉
    Now, I’m Not Going To Install That!
    Why Go With Other Software When Microsoft Has Tailored It For Us!
    Thank You For The Post!

Leave a Reply

Your email address will not be published. Required fields are marked *