The basic, minimalist Windows Defender, which is built into Windows 8.1 and Windows 10, has just one role: protection. It will never ask you to upgrade to a paid version, and many users will never know that it's there. It lies a layer or two below the surface of Windows, starts running as soon as you boot up your machine, and appears only if there's a problem.
Yet Windows Defender (called Microsoft Security Essentials on Windows 7) still lags behind other free AV programs in accurate malware detection. Because it let as much as 20 percent of zero-day malware through in recent tests, we recommend that users install a third-party antivirus product, paid or free, that offers better protection.
Drawing from a daily-updated database of known malware signatures, Windows Defender scans files as they are opened or downloaded, and periodically scans every file on the hard drive. Because many kinds of malware change their appearance to evade signature-based scans, Windows Defender also uses behavioral analysis to catch things that haven't been seen before.
You can choose to let Windows Defender feed data about malware found on your machine to Microsoft's cloud-based Malware Protection Center; the default setting is to participate. As with many of Windows Defender's settings, the option to turn it off is hidden in Windows' Update & Security section.
Similarly, you'll need to go to the Windows Task Scheduler to schedule malware scans. Fortunately, you'll likely have to do this only once. It can scan malicious email attachments, but you must initiate those scans manually. Custom scans can be limited to specific files, folders or file types, but Windows Defender can't examine items stored on remote servers, even on Microsoft's OneDrive.
Windows Defender outsources browser protection to Microsoft's SmartScreen Filter, a feature built into Internet Explorer and the new Edge browser that blocks malicious websites and downloads. There aren't any plugins or protections for non-Microsoft browsers.
Windows Defender's malware-detection rates have improved with time, but they are still subpar in protecting against zero-day (previously unseen) malware.
In AV-TEST's Windows 10 evaluations in fall 2015, Windows Defender missed nearly 20 percent of zero-day threats in September but cut that failure rate down to 5 percent in October. Three other brands we reviewed recently — Avira, AVG and Bitdefender — had 100-percent detection scores in both months.
Windows Defender's ability to tag widespread, previously known malware in Windows 10 was significantly better, at 99.9 percent in September and 99.1 percent in October. It did register two false positives, or benign files mistakenly flagged as malware.
Windows Defender performed better on Windows 8.1 but was still behind other products. It did rather well in November 2015, detecting 97.5 percent of zero-day malware and 99.6 percent of widespread malware. In December 2015, the zero-day rate fell to 90 percent. Windows Defender had one false positive in Windows 8.1.
Both AV-TEST and AV-Comparatives evaluated Windows Defender's predecessor, Microsoft Security Essentials (MSE), on Windows 7. In AV-TEST's winter 2016 Windows 7 evaluations, MSE failed at detecting zero-day-malware, stopping just 91.8 percent in January and 86.4 percent in February — easily the lowest scores of the bunch. MSE did much better against widespread malware, stopping 99.7 percent in January and 99.6 percent the following month. Over the two months, MSE registered three false positives.
MSE's malware-detection rates were fair, at 97 and 94.5 percent, respectively, in AV-Comparatives' November and December 2015 evaluations. But it got 23 false positives in November, and 29 in December — by far the worst showing of all six free AV brands we've recently reviewed.
Performance and System Impact
Because Windows Defender always runs in Windows 8.1 or 10 until another antivirus product is installed, it was difficult to gauge its impact on system performance while it ran in the background. However, it slowed our test machine significantly during active full scans.
Our test machine was an Asus X555LA notebook with an Intel Core i3-4005U CPU, 6GB of RAM and 36GB of data on a 500GB hard drive, upgraded from Windows 8.1 to Windows 10. To gauge performance impact, we ran our OpenOffice benchmark test, which matches 20,000 names and addresses on a spreadsheet.
The Asus finished the OpenOffice benchmark test in 7 minutes and 33 seconds during quick scans, an increase of 9.7 percent over the baseline score of 6:53. Only Avast Free Antivirus had less of a system impact.
That wasn't the case with full scans, during which our OpenOffice test took 10:07 to complete. That's 46 percent slower than the baseline, the highest system load we recorded among the six free antivirus products we recently tested and something that most users would notice. We were surprised to see such a substantial slowdown by a product so tightly integrated with Windows.
Windows Defender was in the middle of the pack when it came to scan times. It took 1 hour and 37 minutes to perform the initial full scan. Subsequent full scans took less time, settling down to an average of 49 minutes and 25 seconds. Quick scans averaged 1 minute and 40 seconds, and looked at only those files deemed mostly likely to be infected.
Microsoft offers neither a rescue disk nor an online emergency scanning site for fixing intense malware infections. However, using Windows' recovery tools, you can roll back your system to an earlier point in time, create a recovery drive on a USB stick or reinstall the operating system entirely. Windows 10 can also "reset" a system to varying degrees.
Microsoft took "bland is better" to heart when designing Windows Defender's interface. The main screen is blue and gray with lots of empty space, with a highlight bar and an image of a desktop monitor that turn red, yellow or green depending on your system's security status. The interface window can run full-screen, which is rare among AV products, but the extra space isn't needed.
Three tabs — Home, Update and History — at the top of the main screen correspond to Windows Defender's three sole windows. On the Home page, you can choose among Full, Quick or Custom scans, or press a button to start a scan. The Update page handles malware definitions, while the History page shows you what's allowed, what's quarantined and what's been detected.
The Settings icon on all three pages takes you to Windows 10's own settings, where you can toggle real-time and cloud-based protections on or off, as well as choose whether to send malware information to Microsoft. The Help button takes you to the Microsoft support website, and a tiny triangle next to that links to a Microsoft Malware Protection Center Web page, to which you can upload a live malware sample.
Installation and Support
Because Windows Defender is built into Windows 8.1 and 10, there's nothing to download, install or configure — the software just runs in the background until you install a different AV product. (If you have Windows 7, you'll need a free Windows account to download Microsoft Security Essentials from Microsoft's website.)
Such a no-frills approach should appeal to those who don't care to know the details. After reviewing other free antivirus products, we were very happy that Windows Defender didn't show us ads, nag us with pop-ups touting paid upgrades or change our Web browser's home page and default search engine.
Windows Defender's help options are pretty poor. There's no phone or email support — you'll have to gather general information from the community forum.
Windows Defender requires no installation and is a moderately effective way to keep a PC clean. It can protect against major malware attacks, but at the cost of many false positives and a severe system slowdown during full scans.
We're happy that Windows Defender never asked us to buy its premium product, and that it didn't hijack our web browser. But because it missed up to 20 percent of zero-day malware in lab tests, we can't recommend sticking with it. If you don’t want to pay for Windows antivirus software, we recommend Avira Free Antivirus if you prefer lots of customization options, or Bitdefender Antivirus Free Edition if you don’t.
|Antivirus Buying Guides:|
|Best Antivirus for the Money|
|Best Inexpensive PC Antivirus|
|Best Intermediate PC Antivirus|
|Best PC Security Suite|
|Best Free PC Antivirus|
|Best Mac Antivirus Software|
|Best Android Antivirus Apps|