When it comes to antivirus software, Windows Defender is the natural choice. In fact, it’s not so much a choice as just the standard state of things, as it comes pre-packed with Windows 10. (In previous Windows iterations it was known as Microsoft Security Essentials.) It’s, therefore, tempting to just leave it as is and say to yourself that things will probably be fine, right?
But is Windows’ built-in tool enough, or do we still need to rely on the big guns of antivirus software to keep us safe online? Read on for the lowdown.
Note: this analysis is based on tests carried out in December 2018. Results will inevitably vary over time, but we’ll be doing our best to keep on top of them.
How Does Windows Defender Compare?
Talking about Windows Defender in isolation won’t get us anywhere. What we need to know is how it stacks up to the biggest antivirus programs that you’ve probably downloaded or even paid for over the years – the McAfees, AVGs and Bitdefenders of the world.
Thankfully, there are several sites dedicated to comparing antivirus software on a monthly basis.
AV Test
AV Test helps users make educated decisions about what antivirus they should use. They rank each antivirus on three factors using a scale from 0 to 6, where 6 is the best. The three elements they test for are Protection, Performance, and Usability. So how did Windows Defender fare?
Pretty well, it seems.
In April 2018 Windows Defender scored 5.5 across the three categories, but the tests from December 2018 actually showed an improvement in protection – giving it full marks. That technically gives it the same “Protection” and “Performance” ratings as antivirus giants like Avast, Avira and AVG.
In real terms, according to AV Test, Windows Defender currently offers 99.6% protection against zero-day malware attacks. Out of 1.5 million samples, Defender detected seven legitimate bits of software as malware in November, which was a little worse than the industry average of five.
So Windows Defender is certainly capable of mixing it up with the big boys, which may come as a surprise to those who knew of it several years ago as a somewhat rudimentary solution.
AV Comparatives
It’s hardly representative to look at just one website, though, as AV Tests’ means of testing and criteria will differ slightly from another. On that note, another popular website for antivirus testing is AV Comparatives. Can Windows Defender carry its impressive form over to this site?
Looking at the real-world protection tests, the results are again pretty good. AV Comparatives carried out its tests using a mix of malicious URLs, drive-by downloads, and URLs redirecting users to malware. Windows Defender had a 0% compromise rate, which was better than the 0.5% rate with Avast and AVG, and up there with the flawless scores of Avira, Bitdefender and McAfee.
Compared with previous years, Windows Defender has drastically improved in blocking “user-dependent” malware – so malware where Windows gives a warning to the user but still gives the option of executing it. In April 2018 the rate of user-dependent malware was 3.6%. In July through November 2018 this dropped down to an average of 0.8%
Where Windows Defender has slipped quite badly is in detecting false positives, where it now has by far the highest rate of all the major antivirus software out there. It clocked 106 false positives from July through November 2018 – more than double that of the second-worst AV in this regard.
These two trends could be correlated, with an increase in false positives and a much better blocking of user-dependent malware being the result of tighter security measures through Windows Defender. Of course, other software shows that you can score well in both these categories, so that’s the next thing Microsoft should be aiming for – cutting down false positives while maintaining high security.
Much Better than It Used to Be
Small hiccups aside, historical data on both AV Test and AV Comparatives shows a marked improvement in Windows Defender’s performance over the years.
Back in October 2015, Windows Defender received the joint-lowest rating for Protection (3.5/6), amounting to just 95% protection against 0-day malware attacks. (This was an alarming 80.5% in September 2015.) The industry average at the time was 97.2%, so Windows Defender was decidedly trailing the pack.
At AV Comparatives, meanwhile, Windows Defender had a 3% compromise rate from July through November 2016. That has been almost directly replaced by the possibility of “user-dependent” security compromises in 2018, which still isn’t perfect but a huge improvement.
The Verdict: A Sturdy Defence
Just a few years ago you’d have been laughed off for suggesting that it was enough for you to sit back, install no third-party AV software, and let Windows take care of defending your PC. While we wouldn’t encourage complacency, Windows Defender is now well-proven as a viable antivirus option unto itself.
However, if you want to err on the side of caution, there would be no harm in adding an extra layer of protection over Windows Defender, just to eliminate the minute possibility that something could sneak through the net.
But do you need to worry if all you have is Windows Defender? No, not any more. However, the malware landscape is always shifting, and we’ll keep an eye out for developments that suggest otherwise.
This article was first published in February 2017 and was updated in February 2019.
The Complete Windows 10 Customization Guide
In this ebook we’ll be exploring the multitude of options to fully customize Windows 10. By the end of this ebook you’ll know how to make Windows 10 your own and become an expert Windows 10 user.
Defender and Security Essentials have been my go-to AVs on four systems, two Win7, two 10 for almost two years primarily as the auto-update of the commercial internet security app borked my system one too many times.
The only thing that bothered me about them is the irregular signature and definition “push” from MS and its dependence on Windows Automatic Update. Sigs/defs are updated several times a day:
https://www.microsoft.com/en-us/wdsi/definitions/antimalware-definition-release-notes
As such, I would not run either Defender or Security Essentials without a Task Scheduler task every fours hours for “MpCmdRun.exe -SignatureUpdate” Instructions flourish in google.
I also use CheckMAL’s AppCheck Pro and GlassWire with Bitdefender’s TrafficLight, Adguard and Ghostery extensions in the browser.
Thanks for the great article. Yup, it’s a sturdy defense.
> Is Windows Defender Good Enough in 2019?
On occasion I am forced to use a Windows computer and it’s so weird having any kind of malware protection when the entire OS is built to spy on you. It’s like installing tracking-protection on Google Chrome. Uploading all your data to Apple’s Chinese servers and expecting privacy.
Lots of very smart people operate this way and worse… they’ll even defend it behind incredible mental gymnastics or simply pretend that none of this exists.
So weird. Truth is stranger than fiction. It’s like a Twilight Zone episode about flat-earthers.
I have it on my computer plus Malware AntiMalware Bytes. I had to reformat a desktop PC from the beginning several years ago and never want to do that again! It took an entire day to bring it back to where it was before I got slammed with a virus/worm!
Will adding another AV, like AVG cause a conflict and allow neither AV’s to function properly?
No, from the above article.
What is the “extra layer of precaution” that you alluded to ?
When it comes to security “good enough” is NOT good enough. You either have/use the best or you are naked and exposed.
As gazoo said, when it comes to Windows, there can be no discussion of security because the O/S is deliberately designed to be insecure. Bad actors can, and will, just as easily as MS, use the MS designed holes.
Defender is a robust option to use versus paid. I have spent much time and effort on this. If you want a backup, use a free online scan for forensics purposes. Often, malware will sneak in via ads, etc. Use Ublock origin in Firefox, among other things. I adjust about 20 settings in Firefox about:config, and use Windows firewall outbound only allowed. I have not had any problems-knock on wood-
One user brought back a flash drive that was used in an Internet cafe and contained malware. Two machines (Win 7 and 10, both with the built-in AV) did not detect it, but another (Win 7 with a free version of Kaspersky) did.
On the other hand, the third machine was slower in terms of file and Internet browsing.