How effective is the standard security advice, "update Windows"?
This common advice is given in many articles about PC security, but rarely (if ever) do we see any claims as to how much protection we should expect.
We, at Dennis Technology Labs, wanted to find out how well Windows Updates adds to the protection provided by anti-malware software.
The testers in the lab ran a series of anti-malware tests using live, exploit-based web threats. They visited the malicious websites using systems that were running with no Windows Updates applied, with full updates applied and with a variety of popular anti-malware programs.
The end result (PDF) indicates that using Windows Updates protected against around one third of the 100 threats that we used.
Anti-malware software protected against from around two thirds to nearly one hundred per cent of the same threats.
We released this information at the RSA Conference USA 2014 last week and the response was interesting. Some analysts were surprised at how low the 32 per cent figure for 'Windows Updates only' was.
Others expected the protection level to be lower.
Ultimately we found that the best anti-malware products had most of the threats covered from the start, with and without updating Windows, while a couple of products (AVG and MSE) benefited significantly when the latest Windows updates were applied.
Feel free to download the full report and read PCMag.com's coverage from Neil Rubenking.
Ever heard of defense in depth?
ReplyDeleteOf course. Please elaborate your point.
ReplyDelete