Is the new Windows 10 ransomware protection enough to keep you safe?

Is the new Windows 10 ransomware protection enough to keep you safe?

windows-10-ransomware-protection-not-enough-blog

Emsisoft has been in the ransomware protection game for a long time. Over the years, we’ve continued to hone our software and today we’re proud to offer one of the best products in the industry when it comes to protecting users against illegal encryption tactics.

Unfortunately, many PC users still rely solely on Windows’ own protection measures. Despite Microsoft making some improvements to its security software in recent years, Windows Defender remains far from a perfect solution. In fact, in a recent AV-Test assessment of 18 security Windows 10 security suites, Windows Defender tied for last place due to sub-par protection and performance.

Nevertheless, we’re happy to see Microsoft taking a more proactive approach to security with the arrival of the latest Fall Creators Update, which includes, among other things, a dedicated ransomware protection feature.

Is it any good? How does it compare to Emsisoft’s Anti-Ransomware module? And, most importantly, is it enough to keep your computer safe?

Let’s find out.

What does Windows’ new Ransomware protection actually do?

what-does-windows-protection-do

The Fall Creators Update comes packed with a bunch of security improvements aimed at tightening up the Windows 10 architecture. This includes the removal (from clean Windows 10 installs, at least) of the woefully vulnerable SMBv1 protocol, which was responsible for the massive WannaCry and Petya ransomware outbreaks earlier this year.

In the hopes of preventing a similarly devastating cyberattack, Microsoft has also rolled out Controlled Folder Access, a brand new security feature that is essentially Microsoft’s answer to the growing ransomware threat.

Controlled Folder Access is a new component of Windows Defender. As the name implies, it works by preventing applications from making unwanted changes to certain folders. When Controlled Folder Access is enabled, only whitelisted apps are able to modify Windows system files and data folders, meaning – in theory, at least – that your mission-critical data should be safe in the event of a ransomware infection.

While this might sound appealing, the vast majority of our users do not need to worry about activating Controlled Folder Access because Emsisoft Anti-Malware provides much better protection against ransomware (for reasons we’ll get into shortly!). In addition, Controlled Folder Access also requires Windows Defender to be activated in order to work, and we generally recommend not using two antivirus products at the same time. Nevertheless, if for some reason you really want to use Controlled Folder Access in conjunction with Emsisoft Anti-Malware, simply:

  1. Open the Start Menu
  2. Type “Emsisoft Anti-Malware”
  3. Open the app
  4. Click Settings
  5. In the Windows Integration section, untick Activate Security Center Integration

This will reactivate Windows Defender and you will gain access to Controlled Folder Access. Emsisoft Anti-Malware will not be listed in the Windows Defender Security Center, but it will still be functioning and protecting you as usual. However, as mentioned, it is not necessary to have both activated and we recommend against doing so.

By default, Controlled Folder Access is disabled. If you wish to enable it, follow these steps:

  1. Open the Start Menu
  2. Type “Windows Defender Security Center” and open the app
  3. Select Virus & threat protection
  4. Click Virus & threat protection settings
  5. Scroll down until you find the Controlled folder access section
  6. Click the on/off toggle to enable the feature

Once Controlled Folder Access is enabled, you can use the Protected folders sub-option to select which folders you wish to protect (e.g. folders containing important photos, documents and other personal files). Windows system folders are protected by default. You can also use the Allow an app through Controlled folder access section to create a whitelist of trusted programs that are allowed to modify files in the protected folders.

 

What does Emsisoft do differently?

what-does-emsisoft-anti-ransomware-do

Let’s imagine you’re a security-conscious homeowner living in a particularly bad neighborhood. You know that a break in is probably going to happen sooner or later, so you put your most important belongings in a rock solid safe that can only be accessed by people you specifically approve. Sure, everything outside the safe is vulnerable to damage and theft, but at least you know that your most treasured belongings are safe in the event of a home invasion.

This is the basic philosophy behind Controlled Folder Access. It doesn’t prevent criminals from breaking in, it doesn’t actively stop them from meddling with your things, but it does allow you to put your most prized possessions in a safe zone that the bad guys can’t access.

To continue with our analogy, now let’s imagine that you want a more proactive security solution. Rather than simply investing in a safe, you install floodlights and security cameras around the perimeter of your home. Your security system automatically monitors your property and is smart enough to be able to distinguish between benign behavior (say, a curious cat wandering up your driveway) and suspicious activity (someone snooping around your windows). It’s advanced enough to stop would-be criminals before they lay a finger on your belongings rather than waiting for the criminal activity to happen before responding.

This second scenario is Emsisoft’s approach to ransomware. Our advanced Behavior Blocker and Anti-Ransomware module continuously monitor all active programs, watch for any behavioral patterns that are congruous with ransomware attacks and stop the offending application long before your files are encrypted. This behavioral monitoring enables Emsisoft Anti-Malware to prevent ransomware attacks from both known and unknown threats. Other anti-ransomware products, on the other hand, can only detect ransomware with known signatures, meaning their protection only kicks in after your files have been encrypted.

Simply put, Emsisoft Anti-Malware is far superior to Controlled Folder Access when it comes to protecting your computer from ransomware. If you are already running Emsisoft Anti-Malware on your machine, there is no need to activate Windows Defender or enable Controlled Folder Access.

You can get further insight into how Emsisoft handles ransomware in the following YouTube video from Malware Geek:

Is Windows enough to protect you from ransomware?

In a word: no. With Controlled Folder Access, no program – besides those on the whitelist – is able to access, edit or change the files within these protected folders. This means that even if your computer is infected with ransomware, your system files and important data will be impervious to encryption and safe from harm. Now, this might sound like a bulletproof strategy. However, while Controlled Folder Access does provide a basic level of protection, there are a few flaws in this sort of reactive, all or nothing approach.

1. It doesn’t actually combat ransomware

One of the key flaws with Controlled Folder Access is that it doesn’t actively prevent ransomware from infecting and taking over your machine. Instead, it locks away your critical data to ensure the bad guys can’t get their hands on it.

2. You’re still going to see encryption notices

In the event of a ransomware infection, everything inside your protected folders is safe, but what happens to the files in your non-protected folders? Answer: they get encrypted. Even if some of your files are safe, your machine as a whole will still be rendered unusable, which is incredibly disruptive for businesses and home users alike. In addition, you’ll still be subjected to encryption notices and ransom demands from the criminals, and many people will be tempted to pay up in order to regain access to their machines.

3. Potential compatibility issues (but not with Emsisoft!)

Control Folder Access is not a standalone feature and requires you to enable real-time protection in Windows Defender. Why is this a problem? Well, according to Rob Lefferts, director of program management for Windows enterprise and security, Windows Defender plays nicely with about 95 percent of Windows 10 PCs that have third-party antivirus software installed. But that still leaves 5 percent of people who may experience compatibility issues when attempting to use Control Folder Access in conjunction with their antivirus application.

A step in the right direction

Let’s give credit where credit is due. Controlled Folder Access is a step in the right direction. It’s great that Microsoft recognizes just how damaging ransomware is becoming and is making moves to protect users who rely on Windows Defender Security Center. However, it is not is an ideal anti-ransomware solution, largely due to the fact that it merely stops programs from modifying protected files rather than actively preventing or fighting ransomware. With this in mind, it may better to think of Controlled Folder Access as a data protection tool rather than a comprehensive ransomware-fighting security feature.

Bottom line: Controlled Folder Access promises to be a great supplementary security tool, but it’s no replacement for proven anti-ransomware software such as Emsisoft Anti-Malware. When used on its own, Controlled Folder Access is much better than nothing, but it does have some significant flaws to be aware of.

Will you be enabling Controlled Folder Access? Why or why not? Let us know in the comments below!

CTA_ransomware_EAM_Download

Have a lovely (malware-free) day!

  • novos7

    I wish that Controlled Folder Access doesn’t work because I use Emsisoft.

    • You can enable it (and so Windows Defender) by unticking “Activate Windows Defender Security Center integration” checkbox in Emsisoft Anti-Malware’s Settings tab.

      • Augusto

        But if i enable my Emsisoft go be desactive?!! Or i can have 2 protect me?!! Windows Defender and Emsisoft?
        It is not very clear this after all in the flag only shows the Windows defend me protecting and nothing of Emsisoft tb? !! So what would be the advantage of having a protected folder if the Antivirus that I consider special that is the Emsisoft I bought will be disabled too? !! Or would not that be? Be clearer please this confuses a lot and I’m afraid to leave the Windows folder Enabled and not have the protection of Emsisoft together

        • etrnl

          Just use sanboxie.

  • Robert Scroggins

    I will not be enabling this on my wife’s Windows 10 computer (my own computer is a Windows 8). It seems to me that Microsoft only goes half way with anything–including computer security.
    Regards,

  • Malcolm Smith

    As I am sticking on Windows 7, I use Emissoft for my protection along with Comodo. And as a further precaution I have CrytoPrevent running too.

    I don’t trust Microsoft for their security one bit. The reason? They can’t keep their own house in order with people wandering through their Skype servers allowing them to spam their contacts with messages supposedly from their users. If MS can’t get a grip on this then I can’t trust them to get anything right.

    And, if there’s another reason to dump Skype it’s that now my machine boots almost twice as fast without it. So, that’s gone and Tox has come in its place.

    Furthermore, I am great believer in the old unix philosophy of an application should do one thing, and do it well. Emissoft fits that description as far as I am concerned.

    • @disqus_Iy0oKmcgsw:disqus

      Let it ticked, since you don’t use this feature.

      • Malcolm Smith

        This feels wrong. Are you saying that if I don’t use a feature then I should keep it ticked and, presumably, if I am using a feature I should untick it?

        Could you clarify this please?

        • The ticking thing was about the option in Emsisoft’s settings

          Let me rephrase:

          – If you don’t use Windows10 Fall Creator Update, you don’t have Windows Defender Security Center, so you won’t have this Controlled Folder feature; and you don’t have to tick/untick anything.

          – If you are on Win10 FCU without using Emsisoft or any 3rd party antiviruses, you will have access to this feature because it depend on Windows Defender being enabled. (Note that this feature must be manually activated as mentioned on the article above.)

          – If you are on Win10 FCU and have Emsisoft (or any other 3rd paty antiviruses) installed and running, you won’t have access to this feature because it need Windows Defender active and installing a 3rd party antivirus will deactivate it by principle.
          However, we offer (via a setting) in Emsisoft the possibility to use this Controlled Folder feature by letting Windows Defender activated while using Emsisoft. (Note that we don’t recommend using antiviruses at same time).

  • Commander Paul

    I’m confused about your recommendation.
    1) On my machine in “Windows Defender Security Center-Virus & Threat Protection”, I do not have a listing for “Controlled Folder Access”, (I think this is because it is controlled thru EmsiSoft Settings),
    2) my EmsiSoft Settings: “Activate Windows Security Center integration” is ticked.
    3) It this your recommended configuration?

    • 1- Yes, because of Emsisoft AM taking over Windows Defender, so the feature is unavailable.
      2- That is normal, this is the default setting.
      3- Emsisoft will perform better and simpler. We just pointed that the possibility is offered to users who want to use this new feature from Windows10.

  • Roy Clarke

    If the Defender Controlled Folder Access is useful but may potentially conflict with Emsisoft Anti-Malware then why not add a new folder access functionality to Emsisoft (possibly limited to user defined folders only)?

    • hello @disqus_jHaoViFb1s:disqus,

      If you use Emsisoft, you don’t need this kind of feature, which was only designed mostly to prevent ransomware; because Emsisoft’s behavior blocker already has its own anti-ransomware function.

      • Roy Clarke

        Your reply is not consistent to what is written in the article above: “When used in conjunction with proven anti-ransomware software such as Emsisoft Anti-Malware, Controlled Folder Access promises to be a great supplementary security tool.” If it is indeed a great supplementary security tool then why not implement the same functionality in Emsisoft and so avoid any potential confict with Defender?

        • Because Emsisoft does protect against ransomware already, Controlled Folder is a default-deny mechanism that must be set by the users, it is not managed by Windows Defender, so it is more complicated to use for our average users.

          To use an analogy:

          – Emsisoft would be a security guard in the surveillance room of a bank (the system), he can pinpoint criminals (malware) in the crowd because of is experience on suspicious behaviors (behavior blocker) and his list of known criminals (Antivirus scanner).
          – Controlled Folder is more like the biometric reader of the vault (the folder you protect), what isn’t authorized is forbidden to enter (the user need to authorize manually a program to access the protected folder).

          So those mechanism are complementary, but took alone, Emsisoft is better and simpler.
          Controlled Folder is more a raw feature (and i believe it needs some more works) where Emsisoft is more versatile.

          Note: i don’t want to go here into technical details like code injection into legitimate processes which may bypass the Controlled Folder protection. If you wander into some security forums, there is plenty of discussion about it.

  • Augusto

    Hello Emsisoft, I decided to try to leave both Windows Defender and Emsisoft as recommended by clicking on the new button inserted in the last update of Emsisoft in order to activate in the security tab the folder with security of Microsoft but when going in the control panel and clicking on the security flag appears only Windows Defender as active is this right? !! Would not it have to appear both Windows Defender and Emsisoft active ??

    • Augusto

      You Say: – If you are on Win10 FCU and have Emsisoft (or any other 3rd paty antiviruses) installed and running, you won’t have access to this feature because it needs Windows Defender active, and installing a 3rd party antivirus will deactivate it by principle.
      However, we offer (via a setting) in Emsisoft the possibility to use this Controlled Folder feature by letting Windows Defender active while using Emsisoft. (Note that we don’t recommend using 2 antiviruses at same time).

      So that means that by clicking the button that you put at the disposal of Emsisoft users I will only have Windows Defender as Antivirus and then it would be good to have your software? !! Is not it very clear, could this explain us better? Let’s say I want to use this feature from Microsoft and also want to use Emsisoft as my antivirus after all, would that be possible? As?? And why in the Security panel of the Flag only shows Windows Defender Active? Would I be just activating Windows Defender and leaving Emsisoft disabled? So why buy and use Emsisoft?

      • “Let’s say I want to use this feature from Microsoft and also want to use Emsisoft as my antivirus after all, would that be possible? As?? And why in the Security panel of the Flag only shows Windows Defender Active? Would I be just activating Windows Defender and leaving Emsisoft disabled? So why buy and use Emsisoft?”

        Yes you can use both, you won’t lose Emsisoft protection, you will have both of them active (as mentioned in our article ), you will just not see Emsisoft in the security center :)

    • hello @GutosoES:disqus,

      Yes, it is expected, only Windows Defender will appears because by ticking the option you are unregistering Emsisoft from the Security Center. So Emsisoft “disappears” from it but in reality it is still active and functioning as it should. So don’t worry, we still protect you ;)

      • Augusto

        Grateful for the answer, I will tell friends who use Emsisoft of this freedom to use both Windows Defender and Emsisoft without losing the Emsisoft features as well. Thank you very much for your attention.

  • Floyd and Becky Wright

    When Ransomware Freezes up my computer, I just reach up and turn off my computer and then turn it back on and when it reboots the Ransomware is gone. It really is that simple. Ransomware has frozen my computer up three times on facebook and that’s what I did each time and it always works.

    • hello @floydandbeckywright:disqus

      So you were very lucky, sadly for most victims, ransomware don’t disappear this way, most of them doesn’t freeze the computer and they survives a reboot. Maybe there is something on your computer setup that make them freeze :)

      • Floyd and Becky Wright

        I’m running windows 10 I don’t know if that makes any differences or not and of course Emsisoft which is the best ant-virus protection we’ve ever had.