Windows Defender review

Windows Defender is more than good enough to leave where it is

Windows Defender review
(Image: © MIcrosoft)

Tom's Guide Verdict

Windows Defender isn't the absolute best antivirus software, but it's easily good enough to be your main malware defense.

Pros

  • +

    Already installed on Windows 8.1 and 10

  • +

    Very good malware protection

Cons

  • -

    Can be hard to schedule scans

  • -

    Not many extras

  • -

    Some features work only with Microsoft products

Why you can trust Tom's Guide Our writers and editors spend hours analyzing and reviewing products, services, and apps to help find what's best for you. Find out more about how we test, analyze, and rate.

With very good defenses against malware, a low impact on system performance and a surprising number of accompanying extra features, Microsoft's built-in Windows Defender, aka Windows Defender Antivirus, has almost caught up with the best free antivirus programs by offering excellent automatic protection.

Windows Defender specs

Malware protection: Very good
System impact, background: n/a
System impact, scans: Moderate
Windows compatibility: 8/8.1 and 10
Email scans: No
File shredder: No
Game/silent mode: Yes
Hardened/secure browser: Yes, for Edge & IE only
Password manager: No
Performance scanner: No
Ransomware file reversal: Yes
Rescue disk: No
Scan scheduler: Yes
Support options: 24/7 phone, email support
URL screener: Yes, for Edge & IE only
Upsell nag factor: Nonexistent

The downsides are that scheduling scans is too difficult for many to accomplish, there's no protection for web browsers other than Edge or Internet Explorer, and there's no stand-alone password manager or a file shredder.

If you crave airtight malware protection along with easy-to-schedule scans, a fair number of extra goodies, lots of customization options and a superlight system load, get Kaspersky Security Cloud Free. If you just want better defenses than what Defender offers, try the no-muss-no-fuss Bitdefender Antivirus Free Edition.

If you're still using Windows 7, then you need to use third-party antivirus software. But if you're on Windows 8.1 or Windows 10 and like the idea of getting very good free malware protection without lifting a finger, then just stick with Windows Defender.

Read on for the rest of our Windows Defender review.

Windows Defender: What's covered and upgrade options

Windows Defender comes with Windows 8.1 and 10 and can be disabled only by the installation of a third-party antivirus program, or, if you're brave, editing the Windows Registry.

What you see with Windows Defender is what you get. There are no upgrades available to augment protection or add features. But if you take into account the entire Windows Security apparatus, Defender comes with a firewall, drive-level encryption (in Windows 10 Pro and up), limited parental controls and even a game mode.

On the other hand, it still lacks things that third-party antivirus makers add as enticements, such as a file shredder and VPN access.

Microsoft plans to expand Defender's coverage to other platforms. There's already a beta version of Microsoft Defender for Macs in enterprise deployments, and Microsoft says it is working on Microsoft Defender for Android and Linux. 

Hence the official renaming of the enterprise product to "Microsoft Defender." Microsoft tells us the consumer product will continue to be called Windows Defender Antivirus.

Windows Defender: Antivirus protection

Even if you do nothing to a new Windows 8.1 or 10 computer, Windows Defender is already there protecting your machine. Many users will not even notice that Defender is working until they're subjected to an attack.

(Image credit: Tom's Guide)

Defender compares new files and programs against a database of known malware and watches for signs that an attack is underway, such as the encryption of key files. 

By default, Microsoft uploads suspect items from your computer for online analysis, but you can opt out of this data collection in the Windows Security Center settings. Several malware-signature updates go out daily to Windows Defender and Microsoft Defender's 500 million users.

(Image credit: Tom's Guide)

Microsoft also has a bunch of specific defenses. Because Defender runs in an isolated "sandbox," rogue code can be executed without affecting the rest of the system. 

There's now tamper protection to prevent malicious apps from changing settings, and Defender stops fileless-malware attacks with a memory-integrity feature that prevents malicious code from being injected into running RAM. It also screens email attachments for malicious code.

(Image credit: Tom's Guide)

Quick scans are a click away from the front page of the Windows Defender Security Center, which you can access by clicking the shield icon in the System Tray at the bottom right of your screen. Full or specialized scans are a click or two beyond that. 

(Image credit: Tom's Guide)

When a USB drive is plugged in, Defender scans its contents; you can also scan any file by right-clicking on it in the Windows Explorer file manager.

The rest of Microsoft's Windows Security Center features run whether or not Defender or another antivirus program is protecting your system, but they're worth mentioning.

(Image credit: Tom's Guide)

Attacks on the system's start-up sequence can be stopped by Microsoft's Secure Boot feature, and the SmartScreen filter blocks links to untrustworthy websites from Outlook, Edge and Internet Explorer (but not third-party browsers like Google Chrome or Mozilla Firefox). 

(Image credit: Tom's Guide)

Microsoft's OneDrive online file repository can hold copies of your key files to be recovered in case of an encrypting ransomware attack.

If Windows Defender interrupts a movie or game playing on your PC, the Game Mode can help. While other antivirus programs have integrated game modes, Microsoft's can be accessed in the Gaming part of the main Windows Settings menu.

Windows Defender: Antivirus performance

Over the past two years, Windows Defender has improved to the point where it now offers malware protection as good as almost any free or paid antivirus program.

In all 26 monthly rounds of tests conducted in 2018, 2019 and the first two months of 2020 by German lab AV-Test, Windows Defender detected either 99.9% or 100% of known "widespread" malware every single time, and failed to get a perfect 100% only once in 2019. It failed to detect 100% of previously unseen "zero-day" malware a total of six times.

(Image credit: Tom's Guide)

Those scores put Windows Defender, once the worst joke in antivirus protection, ahead of well-known brands like Avast, AVG, Avira and McAfee, and just behind Bitdefender and Trend Micro

Defender still isn't as good as industry leaders Kaspersky or Norton, which detected all malware in all of AV-Test's 2018, 2019 and (so far) 2020 evaluations, but it's finally within shouting distance.

Not all these brands mentioned offer free antivirus software, but of those who do, Kaspersky comes out on top with perfect scores. Next up is Bitdefender, which got all the widespread malware in those two-plus years but missed some zero-day bugs in three instances.

The other two free products we've reviewed for this round, Avast Free Antivirus and AVG AntiVirus Free, share the same malware-detection engine with each other and were behind Windows Defender. While they detected either 99.9% or 100% of widespread malware almost all the time, they missed zero-day bugs 10 times over the 26-month period.

(Image credit: Tom's Guide)

Windows Defender is also detecting fewer false positives than it used to, at least in AV-Test's evaluations. It registered 21 false alarms in 2018, but only 15 in 2019. Still, Kaspersky had only three false positives over the entire two years.

Tests by the Austrian lab AV-Comparatives are much more sensitive to false positives, and in those, Windows Defender racked up too many: a total of 74 in four monthly tests from February to May 2019, and 58 from July through October 2019. Kaspersky got zero false positives for the entire year; Bitdefender got four and Avast and AVG 13 each.

Microsoft told us that this was because its Smart Screen browser-protection feature flags any unknown file as potential malware, and that AV-Comparatives chalked up a false positive every time that happened. For its February-March 2020 tests, AV-Comparatives reportedly turned Smart Screen off, and Defender came away with only five false positives.

On the plus side, Windows Defender stopped a respectable average of 99.6% of "real-world" (mostly online) malware in AV-Comparatives' February-May 2019 tests, 99.3% from July to October 2019, and 99.7% in February-March 2020.

Kaspersky's results were mixed, with 100% in the first and third set of tests, but only 99.1% in the second. Bitdefender got 99.9%, 99.7% and 99.5%, respectively, and Avast and AVG brought up the rear with 99.2%, 99.3% and 99.7% each.

(Image credit: Tom's Guide)

Finally, Windows Defender scored a 99% overall score in London-based SE Labs'  July-September 2019 tests, and 98% in the  October-December 2019 rounds, edging just past Avast and AVG in the first round and tying them in the second. In January-March 2020, Defender got a 99% score again.

All three were behind Kaspersky, which scored perfect 100% detection rates both times; as for Bitdefender, it wasn't tested.

Notably, Defender got zero false positives in all three of those most recent SE Labs rounds, a perfect streak that goes back to at least January 2018.

Windows Defender: Security and privacy features

Microsoft's security offerings are baked into Windows 10 and available to users of other antivirus programs. Windows has a built-in firewall, which doesn't screen outbound traffic by default as many third-party firewalls do, but you can set the Windows firewall to do that by adding rules.

(Image credit: Tom's Guide)

It's not a fully hardened browser for banking or buying online, but Edge's SmartScreen filter blocks known malicious websites. There is a password manager baked into Microsoft Edge, just as there is for Mozilla Firefox or Google Chrome, but it can't be used outside the browser.

If you're running Windows 10 Pro, Enterprise or Education, you can use Windows Defender Application Guard, which opens untrusted websites in an isolated instance of Microsoft Edge to protect the rest of the machine. 

There are Application Guard extensions for Chrome and Firefox, but all they do is let you open dodgy websites in the isolated version of Edge instead.

(Image credit: Tom's Guide)

Microsoft built parental controls into the Windows Security Center, but they mainly work only with other Microsoft products. The screen-time limits work with Windows or Xbox One, but not a Mac. 

The browser filters screen what kids see in Edge and Internet Explorer, but not in Chrome or Firefox. These two features do work with Android devices, but the devices need to have the Microsoft Launcher app installed.

Windows Defender: Performance and system impact

Windows Defender's mandatory protection makes computing safer, but it complicates our testing because it means that Defender is always running in the background and there's no easy way to generate a pre-installation baseline score comparable to those of other antivirus brands.

(For what it's worth, installing Kaspersky Security Cloud Free actually sped up our system by 0.9%, which hints that it's got a lighter background performance impact than Windows Defender.)

To gauge performance, we used our Excel-based benchmark, which measures how long it takes to match 20,000 names and addresses in a spreadsheet. Our test machine was an Asus X555LA notebook with a 2-GHz Core i3-5005U processor, 6GB of RAM and 59.5GB of files on a 500GB hard drive. This notebook ran Windows 10 with the latest updates.

(Image credit: Tom's Guide)

Windows Defender took an average of 1 hour and 34 minutes to complete a full scan of our test system, the slowest of the free malware apps to examine an entire computer. The quick scan took an average of 3 minutes and 38 seconds, well behind Avast Free Antivirus' 1 minute and 36 seconds.

With no active scans running, our benchmark test took 13.3 seconds to finish, which rose to 16.0 seconds while running a full system scan with Defender. That's a performance drop of 20% from the normal background load.

(Image credit: Tom's Guide)

Among other free antivirus programs, Bitdefender Antivirus Free Edition's full scan slowed the system by 26% from the post-installation background (not the baseline), and Avast Free Antivirus caused a 24% loss.

Much lighter were AVG AntiVirus Free, whose full scan translated into a performance loss of just 7.1% from the background, and Kaspersky Security Cloud Free, which created a 6.7% loss from the background (and a 5.7% drop from the preinstallation baseline).

(Image credit: Tom's Guide)

Windows Defender's quick-scan results were better, with the benchmark finishing in 15 seconds. This 13% performance drop was only outdone by Kaspersky Security Cloud Free's 2.1% hit. By contrast, Avast Free Antivirus showed a performance decline of 47%.

Windows Defender: Interface

The Windows Security Center can be reached by clicking the shield icon in the System Tray that slides out from the little up arrow in the bottom right of the desktop interface. 

The main window presents you with seven features — the first, Virus & Threat Protection, is where you can fine-tune Defender's ransomware protection by toggling the Controlled Folder Access feature, and where you can mirror key files on OneDrive.

(Image credit: Tom's Guide)

Account Protection specifies how you log into Windows, and the Firewall & Network Protection section is obviously for tweaking the firewall. App & Browser Control adjusts Edge and the Microsoft Store's security settings.

(Image credit: Tom's Guide)

Device Security lets you activate core isolation and memory integrity to help stop fileless-malware attacks. The Device Performance & Health section checks your storage, drivers, battery (if it's a tablet or notebook) and apps, and provides a mechanism to reinstall Windows while keeping your personal files intact. 

Family Options just links to your online Microsoft account, where you can set up the aforementioned parental controls.

(Image credit: Tom's Guide)

One big drawback: There's no easy way to schedule scans with Windows Defender. Instead, you need to set up scans in the Task Scheduler, which hasn't changed much since Windows Vista and will try the resourcefulness and patience of most users.

Windows Defender: Installation and support

Because it's part of Windows, there's nothing to install or turn on with Windows Defender. It's there whether you want it or not. 

Unlike some other free malware programs, however, Windows Defender has Microsoft's 24/7 phone and email support to answer a question or sort out a tough infection. There are also a lot of resources online, including set-up tips, reports of new malware and detailed instructions.

Windows Defender review: Bottom line

Windows Defender now provides world-class malware protection and makes a good argument for not replacing it with a third-party antivirus program. Its only flaws are that some of its protective tasks, like scheduling scans, are hard to set up, and that some of the associated Windows protections apply only to Microsoft's own browsers.

If you want the overall best free antivirus protection with a decent number of extra features, Kaspersky Security Cloud Free is the way to go.

Updated with latest lab-test results. This review was originally published in May 2020.

Brian Nadel

Brian Nadel is a freelance writer and editor who specializes in technology reporting and reviewing. He works out of the suburban New York City area and has covered topics from nuclear power plants and Wi-Fi routers to cars and tablets. The former editor-in-chief of Mobile Computing and Communications, Nadel is the recipient of the TransPacific Writing Award.