Microsoft Windows Defender Review

The basic, minimalist Windows Defender, which is built into Windows 8.1 and Windows 10, has just one role: protection. It will never ask you to upgrade to a paid version, and many users will never know that it's there. It lies a layer or two below the surface of Windows, starts running as soon as you boot up your machine, and appears only if there's a problem.

Yet Windows Defender (called Microsoft Security Essentials on Windows 7) still lags behind other free AV programs in accurate malware detection. Because it let as much as 20 percent of zero-day malware through in recent tests, we recommend that users install a third-party antivirus product, paid or free, that offers better protection.

Antivirus Protection

Drawing from a daily-updated database of known malware signatures, Windows Defender scans files as they are opened or downloaded, and periodically scans every file on the hard drive. Because many kinds of malware change their appearance to evade signature-based scans, Windows Defender also uses behavioral analysis to catch things that haven't been seen before.

You can choose to let Windows Defender feed data about malware found on your machine to Microsoft's cloud-based Malware Protection Center; the default setting is to participate. As with many of Windows Defender's settings, the option to turn it off is hidden in Windows' Update & Security section.

Similarly, you'll need to go to the Windows Task Scheduler to schedule malware scans. Fortunately, you'll likely have to do this only once. It can scan malicious email attachments, but you must initiate those scans manually. Custom scans can be limited to specific files, folders or file types, but Windows Defender can't examine items stored on remote servers, even on Microsoft's OneDrive.

MORE: Best Free Antivirus Software

Windows Defender outsources browser protection to Microsoft's SmartScreen Filter, a feature built into Internet Explorer and the new Edge browser that blocks malicious websites and downloads. There aren't any plugins or protections for non-Microsoft browsers.

Antivirus Performance

Windows Defender's malware-detection rates have improved with time, but they are still subpar in protecting against zero-day (previously unseen) malware.

In AV-TEST's Windows 10 evaluations in fall 2015, Windows Defender missed nearly 20 percent of zero-day threats in September but cut that failure rate down to 5 percent in October. Three other brands we reviewed recently — Avira, AVG and Bitdefender — had 100-percent detection scores in both months.

Windows Defender's ability to tag widespread, previously known malware in Windows 10 was significantly better, at 99.9 percent in September and 99.1 percent in October. It did register two false positives, or benign files mistakenly flagged as malware.

Windows Defender performed better on Windows 8.1 but was still behind other products. It did rather well in November 2015, detecting 97.5 percent of zero-day malware and 99.6 percent of widespread malware. In December 2015, the zero-day rate fell to 90 percent. Windows Defender had one false positive in Windows 8.1.

Both AV-TEST and AV-Comparatives evaluated Windows Defender's predecessor, Microsoft Security Essentials (MSE), on Windows 7. In AV-TEST's winter 2016 Windows 7 evaluations, MSE failed at detecting zero-day-malware, stopping just 91.8 percent in January and 86.4 percent in February — easily the lowest scores of the bunch. MSE did much better against widespread malware, stopping 99.7 percent in January and 99.6 percent the following month. Over the two months, MSE registered three false positives.

MSE's malware-detection rates were fair, at 97 and 94.5 percent, respectively, in AV-Comparatives' November and December 2015 evaluations. But it got 23 false positives in November, and 29 in December — by far the worst showing of all six free AV brands we've recently reviewed.

Performance and System Impact

Because Windows Defender always runs in Windows 8.1 or 10 until another antivirus product is installed, it was difficult to gauge its impact on system performance while it ran in the background. However, it slowed our test machine significantly during active full scans.

Our test machine was an Asus X555LA notebook with an Intel Core i3-4005U CPU, 6GB of RAM and 36GB of data on a 500GB hard drive, upgraded from Windows 8.1 to Windows 10. To gauge performance impact, we ran our OpenOffice benchmark test, which matches 20,000 names and addresses on a spreadsheet.

The Asus finished the OpenOffice benchmark test in 7 minutes and 33 seconds during quick scans, an increase of 9.7 percent over the baseline score of 6:53. Only Avast Free Antivirus had less of a system impact.

That wasn't the case with full scans, during which our OpenOffice test took 10:07 to complete. That's 46 percent slower than the baseline, the highest system load we recorded among the six free antivirus products we recently tested and something that most users would notice.  We were surprised to see such a substantial slowdown by a product so tightly integrated with Windows.

MORE: Best Cheap PC Antivirus Software

Windows Defender was in the middle of the pack when it came to scan times. It took 1 hour and 37 minutes to perform the initial full scan. Subsequent full scans took less time, settling down to an average of 49 minutes and 25 seconds. Quick scans averaged 1 minute and 40 seconds, and looked at only those files deemed mostly likely to be infected.

Microsoft offers neither a rescue disk nor an online emergency scanning site for fixing intense malware infections. However, using Windows' recovery tools, you can roll back your system to an earlier point in time, create a recovery drive on a USB stick or reinstall the operating system entirely. Windows 10 can also "reset" a system to varying degrees.


Microsoft took "bland is better" to heart when designing Windows Defender's interface. The main screen is blue and gray with lots of empty space, with a highlight bar and an image of a desktop monitor that turn red, yellow or green depending on your system's security status. The interface window can run full-screen, which is rare among AV products, but the extra space isn't needed.

Three tabs — Home, Update and History — at the top of the main screen correspond to Windows Defender's three sole windows. On the Home page, you can choose among Full, Quick or Custom scans, or press a button to start a scan. The Update page handles malware definitions, while the History page shows you what's allowed, what's quarantined and what's been detected.

The Settings icon on all three pages takes you to Windows 10's own settings, where you can toggle real-time and cloud-based protections on or off, as well as choose whether to send malware information to Microsoft. The Help button takes you to the Microsoft support website, and a tiny triangle next to that links to a Microsoft Malware Protection Center Web page, to which you can upload a live malware sample.

Installation and Support

Because Windows Defender is built into Windows 8.1 and 10, there's nothing to download, install or configure — the software just runs in the background until you install a different AV product. (If you have Windows 7, you'll need a free Windows account to download Microsoft Security Essentials from Microsoft's website.)

Such a no-frills approach should appeal to those who don't care to know the details. After reviewing other free antivirus products, we were very happy that Windows Defender didn't show us ads, nag us with pop-ups touting paid upgrades or change our Web browser's home page and default search engine.

Windows Defender's help options are pretty poor. There's no phone or email support — you'll have to gather general information from the community forum.

Bottom Line

Windows Defender requires no installation and is a moderately effective way to keep a PC clean. It can protect against major malware attacks, but at the cost of many false positives and a severe system slowdown during full scans.

MORE: Best Antivirus - Top Software for PC, Mac and Android

We're happy that Windows Defender never asked us to buy its premium product, and that it didn't hijack our web browser. But because it missed up to 20 percent of zero-day malware in lab tests, we can't recommend sticking with it. If you don’t want to pay for Windows antivirus software, we recommend Avira Free Antivirus if you prefer lots of customization options, or Bitdefender Antivirus Free Edition if you don’t.

Antivirus Buying Guides:
Best Antivirus for the Money
Best Inexpensive PC Antivirus
Best Intermediate PC Antivirus
Best PC Security Suite
Best Free PC Antivirus
Best Mac Antivirus Software
Best Android Antivirus Apps
Create a new thread in the Antivirus / Security / Privacy forum about this subject
This thread is closed for comments
    Your comment
  • Vin3
    malwarebytes and windows defender are great together.
    tom obviously got paid for this article just look at his adverts.
  • Matt Rundle
    Windows Defender is basically the same thing as MSE it offers the same level of protection, i think the thing where Windows users get confused is MSE and the new Windows Defender is differnt than the old Defender. the old version is anti malware MSE and Windows Defender are Microsoft's version of an Antivirus, it's not most effective but it's all you need. +Malwarebytes. If you suspect a virus, Update Defender and run full scan to be most effective.
  • Paul Wagenseil
    Windows Defender is not enough, even with Malwarebytes Anti-Malware running as the cleanup crew. Believe us. If you don't want to pay for AV software, try Avira, AVG or Avast, which are as, or almost as, good as the paid stuff.
  • DyingCrow
    These are all trash.
    Want free?
    -Windows Defender (barking dog at the gate)
    -Firefox with AdBlock PLus
    -Malwarebytes to clean up trash, but do yourself a favor and buy a license.
    -Common sense

    You'll be almost invincible.
  • Cavehomme1
    Had trouble signing-in, now I got 2 draft reviews above that need removing please ;)

    Windows Defender may have missed 20% of zero day malware samples a while ago, but in recent months it is nearly as good as the others. Coupled with a second lie of defence such as the equally free Comodo Firewall to stop unknown nasties slipping through and phoning back home, it's pretty much all anyone needs.

    I've tried most of the AV / suites out there over the years and I've come back to using MS / Defender for the reason that it just works and with minimal impact.

    In my own recent tests of trojan droppers embedded in docs, pdfs, etc, Defender has been spotting most of these whilst Bitdefender and Norton were missing them, confirmed by checking on Virustotal. MS may not be the best but they've come an awful long way and with an extra light layer such as CFW I personally think it's the best and reliable solution out there, had too many issues with all of the others I tried.