How good is Windows built-in security?

Here’s a detailed look at Windows built in security, including some pros and cons. If you’re a Windows user, how do you rate the security software?

1. No mention of Edge’s Super Duper Secure Mode? The article says it’s experimental, but I just checked and after getting through Microsoft’s “are you sure you don’t want to make Edge your default browser?” found the flag easily enough (edge://flags, it’s at the top of the list). A change and a restart, and I am apparently super duper secure!
2. While CHOICE mentioned it, I suspect few people know about the ransomware protection that is built into Windows Security under Virus and Threat Protection. The article refers to it as Controlled Folder Access, but in my current Windows version it resides under Ransomware Protection (name once you click in is Controlled Folder Access). This allows the user to protect e.g. all “My documents” sub-folders from access by programs, and then let specific software through that protection. It is not as good as some allow-listing software, and not as granular, but it will certainly prevent unknown software from accessing and encrypting your documents. And if you do mess up the setup you will know quickly enough e.g. when you find that your scanning application cannot save scanned documents.

Something to bear in mind about pretty much all other anti-malware software is that it generally has to create its own hooks into the operating system - Windows does not provide APIs for AV. This often means that in securing your system the software also creates new vulnerabilities.

One common example is the installation of a security key so the software can read all your (encrypted) Internet traffic. This is good, you want the software to make sure you are not going to malicious websites - except that it breaks the standard authentication/trust model on which the Internet is based by inserting the anti-malware software in the middle of all your Internet activity. It also means that if your software provider is required to do so it can track all of your Internet activity. Oops?

Over the last several years Microsoft has really picked up its game on security, to the point where I do not use any third party software other than a GlassWire firewall that I could in theory abandon but the graphs are so purty (and it shows me little flags when my software sends information out, so I can for instance decide to block that traffic to China).

Edit: I just re-read this thread’s title, and for some reason it made me think of Scott Morrison.

Same here ! I suspect the PM may soon be the only person still using that expression…

I had a go at using Windows built-in security, and I got a go.

A good site to Check your Security to see if your computer has any open ports or vulnerabilities is Gibson Research Corporation ShieldsUp
Run all tests to see how secure (Invisible or Does not Respond) your computer is.