Microsoft Windows Defender: Finally Good Enough

One of the most powerful and useful aspects of Microsoft Windows 8.1 and 10 is that the Windows Defender antivirus program is preinstalled and always runs until a third-party antivirus solution is installed. Its ability to spot and kill rogue software has improved tremendously over the last couple of years, putting Windows Defender now just a half-step behind the best.

We have finally reached the point where we can safely recommend leaving Windows Defender in place. Although other free antivirus programs offer extra features or better malware protection, Defender is more than good enough.

People with Windows 7, however, need to use Microsoft Security Essentials, which employs the same underlying technology but must be manually downloaded and installed. If you want the best free protection available today for Windows, look to Bitdefender Antivirus Free Edition or Kaspersky Free Antivirus.

What's Covered and Upgrade Options

Each copy of Windows 8.1 or Windows 10 includes Microsoft's Windows Defender software. As noted above, Windows 7 users need to install Microsoft Security Essentials, which will also run on Windows Vista and XP even though Microsoft no longer supports those operating systems.

Whether you want it or not, Windows Defender is always present on Windows 8.1. and 10. You can't remove it, and the only way to disable it is to install third-party security software.

Most free antivirus software tries to get you to upgrade to a paid package, but in this case, Windows Defender is all there is. With it, you get a one-way firewall, parental controls and a game mode. If you want a VPN service, a password manager and a file shredder, look elsewhere.

Antivirus Protection

Windows Defender is the quietest malware program around and prefers to silently work behind the scenes.

Like most antivirus programs, it scans your system for known malware signatures and monitors software behavior for signs of an infection. New suspicious items are uploaded to a cloud-based lab for analysis, but you can opt out of this data collection by deselecting Automatic Sample Submission in the Windows Security Center.

Several additional tools and techniques have been added to Defender since mid-2017, such as the ability to sift through junk code in malware to get to the dangerous bits. A new specialized defense against ransomware controls access to key folders to prevent rewriting of data, and a heightened network-protection feature keeps data from being stolen out of the system.

If malware does rewrite key files, Windows 10 can reach out to your OneDrive account (provided you have one and the files have been synced with it) to reload the original file from as far back as 30 days.

If a USB drive is plugged in, Defender automatically scans its contents. You can scan any file or directory with a right-click of the item in Windows Explorer.

Antivirus Performance

Windows Defender gets our vote for the most improved antivirus program of the year. It may not yet be the safest, but its scores have improved from being among the worst to among the best, from missing one threat in five just a few years ago to missing next to nothing now. However, this program often identifies safe software as dangerous.

In German lab AV-Test's March-April 2018 evaluations of 18 antivirus products on Windows 10, Defender detected 98 and 100 percent of newly discovered zero-day malware and 100 and 99.9 percent of more-widespread malware. Defender had eight false positives, or instances of benign software being mistaken for malware.

Windows Defender gets our vote for the most improved antivirus program of the year.

In subsequent Windows 10 rounds in May and June 2018, Windows Defender did much better, finding 100 percent of malware across the board. It had only one false positive in both months.

That's just as good as habitual top scorers Bitdefender and Kaspersky did in that round. It's much better than the results from free-software market leaders AvastAVG and Avira, each of which missed some zero-day malware.

Microsoft Security Essentials did as well as its younger sibling in AV-Test's January-February 2018 evaluations on Windows 7, scoring perfect 100 percent scores across the board. It had three false positives, fewer than Avast, AVG or Bitdefender had, although each of those got perfect 100 percent detection scores as well. So did Kaspersky, but without any false positives.

MORE: Best Antivirus - Top Software for PC, Mac and Android

Windows Defender didn't do quite as well in six monthly tests conducted by Austrian lab AV-Comparatives from February through July of 2018. The software blocked an average of 98.4 percent of "real-world" (mostly online) malware, lowest among the free-antivirus makers we've recently reviewed.

The Windows program racked up a whopping 41 false positives over that period. Defender did detect 100 percent of malware in three of those months, but two monthly scores of 96.4 and 94.4 percent dragged down the average.

The next-lowest performer was Panda Free Antivirus, with a 99 percent average; Bitdefender and Kaspersky both averaged 99.8, but the latter program had only one false positive in six months.

British testing lab SE Labs gave Windows Defender a 96 percent score in its April-June 2018 evaluations. SE Labs noted that while Defender successfully stopped all highly targeted attacks, it failed to prevent infection by three pieces of malware out of 75.

While that put Defender below Kaspersky, which garnered a 99 percent score, Defender just edged past Bitdefender and was well ahead of Avast, AVG and Avira.

Security and Privacy

Unlike its competitors, Windows Defender does not try to get you to upgrade to a paid program or use browser extensions that share your browsing data with third parties. Apart from malware protection, the program doesn't add much to what Windows already has.

The built-in Windows firewall runs independently, as does the SmartScreen malicious-website-blocking feature in the Internet Explorer and Edge browsers. Attachments to emails are scanned automatically before they can do any harm, regardless of the email client software used.

Windows 10 includes strong built-in parental controls. They're in the Family Options section of the Security Center and let you establish an online schedule for your young ones.

Performance and System Impact

As there's no way to disable Windows Defender without replacing it with another security program, it presents a tough nut to crack if we want to compare its system-performance impacts against those of its competitors.

That said, we could still measure how much extra load Defender's full and quick scans placed on a CPU. We used our OpenOffice benchmark test, which measures how long it takes for a spreadsheet to match 20,000 names and 20,000 addresses — the longer the time, the greater the load.

Our test machine was an Asus X555LA notebook with a 2GHz Core i3 processor, 6GB of RAM and 117GB of files on a 500GB hard drive. This notebook ran Windows 10 with the latest updates.

MORE: Antivirus Software - Reviews of Free and Paid Versions

We set a baseline by measuring the OpenOffice completion time with Defender just running in the background, getting 6 minutes and 48 seconds. That time slowed to an average of 7:50 during full scans and 7:48 during quick scans, indicating a performance decrease of about 15 percent for both types of scan. For a full scan, that's pretty good; only AVG did it faster.

Defender's initial full-system scan examined 579,542 files and took an average of 1 hour, 8 minutes and 46 seconds. That's not bad and is faster than Panda or Avast, but it doesn't get shorter after multiple scans. Some other antivirus products learn what they can safely ignore after a few full scans. A Quick Scan was done in an average of 2 minutes and 3 seconds and looked at 49,018 files.

User Interface

The Windows Defender Security Center, which manages Windows Defender as well as several other Windows features, is no longer a mix of old and new software. Everything has a common and open look to it, and many of the features can be turned on and off.

But getting to the Security Center can be a little cumbersome, starting from the Windows 10 Settings section with quick stops at the Update & Security and the Windows Security pages. While most antivirus software lets users start a scan in three clicks or fewer, Defender needs at least eight clicks to get to a Full Scan and seven to get to a Quick Scan.

The good news is that there's a shortcut in the Windows Defender Task Tray icon to start a Quick Scan. You'll also find links for checking for updates and seeing notifications.

The Windows Defender Security Center is organized around seven security sections. Each has a small green check mark that changes to a yellow exclamation point when something requires user action and to a red "X" when there's something seriously wrong.

·         "Virus and threat protection" is where you can start scans and fine-tune protection by turning various defenses on and off.

·         Account Protection lets you incorporate malware protection into your Microsoft account.

·        "Firewall and network protection" is where you check on the firewall's settings and go to the Advanced Settings link to set a rule.

·         "App & browser control" lets you adjust the SmartScreen website control by turning it off or having it warn you about or block the potentially dangerous site.

·         Device Security lets you isolate the system's memory to prevent malicious code from affecting the system.

·        "Device performance & health" is a continuously running optimization program that looks at storage, drivers, battery life and apps.

·         Family Options is the center of attention for Windows 10's parental controls.

On the left, a column of categories matches the icons, presenting a separate path into the program's details. At the bottom is a Settings link that takes you to the most useful and important configuration options, including virus and threat protection, account-protection notifications, and firewall notifications.

On the downside, Defender doesn't let you schedule scans.

Installation and Support

The best part of Windows Defender is that it is part and parcel of Windows 10 and is tightly integrated with the rest of the operating system. There's also no way to remove it from your system, but you can load a different security program that will take over.

The best part of Windows Defender is that it is part and parcel of Windows 10 and is tightly integrated with the rest of the operating system.

Microsoft tech support includes forums, chat windows, phone and email, easily the most avenues of contact for any free AV product. Support for Defender is lumped into Windows 10 support without a separate Defender category. It can be time-consuming to get to the right technician.

Bottom Line

Windows Defender is still a half-step behind the best programs at eradicating malware, but it is much improved over its past self and is still the easiest to get started with. Defender's low system impact is offset by its long scan times and lack of creature comforts, such as the ability to schedule scans.

If you hanker for more features, check out Avast Free Antivirus; if you want even better protection, try Bitdefender Antivirus Free Edition or Kaspersky Free Antivirus.

Credit: Tom's Guide

Antivirus Buying Guides:
Best Antivirus for the Money
Best Inexpensive PC Antivirus
Best Intermediate PC Antivirus
Best PC Security Suite
Best Free PC Antivirus
Best Mac Antivirus Software
Best Android Antivirus Apps
Create a new thread in the Antivirus / Security / Privacy forum about this subject
5 comments
Comment from the forums
    Your comment
  • Vin3
    malwarebytes and windows defender are great together.
    tom obviously got paid for this article just look at his adverts.
  • Matt Rundle
    Windows Defender is basically the same thing as MSE it offers the same level of protection, i think the thing where Windows users get confused is MSE and the new Windows Defender is differnt than the old Defender. the old version is anti malware MSE and Windows Defender are Microsoft's version of an Antivirus, it's not most effective but it's all you need. +Malwarebytes. If you suspect a virus, Update Defender and run full scan to be most effective.
  • Paul Wagenseil
    Windows Defender is not enough, even with Malwarebytes Anti-Malware running as the cleanup crew. Believe us. If you don't want to pay for AV software, try Avira, AVG or Avast, which are as, or almost as, good as the paid stuff.
  • DyingCrow
    These are all trash.
    Want free?
    -UAC
    -Windows Defender (barking dog at the gate)
    -Firefox with AdBlock PLus
    -Malwarebytes to clean up trash, but do yourself a favor and buy a license.
    -Common sense

    You'll be almost invincible.
  • Cavehomme1
    Had trouble signing-in, now I got 2 draft reviews above that need removing please ;)

    Windows Defender may have missed 20% of zero day malware samples a while ago, but in recent months it is nearly as good as the others. Coupled with a second lie of defence such as the equally free Comodo Firewall to stop unknown nasties slipping through and phoning back home, it's pretty much all anyone needs.

    I've tried most of the AV / suites out there over the years and I've come back to using MS / Defender for the reason that it just works and with minimal impact.

    In my own recent tests of trojan droppers embedded in docs, pdfs, etc, Defender has been spotting most of these whilst Bitdefender and Norton were missing them, confirmed by checking on Virustotal. MS may not be the best but they've come an awful long way and with an extra light layer such as CFW I personally think it's the best and reliable solution out there, had too many issues with all of the others I tried.