Windows Defender Review: Better Than Nothing

Hidden below the surface of every Windows 8.1 and Windows 10 system, Microsoft's Windows Defender is built-in antivirus protection for those who don't want to think about malware, scanners or threats. The program lacks some of the things we take for granted in security software, but it has the advantage of being well-integrated into the operating system.

However, while the malware-protection abilities of Windows Defender and its Windows 7 sibling, Microsoft Security Essentials, have improved vastly in the past few years, they still lag behind the protection you'll get with most free antivirus software. For truly better protection, we recommend Avast Free Antivirus or Bitdefender Antivirus Free Edition.

Costs and What's Covered

Windows Defender is built into Windows 8.1 and Windows 10. There's no way to permanently disable the software without editing the Windows Registry, and it always runs unless you install a third-party antivirus product. There are no options for upgrades or premium products that provide more features.

With the latest official build of Windows 10, the Creators Update (version 1703), Microsoft has renamed Windows Defender as Windows Defender Antivirus, just to make clear what it does. But because it's still called Windows Defender on older versions of Windows 10, and on all versions of Windows 8.1, we'll use the names interchangeably.

If you're looking for a full-featured application that can help keep your secrets, look elsewhere. Windows Defender provides only basic protection and is proud of it.

The latest version of Windows 10 also introduces the new Windows Defender Security Center. That's a new unified interface for several Windows security and privacy tools that were previously accessed separately, including the firewall, system-performance monitors, parental controls and Windows Defender itself.

On Windows 7, Windows Defender's functions are handled by Microsoft Security Essentials (MSE), which has to be downloaded from the Microsoft website and manually installed. It uses the same malware-detection engine as Windows Defender. (To make things even more complicated, Windows 7 comes with an entirely different program called Windows Defender, but that's deactivated if you install MSE.)

Antivirus Protection

Windows Defender is one of the most widely used AV products on the planet, and many people who rely on the program don't even know it's there. It will automatically update itself if you've enabled Windows 10 or Windows 8.1 to always have the latest system updates.

To protect your PC from infection, Windows Defender uses traditional signature-matching scanning to compare potential malware against a database of known threats. It also uses heuristic analysis, which monitors software behavior and other attributes, to catch new "zero-day" malware or malware that rapidly changes its code to evade signature detection.

Anything that looks strange gets uploaded to Microsoft's labs for further analysis. New signature updates are sent out to users several times per day. (You can choose to not participate in the malware-collection program with an option in Windows Defender's Settings section.)

Windows Defender's malware protection is not great compared to the likes of Bitdefender or Avast, but its ability to spot and scrub rogue code has improved in the past couple of years.

Like most antivirus software, Windows Defender constantly runs in the background, but you can put the real-time scanner into snooze mode to lessen interruptions. Microsoft's cloud-based Block at First Sight technology quickly react to threats such as a ransomware attacks.

You can scan an individual file, folder or drive with Windows Defender by browsing to that item via Windows Explorer, then right-clicking it. Windows Defender also automatically scans new USB drives as they are connected to the system.

MORE: Laptops with the Best Overall Performance

Antivirus Performance

Windows Defender's malware protection is not as good as the likes of Bitdefender or Avast, but its ability to spot and scrub rogue code has improved in the past couple of years. It's now an effective (though occasionally flawed) tool for protecting your system.

In recent two-month evaluations conducted by German independent lab AV-TEST on Windows 10, Windows Defender stopped 99.0 percent of previously unseen "zero-day" malware in both May and June of 2017.

There's still some work to do on that front, particularly when compared to competitors that got perfect 100-percent scores in both months, such as Avast, AVG and Bitdefender. (In antivirus software, what counts is how much malware gets through.) But considering that Windows Defender stopped only 80.5 percent of zero-day malware in September 2015 and 88.1 percent a year later, we can't help but be impressed by the progress.

As far as detecting widespread, known malware on Windows 10 went, Defender stopped 99.8 percent in May and 99.7 percent in June. Avira and Bitdefender scored perfectly in both months. Windows Defender misidentified a whopping 16 safe items as malware (false positives), however, against an average of three.

On Windows 7, AV-TEST evaluated Microsoft Security Essentials (MSE), which shares its malware scanner with Windows Defender. In both January and February 2017, MSE scored a perfect 100 percent against zero-day malware, a big step forward for the program. (Avast and Bitdefender scored 100 percent as well.)

Still, MSE missed 0.7 percent of widespread malware in January and 0.4 percent the following month, arguably the worst scores of the six brands of free AV software we recently reviewed. MSE registered three false positives in February.

Over five rounds of evaluations from February to June 2017 conducted by Austrian lab AV-Comparatives, MSE running on Windows 7 stopped an average of 98.8 percent of malware emanating from malicious websites. It also registered 27 false positives over those five months.

By contrast, Bitdefender had a 99.9 percent detection rate, with five false positives over five months. Panda had a 99.8 percent rate and 11 false positives.

Security and Privacy

If you're looking for a full-featured application that can help keep your secrets, look elsewhere. Windows Defender provides only basic protection and is proud of it.

You get Microsoft's SmartScreen filter to block potentially dangerous websites, but it works only with the Internet Explorer and Edge browsers. Email attachments can be blocked based on their contents, but only in Microsoft Outlook and Microsoft Office 365, and only as the emails are opened. Third-party email clients don't get any protection.

Like Google Chrome and Mozilla Firefox, Microsoft's Edge browser offers to save passwords, but Windows Defender lacks anything like Avast's password manager. There's no file-level encryption, but if you have the Windows 10 Pro, Enterprise or Education editions, you can use Microsoft's BitLocker disk-encryption system.

Windows Defender lacks a file shredder and a hardened web browser for online banking and shopping. There's no local-network scanner to find vulnerable devices.

The software lacks a system-rescue disk, too, but you can use the Windows recovery tool to roll back the system to a previous point in time.

MORE: Best VPN Services for Staying Anonymous Online

Performance and System Impact

Because Windows Defender is part of Windows, there was no way for us to gauge its post-installation system impact, but we did time system scans and measure their impact. On an Asus X555LA laptop running Windows 10 with 6GB of RAM, an Intel Core i3 CPU and 36GB of files on a 500GB hard drive, we ran our OpenOffice benchmark test, which matches 20,000 names to 20,000 addresses on a spreadsheet. It finished in 6 minutes and 58 seconds.

Windows Defender is a moderately slow scanner. It took 48 minutes and 45 seconds to go through our system's hard drive; it looked at 350,396 files along the way and found nothing amiss. That's more than 3 minutes faster than Bitdefender's initial full scan, but Bitdefender's full scans get much faster if you repeat them; Windows Defender's don't.

Windows Defender was able to do a quick scan of the most vulnerable areas in 2 minutes and 36 seconds. That's about as long as Avast Free Antivirus' quick scan took.

The scans had a mixed impact on system performance. Windows Defender's quick scan had only a 2-percent impact, with an OpenOffice completion time of 7:07, just 9 seconds slower than the baseline.

On the other hand, the Full Scan gobbled up system resources and recorded an OpenOffice score of 10:59. That's a slowdown of a whopping 58 percent, making Windows Defender easily the worst of the free malware programs in this regard.

User Interface

Even as part of the new Security Center, Windows Defender's interface is still minimalist and austere, with a basic white, blue and green color scheme. The good news is that Windows Defender lets you resize the interface window and use it full screen, a rare ability among antivirus software.

At any time, you can start a Full, Quick or Custom scan, and check if the real-time protection is turned on and the definitions are up to date.

The Security Center provides an overlay a level above Defender, with icons for five main categories. Virus & Threat Protection (i.e., Windows Defender) provides access to a Quick Scan and Advanced Scans for Full, Custom and Offline scans.

Device Performance & Health makes sure you have up-to-date drivers and Windows software as well as enough storage and battery life; the Fresh Start lets you factory-reset the operating system.

Firewall & Network Protection shows that the firewall is active and provides a way to whitelist apps. App & Browser Control lets you decide whether the system will block or warn about online dangers. Finally, the Family Options let you set up Windows 10's parental controls, limit PC use and track what your kids are doing online.

Each item gets a green check mark when the threat level is minimal, but that can quickly change to red if anything goes wrong. The main Defender window and the Security Center have Task Tray icons that are so similar that you'll scratch your head trying to decide which is which.

Overall, this scheme is less efficient if all you want to do is run a Full Scan, which is now an extra click away. A Custom scan lets you pick folders or drives to examine. There's no way to schedule a malware scan from within Defender, but you can use the Windows Task Scheduler to make Defender do it.

While SC provides a new look to Defender, it sometimes gets in the way. In the lower left corner of each Security Center window is a Settings link, which only toggles the malware and firewall notifications. To get to the nitty-gritty details, you still have to dig into the old Defender's Settings section, which paradoxically is in the upper right of its windows.

MORE: Best Mobile Password Managers

Installation and Support

Unlike with other free malware products, there's nothing to install with Defender. It's already part and parcel of a Windows 8.1 or 10 system. Windows 7 uses Microsoft Security Essentials, which must be downloaded separately.

Security Center has no Help category, so it's back to the old Windows Defender interface for assistance. There, you'll find a direct link to the company's support presence online and a way to submit a malware sample. There are lots of tips and pointers, but all support is done through the forum.

Bottom Line

Being built into Windows has its advantages. Windows Defender Antivirus is always running below the surface, and its new Security Center adds a veneer of modern design. But its slow malware scanner has a heavy system impact, and while Defender's protection is improving, it still lags behind most other products in protection.

Image Credit: Microsoft

Antivirus Buying Guides:
Best Antivirus for the Money
Best Inexpensive PC Antivirus
Best Intermediate PC Antivirus
Best PC Security Suite
Best Free PC Antivirus
Best Mac Antivirus Software
Best Android Antivirus Apps
Create a new thread in the Antivirus / Security / Privacy forum about this subject
This thread is closed for comments
5 comments
Comment from the forums
    Your comment
  • Vin3
    malwarebytes and windows defender are great together.
    tom obviously got paid for this article just look at his adverts.
    -1
  • Matt Rundle
    Windows Defender is basically the same thing as MSE it offers the same level of protection, i think the thing where Windows users get confused is MSE and the new Windows Defender is differnt than the old Defender. the old version is anti malware MSE and Windows Defender are Microsoft's version of an Antivirus, it's not most effective but it's all you need. +Malwarebytes. If you suspect a virus, Update Defender and run full scan to be most effective.
    1
  • Paul Wagenseil
    Windows Defender is not enough, even with Malwarebytes Anti-Malware running as the cleanup crew. Believe us. If you don't want to pay for AV software, try Avira, AVG or Avast, which are as, or almost as, good as the paid stuff.
    0
  • DyingCrow
    These are all trash.
    Want free?
    -UAC
    -Windows Defender (barking dog at the gate)
    -Firefox with AdBlock PLus
    -Malwarebytes to clean up trash, but do yourself a favor and buy a license.
    -Common sense

    You'll be almost invincible.
    0
  • Cavehomme1
    Had trouble signing-in, now I got 2 draft reviews above that need removing please ;)

    Windows Defender may have missed 20% of zero day malware samples a while ago, but in recent months it is nearly as good as the others. Coupled with a second lie of defence such as the equally free Comodo Firewall to stop unknown nasties slipping through and phoning back home, it's pretty much all anyone needs.

    I've tried most of the AV / suites out there over the years and I've come back to using MS / Defender for the reason that it just works and with minimal impact.

    In my own recent tests of trojan droppers embedded in docs, pdfs, etc, Defender has been spotting most of these whilst Bitdefender and Norton were missing them, confirmed by checking on Virustotal. MS may not be the best but they've come an awful long way and with an extra light layer such as CFW I personally think it's the best and reliable solution out there, had too many issues with all of the others I tried.
    0