Security is the most crucial aspect of any operating system. It’s the difference between privacy and data breaches. For this reason, many people use antivirus programs or update certain built-in security settings to improve security. However, Windows 11 comes with a set of built-in security features that help ensure your computer is less prone to breaches or exploitation.
That said, there are a few security features that, although they address specific flaws, may themselves pose security risks. This can result from how they’re implemented or how you interact with them. Some of these may be better turned off.
User Account Control (UAC) Prompts
Constant pop-ups that train users to ignore real risks
User Account Control (UAC) prompts are typical on Windows. The core security feature stops unauthorized changes to your computer. The idea behind this feature is that any application running on the computer must have the least possible privilege to perform its function.
But here’s the thing. You get UAC prompts for almost everything. Even officially signed Microsoft software, like the Visual Studio installer, will trigger it. Over time, these conditions cause you to automatically approve requests. With this conditioning, it becomes likely that a person may approve malicious requests, as the process has become a rote action.
To add to that, the implementation of UAC is also flawed. The dialogs do not explain why an app needs administrator rights; they simply state that it does. This is vague, and the ambiguity is something malicious applications can exploit. And if that’s not bad enough, it’s a security feature that many modern apps can sidestep by using per-user installs (in AppData). This can make UAC redundant and unnecessary for many apps.
Smart App Control
Too many false positives turn warnings into background noise
Windows SmartScreen was the previous mechanism; in Windows 11, it has been replaced by Smart App Control. This feature allows applications to run only if they’re deemed “likely to be safe.”
Very recently, I was developing Windows debloater software. When I ran my unsigned Windows debloater executable, it was flagged as unrecognized, and the only way to run it was to turn off Smart App Control. That was when I saw an inherent flaw.
Unlike macOS’s Gatekeeper, which has a bypass option, the only way to run an unrecognized app on Windows is if you turn off the Smart App Control feature.
It gets worse because re-enabling Smart App Control may require resetting or reinstalling Windows in some cases. This is strange because it was easier to disable and enable the older SmartScreen filter. This friction in re-enabling a feature is an incentive to leave it off, making it a redundant security feature.
Virtualization-Based Security
Enterprise protections that slow down everyday Windows use
Credential Guard and Virtualization-Based Security (VBS) are two separate security features, but they’re interconnected in how they operate. They’re perfect for corporate Active Directory setups, and both work to protect sensitive information even when the computer is compromised. Although effective, they are resource-intensive and can cause noticeable CPU and memory usage spikes.
On newer Windows 11 builds, they’re enabled by default. While effective in securing the computer, there’s an incentive to turn off these features. PC Gamer reported that many games had severe drops in frame rates with VBS enabled.
A possible reaction could be that many Windows 11 gamers disable the security feature to achieve a better gaming experience, potentially rendering their computers less secure.
Windows Security Notifications
Blurred lines between alerts and Microsoft upsells
Notifications are essential on every device. They often convey important information that helps you stay alert and, in some cases, aware of threats. Microsoft Defender Antivirus issues a couple of notifications as expected. However, what is unexpected is that not all the notifications are security warnings.
Some of the notifications are simply upselling products. For instance, the same notification area that shows malware blocked also shows “Set up OneDrive.” This upselling of products dilutes the urgency. You may also get notification overlaps.
So, your Defender notifications can coincide with prompts for system updates. This only overwhelms the Action Center with noise and may cause a person to disable all Defender notifications. In the end, this implementation flaw leaves the computer less secure than it should be.
Security features should not be a burden
Windows security features generally make your computer safer. But they have to be enabled on the computer long enough to block threats. If implementation makes a security feature burdensome, there’s a chance that people will turn it off. When this happens, the so-called features that should guarantee data safety on your computer have made your defenses weaker and set you up to be more prone to malware.
I may recommend the best Windows threat protection tools, such as Nord antivirus, but Microsoft has a duty to play its part in improving how the built-in features are implemented. Many of these features will lead to security fatigue. This is a real psychological state where a person can become so overwhelmed by constant security warnings and decisions that they start to make poor choices, or simply ignore the warnings altogether.
