Is the new Windows 10 ransomware protection enough to keep you safe?

  • November 8, 2017
  • 7 min read

windows-10-ransomware-protection-not-enough-blog

Emsisoft has been in the ransomware protection game for a long time. Over the years, we’ve continued to hone our software and today we’re proud to offer one of the best products in the industry when it comes to protecting users against illegal encryption tactics.

Unfortunately, many PC users still rely solely on Windows’ own protection measures. Despite Microsoft making some improvements to its security software in recent years, Windows Defender remains far from a perfect solution. In fact, in a recent AV-Test assessment of 18 security Windows 10 security suites, Windows Defender tied for last place due to sub-par protection and performance.

Nevertheless, we’re happy to see Microsoft taking a more proactive approach to security with the arrival of the latest Fall Creators Update, which includes, among other things, a dedicated ransomware protection feature.

Is it any good? How does it compare to Emsisoft’s Anti-Ransomware module? And, most importantly, is it enough to keep your computer safe?

Let’s find out.

What does Windows’ new Ransomware protection actually do?

what-does-windows-protection-do

The Fall Creators Update comes packed with a bunch of security improvements aimed at tightening up the Windows 10 architecture. This includes the removal (from clean Windows 10 installs, at least) of the woefully vulnerable SMBv1 protocol, which was responsible for the massive WannaCry and Petya ransomware outbreaks earlier this year.

In the hopes of preventing a similarly devastating cyberattack, Microsoft has also rolled out Controlled Folder Access, a brand new security feature that is essentially Microsoft’s answer to the growing ransomware threat.

Controlled Folder Access is a new component of Windows Defender. As the name implies, it works by preventing applications from making unwanted changes to certain folders. When Controlled Folder Access is enabled, only whitelisted apps are able to modify Windows system files and data folders, meaning – in theory, at least – that your mission-critical data should be safe in the event of a ransomware infection.

While this might sound appealing, the vast majority of our users do not need to worry about activating Controlled Folder Access because Emsisoft Anti-Malware provides much better protection against ransomware (for reasons we’ll get into shortly!). In addition, Controlled Folder Access also requires Windows Defender to be activated in order to work, and we generally recommend not using two antivirus products at the same time. Nevertheless, if for some reason you really want to use Controlled Folder Access in conjunction with Emsisoft Anti-Malware, simply:

  1. Open the Start Menu
  2. Type “Emsisoft Anti-Malware”
  3. Open the app
  4. Click Settings
  5. In the Windows Integration section, untick Activate Security Center Integration

This will reactivate Windows Defender and you will gain access to Controlled Folder Access. Emsisoft Anti-Malware will not be listed in the Windows Defender Security Center, but it will still be functioning and protecting you as usual. However, as mentioned, it is not necessary to have both activated and we recommend against doing so.

By default, Controlled Folder Access is disabled. If you wish to enable it, follow these steps:

  1. Open the Start Menu
  2. Type “Windows Defender Security Center” and open the app
  3. Select Virus & threat protection
  4. Click Virus & threat protection settings
  5. Scroll down until you find the Controlled folder access section
  6. Click the on/off toggle to enable the feature

Once Controlled Folder Access is enabled, you can use the Protected folders sub-option to select which folders you wish to protect (e.g. folders containing important photos, documents and other personal files). Windows system folders are protected by default. You can also use the Allow an app through Controlled folder access section to create a whitelist of trusted programs that are allowed to modify files in the protected folders.

 

What does Emsisoft do differently?

what-does-emsisoft-anti-ransomware-do

Let’s imagine you’re a security-conscious homeowner living in a particularly bad neighborhood. You know that a break in is probably going to happen sooner or later, so you put your most important belongings in a rock solid safe that can only be accessed by people you specifically approve. Sure, everything outside the safe is vulnerable to damage and theft, but at least you know that your most treasured belongings are safe in the event of a home invasion.

This is the basic philosophy behind Controlled Folder Access. It doesn’t prevent criminals from breaking in, it doesn’t actively stop them from meddling with your things, but it does allow you to put your most prized possessions in a safe zone that the bad guys can’t access.

To continue with our analogy, now let’s imagine that you want a more proactive security solution. Rather than simply investing in a safe, you install floodlights and security cameras around the perimeter of your home. Your security system automatically monitors your property and is smart enough to be able to distinguish between benign behavior (say, a curious cat wandering up your driveway) and suspicious activity (someone snooping around your windows). It’s advanced enough to stop would-be criminals before they lay a finger on your belongings rather than waiting for the criminal activity to happen before responding.

This second scenario is Emsisoft’s approach to ransomware. Our advanced Behavior Blocker and Anti-Ransomware module continuously monitor all active programs, watch for any behavioral patterns that are congruous with ransomware attacks and stop the offending application long before your files are encrypted. This behavioral monitoring enables Emsisoft Anti-Malware to prevent ransomware attacks from both known and unknown threats. Other anti-ransomware products, on the other hand, can only detect ransomware with known signatures, meaning their protection only kicks in after your files have been encrypted.

Simply put, Emsisoft Anti-Malware is far superior to Controlled Folder Access when it comes to protecting your computer from ransomware. If you are already running Emsisoft Anti-Malware on your machine, there is no need to activate Windows Defender or enable Controlled Folder Access.

You can get further insight into how Emsisoft handles ransomware in the following YouTube video from Malware Geek:

Is Windows enough to protect you from ransomware?

In a word: no. With Controlled Folder Access, no program – besides those on the whitelist – is able to access, edit or change the files within these protected folders. This means that even if your computer is infected with ransomware, your system files and important data will be impervious to encryption and safe from harm. Now, this might sound like a bulletproof strategy. However, while Controlled Folder Access does provide a basic level of protection, there are a few flaws in this sort of reactive, all or nothing approach.

1. It doesn’t actually combat ransomware

One of the key flaws with Controlled Folder Access is that it doesn’t actively prevent ransomware from infecting and taking over your machine. Instead, it locks away your critical data to ensure the bad guys can’t get their hands on it.

2. You’re still going to see encryption notices

In the event of a ransomware infection, everything inside your protected folders is safe, but what happens to the files in your non-protected folders? Answer: they get encrypted. Even if some of your files are safe, your machine as a whole will still be rendered unusable, which is incredibly disruptive for businesses and home users alike. In addition, you’ll still be subjected to encryption notices and ransom demands from the criminals, and many people will be tempted to pay up in order to regain access to their machines.

3. Potential compatibility issues (but not with Emsisoft!)

Control Folder Access is not a standalone feature and requires you to enable real-time protection in Windows Defender. Why is this a problem? Well, according to Rob Lefferts, director of program management for Windows enterprise and security, Windows Defender plays nicely with about 95 percent of Windows 10 PCs that have third-party antivirus software installed. But that still leaves 5 percent of people who may experience compatibility issues when attempting to use Control Folder Access in conjunction with their antivirus application.

A step in the right direction

Let’s give credit where credit is due. Controlled Folder Access is a step in the right direction. It’s great that Microsoft recognizes just how damaging ransomware is becoming and is making moves to protect users who rely on Windows Defender Security Center. However, it is not is an ideal anti-ransomware solution, largely due to the fact that it merely stops programs from modifying protected files rather than actively preventing or fighting ransomware. With this in mind, it may better to think of Controlled Folder Access as a data protection tool rather than a comprehensive ransomware-fighting security feature.

Bottom line: Controlled Folder Access promises to be a great supplementary security tool, but it’s no replacement for proven anti-ransomware software such as Emsisoft Anti-Malware. When used on its own, Controlled Folder Access is much better than nothing, but it does have some significant flaws to be aware of.

Will you be enabling Controlled Folder Access? Why or why not? Let us know in the comments below!

CTA_ransomware_EAM_Download

Have a lovely (malware-free) day!

Jareth

Jareth

Writer. A picture is worth a thousand words but unfortunately I can't draw. The world of IT security has always fascinated me and I love playing a small role in helping the good guys combat malware.

What to read next

Reader Comments