When it comes to antivirus software, Windows Defender is the natural choice. In fact, it’s not so much a choice as just the standard state of things, as it comes pre-packed with Windows 10. (In previous Windows iterations it was known as Microsoft Security Essentials.) It’s, therefore, tempting to just leave it as is and say to yourself that things will probably be fine, right?
But is Windows’ built-in tool enough, or do we still need to rely on the big guns of antivirus software to keep us safe online? Read on for the lowdown.
Note: this analysis is based on tests carried out in December 2018. Results will inevitably vary over time, but we’ll be doing our best to keep on top of them.
How Does Windows Defender Compare?
Talking about Windows Defender in isolation won’t get us anywhere. What we need to know is how it stacks up to the biggest antivirus programs that you’ve probably downloaded or even paid for over the years – the McAfees, AVGs and Bitdefenders of the world.
Thankfully, there are several sites dedicated to comparing antivirus software on a monthly basis.
AV Test
AV Test helps users make educated decisions about what antivirus they should use. They rank each antivirus on three factors using a scale from 0 to 6, where 6 is the best. The three elements they test for are Protection, Performance, and Usability. So how did Windows Defender fare?
Pretty well, it seems.
In April 2018 Windows Defender scored 5.5 across the three categories, but the tests from December 2018 actually showed an improvement in protection – giving it full marks. That technically gives it the same “Protection” and “Performance” ratings as antivirus giants like Avast, Avira and AVG.
In real terms, according to AV Test, Windows Defender currently offers 99.6% protection against zero-day malware attacks. Out of 1.5 million samples, Defender detected seven legitimate bits of software as malware in November, which was a little worse than the industry average of five.
So Windows Defender is certainly capable of mixing it up with the big boys, which may come as a surprise to those who knew of it several years ago as a somewhat rudimentary solution.
AV Comparatives
It’s hardly representative to look at just one website, though, as AV Tests’ means of testing and criteria will differ slightly from another. On that note, another popular website for antivirus testing is AV Comparatives. Can Windows Defender carry its impressive form over to this site?
Looking at the real-world protection tests, the results are again pretty good. AV Comparatives carried out its tests using a mix of malicious URLs, drive-by downloads, and URLs redirecting users to malware. Windows Defender had a 0% compromise rate, which was better than the 0.5% rate with Avast and AVG, and up there with the flawless scores of Avira, Bitdefender and McAfee.
Compared with previous years, Windows Defender has drastically improved in blocking “user-dependent” malware – so malware where Windows gives a warning to the user but still gives the option of executing it. In April 2018 the rate of user-dependent malware was 3.6%. In July through November 2018 this dropped down to an average of 0.8%
Where Windows Defender has slipped quite badly is in detecting false positives, where it now has by far the highest rate of all the major antivirus software out there. It clocked 106 false positives from July through November 2018 – more than double that of the second-worst AV in this regard.
These two trends could be correlated, with an increase in false positives and a much better blocking of user-dependent malware being the result of tighter security measures through Windows Defender. Of course, other software shows that you can score well in both these categories, so that’s the next thing Microsoft should be aiming for – cutting down false positives while maintaining high security.
Much Better than It Used to Be
Small hiccups aside, historical data on both AV Test and AV Comparatives shows a marked improvement in Windows Defender’s performance over the years.
Back in October 2015, Windows Defender received the joint-lowest rating for Protection (3.5/6), amounting to just 95% protection against 0-day malware attacks. (This was an alarming 80.5% in September 2015.) The industry average at the time was 97.2%, so Windows Defender was decidedly trailing the pack.
At AV Comparatives, meanwhile, Windows Defender had a 3% compromise rate from July through November 2016. That has been almost directly replaced by the possibility of “user-dependent” security compromises in 2018, which still isn’t perfect but a huge improvement.
The Verdict: A Sturdy Defence
Just a few years ago you’d have been laughed off for suggesting that it was enough for you to sit back, install no third-party AV software, and let Windows take care of defending your PC. While we wouldn’t encourage complacency, Windows Defender is now well-proven as a viable antivirus option unto itself.
However, if you want to err on the side of caution, there would be no harm in adding an extra layer of protection over Windows Defender, just to eliminate the minute possibility that something could sneak through the net.
But do you need to worry if all you have is Windows Defender? No, not any more. However, the malware landscape is always shifting, and we’ll keep an eye out for developments that suggest otherwise.
This article was first published in February 2017 and was updated in February 2019.
Defender and Security Essentials have been my go-to AVs on four systems, two Win7, two 10 for almost two years primarily as the auto-update of the commercial internet security app borked my system one too many times.
The only thing that bothered me about them is the irregular signature and definition “push” from MS and its dependence on Windows Automatic Update. Sigs/defs are updated several times a day:
https://www.microsoft.com/en-us/wdsi/definitions/antimalware-definition-release-notes
As such, I would not run either Defender or Security Essentials without a Task Scheduler task every fours hours for “MpCmdRun.exe -SignatureUpdate” Instructions flourish in google.
I also use CheckMAL’s AppCheck Pro and GlassWire with Bitdefender’s TrafficLight, Adguard and Ghostery extensions in the browser.
Thanks for the great article. Yup, it’s a sturdy defense.
> Is Windows Defender Good Enough in 2019?
On occasion I am forced to use a Windows computer and it’s so weird having any kind of malware protection when the entire OS is built to spy on you. It’s like installing tracking-protection on Google Chrome. Uploading all your data to Apple’s Chinese servers and expecting privacy.
Lots of very smart people operate this way and worse… they’ll even defend it behind incredible mental gymnastics or simply pretend that none of this exists.
So weird. Truth is stranger than fiction. It’s like a Twilight Zone episode about flat-earthers.
You wrote “On occasion I am forced to use a Windows computer and it’s so weird having any kind of malware protection when the entire OS is built to spy on you.”
Privacy and security are two different things. I have no expectation of privacy when using Windows 10 (for that I use Linux), but it’s possible to make Windows 10 pretty damn secure. Using a standard user account instead of an administrator account is one of the best things people can do to prevent the vast majority of malware.
It’s definitely a viable option and one I’ve used for a while now with absolutely zero issues. Best of all it doesn’t slow down your system like most AV software.
I have it on my computer plus Malware AntiMalware Bytes. I had to reformat a desktop PC from the beginning several years ago and never want to do that again! It took an entire day to bring it back to where it was before I got slammed with a virus/worm!
Consider backups.
Will adding another AV, like AVG cause a conflict and allow neither AV’s to function properly?
No, from the above article.
What is the “extra layer of precaution” that you alluded to ?
When it comes to security “good enough” is NOT good enough. You either have/use the best or you are naked and exposed.
As gazoo said, when it comes to Windows, there can be no discussion of security because the O/S is deliberately designed to be insecure. Bad actors can, and will, just as easily as MS, use the MS designed holes.
Defender is a robust option to use versus paid. I have spent much time and effort on this. If you want a backup, use a free online scan for forensics purposes. Often, malware will sneak in via ads, etc. Use Ublock origin in Firefox, among other things. I adjust about 20 settings in Firefox about:config, and use Windows firewall outbound only allowed. I have not had any problems-knock on wood-
One user brought back a flash drive that was used in an Internet cafe and contained malware. Two machines (Win 7 and 10, both with the built-in AV) did not detect it, but another (Win 7 with a free version of Kaspersky) did.
On the other hand, the third machine was slower in terms of file and Internet browsing.
Thank you for your article.
I have been using Windows Defender since its inception, in conjunction with Malawarebytes. Both programmes appear to keep my computer protected, advise me of any untrustworthy sites and also bring unwanted intrusions to my attention.
I am also using Firefox as opposed to Edge and Google, both of which I find intrusive.
Cheers,
Mike
Sydney, Australia
To me a better way of looking at the whole issue of malware infection is trying to cut off as many lines of attack as possible to make it as hard as possible for malware to infect a computer in the first place. What people need are layers of protection, also known as protection in depth. Just installing some anti-malware software (even if it gets the best scores in tests) and calling it a day isn’t enough these days imo.
Keeping your operating system and all installed programs updated helps a lot when it comes to protection, since a lot of malware exploits weaknesses in the operating system and/or the installed programs. That’s one layer of defence.
The uBlock Origin browser add-on provides another useful layer of protection and blocks ads including malicious ads and warns you if you’re about to go to a dodgy site like a phishing site, malware site, fake tech support site, etc. Using it in its default settings will be fine for most people. The more you start fiddling with the settings the more likely you are to “break” sites meaning they may not display properly (or at all) or you may not be able to log into sites like Gmail or YouTube.
Windows 10 comes with a firewall, anti-exploit features (DEP, ASLR, etc), UAC and Defender as standard, which all help prevent malware infections. People could argue til the cows come home about which particular anti-malware solution is best, but that’s only one piece of the whole jigsaw. Even the best-scoring anti-malware solution only needs to miss one threat and you could get infected, so using various layers of defence as I’m describing here is a much better solution imo. If you DO use Defender though, make sure real-time protection and cloud protection are enabled.
In Defender you can also optionally switch on core isolation to protect memory and anti-ransomware protection to protect your files. These are two more useful layers of protection.
NoVirusThanks OSArmor provides yet another useful layer of protection and is a simple install-and-forget program. Just using it in its default settings will be fine for most people and add another layer.
And if some malware gets through ALL those layers of protection and you still get infected, then you can run on-demand scanners like Malwarebytes, SUPERAntiSpyware, EMSISOFT Emergency Kit, etc, to try and fix the infection.
And lastly regularly back up all your essential data to an external drive, USB drives or in the cloud (Google Drive, DropBox, etc). That way if disaster strikes and you get infected with ransomware or your computer won’t start up for whatever reason then you haven’t lost your essential data. You can then take your computer to a repair shop, they can reinstall your operating system and put all your data back onto your computer.
In my experience, Windows Defender’s performance can be ridiculously poor. When scrolling through your download folder or even just scrolling through a list of exe files, the Defender process freaks out on checking all files. It causes a huge delay before you can even see the program icon in the first place! Extracting files, opening up programs like Steam, or even well-known programs like Firefox and Chrome suffer from reduced file speed performance due to Windows Defender. I ran it for half a year just because it’s from Microsoft and doesn’t annoy me. But yesterday I had enough (also because suddenly “Process Hacker” is recognized as a “bad program”), and I’m using Avast Free again. And I honestly feel seriously ashamed why I didn’t do it earlier, because I feel like my hard drive has transformed into a SSD. That is how ridiculous the performance impact of Windows Defender has been! My jaw really dropped. The worst part is really that people don’t do comparisons and believe in myths, so that is why so many claim Windows Defender is “lightweight”.