Windows Defender isn’t the absolute best antivirus software, but it’s easily good enough to be your main malware defense.
With very good defenses against malware, a low impact on system performance and a surprising number of accompanying extra features, Microsoft’s built-in Windows Defender, aka Windows Defender Antivirus, has almost caught up with the best free antivirus programs by offering excellent automatic protection.
Malware protection: Very good
System impact, background: n/a
System impact, scans: Moderate
Windows compatibility: 8/8.1 and 10
Email scans: No
File shredder: No
Game/silent mode: Yes
Hardened/secure browser: Yes, for Edge & IE only
Password manager: No
Performance scanner: No
Ransomware file reversal: Yes
Rescue disk: No
Scan scheduler: Yes
Support options: 24/7 phone, email support
URL screener: Yes, for Edge & IE only
Upsell nag factor: Nonexistent
However, Windows Defender still yields far too many false positives, indicating that its overzealous malware engine may yet need some improvement.
Scheduling scans is also too difficult for many to accomplish, there’s no protection for web browsers other than Edge or Internet Explorer, and there’s no stand-alone password manager or a file shredder.
If you crave airtight malware protection along with easy-to-schedule scans, a fair number of extra goodies, lots of customization options and a superlight system load, get Kaspersky Security Cloud Free. If you just want better defenses than what Defender offers, try the no-muss-no-fuss Bitdefender Antivirus Free Edition.
If you’re still using Windows 7, then you need to use third-party antivirus software. But if you’re on Windows 8.1 or Windows 10 and like the idea of getting very good free malware protection without lifting a finger, then just stick with Windows Defender.
Windows Defender comes with Windows 8.1 and 10 and can be disabled only by the installation of a third-party antivirus program, or, if you’re brave, editing the Windows Registry.
What you see with Windows Defender is what you get. There are no upgrades available to augment protection or add features. But if you take into account the entire Windows Security apparatus, Defender comes with a firewall, drive-level encryption (in Windows 10 Pro and up), limited parental controls and even a game mode.
On the other hand, it still lacks things that third-party antivirus makers add as enticements, such as a file shredder and VPN access.
Microsoft plans to expand Defender’s coverage to other platforms. There’s already a beta version of Microsoft Defender for Macs in enterprise deployments, and Microsoft says it is working on Microsoft Defender for Android and Linux.
Hence the official renaming of the enterprise product to « Microsoft Defender. » Microsoft tells us the consumer product will continue to be called Windows Defender Antivirus.
Even if you do nothing to a new Windows 8.1 or 10 computer, Windows Defender is already there protecting your machine. Many users will not even notice that Defender is working until they’re subjected to an attack.
Defender compares new files and programs against a database of known malware and watches for signs that an attack is underway, such as the encryption of key files.
By default, Microsoft uploads suspect items from your computer for online analysis, but you can opt out of this data collection in the Windows Security Center settings. Several malware-signature updates go out daily to Windows Defender and Microsoft Defender’s 500 million users.
Microsoft also has a bunch of specific defenses. Because Defender runs in an isolated « sandbox, » rogue code can be executed without affecting the rest of the system.
There’s now tamper protection to prevent malicious apps from changing settings, and Defender stops fileless-malware attacks with a memory-integrity feature that prevents malicious code from being injected into running RAM. It also screens email attachments for malicious code.
Quick scans are a click away from the front page of the Windows Defender Security Center, which you can access by clicking the shield icon in the System Tray at the bottom right of your screen. Full or specialized scans are a click or two beyond that.
When a USB drive is plugged in, Defender scans its contents; you can also scan any file by right-clicking on it in the Windows Explorer file manager.
The rest of Microsoft’s Windows Security Center features run whether or not Defender or another antivirus program is protecting your system, but they’re worth mentioning.
Attacks on the system’s start-up sequence can be stopped by Microsoft’s Secure Boot feature, and the SmartScreen filter blocks links to untrustworthy websites from Outlook, Edge and Internet Explorer (but not third-party browsers like Google Chrome or Mozilla Firefox).
Microsoft’s OneDrive online file repository can hold copies of your key files to be recovered in case of an encrypting ransomware attack.
If Windows Defender interrupts a movie or game playing on your PC, the Game Mode can help. While other antivirus programs have integrated game modes, Microsoft’s can be accessed in the Gaming part of the main Windows Settings menu.
Over the past two years, Windows Defender has improved to the point where it now offers malware protection as good as almost any free or paid antivirus program.
In all 26 monthly rounds of tests conducted in 2018, 2019 and the first two months of 2020 by German lab AV-Test, Windows Defender detected either 99.9% or 100% of known « widespread » malware every single time, and failed to get a perfect 100% only once in 2019. It failed to detect 100% of previously unseen « zero-day » malware a total of six times.
Those scores put Windows Defender, once the worst joke in antivirus protection, ahead of well-known brands like Avast, AVG, Avira and McAfee, and just behind Bitdefender and Trend Micro.
Defender still isn’t as good as industry leaders Kaspersky or Norton, which detected all malware in all of AV-Test’s 2018, 2019 and (so far) 2020 evaluations, but it’s finally within shouting distance.
Not all these brands mentioned offer free antivirus software, but of those who do, Kaspersky comes out on top with perfect scores. Next up is Bitdefender, which got all the widespread malware in those two-plus years but missed some zero-day bugs in three instances.
The other two free products we’ve reviewed for this round, Avast Free Antivirus and AVG AntiVirus Free, share the same malware-detection engine with each other and were behind Windows Defender. While they detected either 99.9% or 100% of widespread malware almost all the time, they missed zero-day bugs 10 times over the 26-month period.
Windows Defender is also detecting fewer false positives than it used to, at least in AV-Test’s evaluations. It registered 21 false alarms in 2018, but only 15 in 2019. Still, Kaspersky had only three false positives over the entire two years.
Tests by the Austrian lab AV-Comparatives are much more sensitive to false positives, and in those, Windows Defender racked up too many: a total of 74 in four monthly tests from February to May 2019, and 58 from July through October 2019. Kaspersky got zero false positives for the entire year; Bitdefender got four and Avast and AVG 13 each.
On the plus side, Windows Defender stopped a respectable average of 99.6% of « real-world » (mostly online) malware in AV-Comparatives’ February-May tests, and 99.3% from July to October.
Kaspersky’s results were mixed, with 100% in the first set of tests but only 99.1% in the second; in the first and second set of tests, Bitdefender got 99.9% and 99.7%, respectively, and Avast and AVG brought up the rear with 99.2% and 99.3% each.
Finally, Windows Defender scored a 99% overall score in London-based SE Labs’ July-September 2019 tests, and 98% in the October-December rounds, edging just past Avast and AVG in the first round and tying them in the second.
All three were behind Kaspersky, which scored perfect 100% detection rates both times; as for Bitdefender, it wasn’t tested.
Microsoft’s security offerings are baked into Windows 10 and available to users of other antivirus programs. Windows has a built-in firewall, which doesn’t screen outbound traffic by default as many third-party firewalls do, but you can set the Windows firewall to do that by adding rules.
It’s not a fully hardened browser for banking or buying online, but Edge’s SmartScreen filter blocks known malicious websites. There is a password manager baked into Microsoft Edge, just as there is for Mozilla Firefox or Google Chrome, but it can’t be used outside the browser.
If you’re running Windows 10 Pro, Enterprise or Education, you can use Windows Defender Application Guard, which opens untrusted websites in an isolated instance of Microsoft Edge to protect the rest of the machine.
There are Application Guard extensions for Chrome and Firefox, but all they do is let you open dodgy websites in the isolated version of Edge instead.
Microsoft built parental controls into the Windows Security Center, but they mainly work only with other Microsoft products. The screen-time limits work with Windows or Xbox One, but not a Mac.
The browser filters screen what kids see in Edge and Internet Explorer, but not in Chrome or Firefox. These two features do work with Android devices, but the devices need to have the Microsoft Launcher app installed.
Windows Defender’s mandatory protection makes computing safer, but it complicates our testing because it means that Defender is always running in the background and there’s no easy way to generate a pre-installation baseline score comparable to those of other antivirus brands.
(For what it’s worth, installing Kaspersky Security Cloud Free actually sped up our system by 0.9%, which hints that it’s got a lighter background performance impact than Windows Defender.)
To gauge performance, we used our Excel-based benchmark, which measures how long it takes to match 20,000 names and addresses in a spreadsheet. Our test machine was an Asus X555LA notebook with a 2-GHz Core i3-5005U processor, 6GB of RAM and 59.5GB of files on a 500GB hard drive. This notebook ran Windows 10 with the latest updates.
Windows Defender took an average of 1 hour and 34 minutes to complete a full scan of our test system, the slowest of the free malware apps to examine an entire computer. The quick scan took an average of 3 minutes and 38 seconds, well behind Avast Free Antivirus’ 1 minute and 36 seconds.
With no active scans running, our benchmark test took 13.3 seconds to finish, which rose to 16.0 seconds while running a full system scan with Defender. That’s a performance drop of 20% from the normal background load.
Among other free antivirus programs, Bitdefender Antivirus Free Edition’s full scan slowed the system by 26% from the post-installation background (not the baseline), and Avast Free Antivirus caused a 24% loss.
Much lighter were AVG AntiVirus Free, whose full scan translated into a performance loss of just 7.1% from the background, and Kaspersky Security Cloud Free, which created a 6.7% loss from the background (and a 5.7% drop from the preinstallation baseline).
Windows Defender’s quick-scan results were better, with the benchmark finishing in 15 seconds. This 13% performance drop was only outdone by Kaspersky Security Cloud Free’s 2.1% hit. By contrast, Avast Free Antivirus showed a performance decline of 47%.
The Windows Security Center can be reached by clicking the shield icon in the System Tray that slides out from the little up arrow in the bottom right of the desktop interface.
The main window presents you with seven features — the first, Virus & Threat Protection, is where you can fine-tune Defender’s ransomware protection by toggling the Controlled Folder Access feature, and where you can mirror key files on OneDrive.
Account Protection specifies how you log into Windows, and the Firewall & Network Protection section is obviously for tweaking the firewall. App & Browser Control adjusts Edge and the Microsoft Store’s security settings.
Device Security lets you activate core isolation and memory integrity to help stop fileless-malware attacks. The Device Performance & Health section checks your storage, drivers, battery (if it’s a tablet or notebook) and apps, and provides a mechanism to reinstall Windows while keeping your personal files intact.
Family Options just links to your online Microsoft account, where you can set up the aforementioned parental controls.
One big drawback: There’s no easy way to schedule scans with Windows Defender. Instead, you need to set up scans in the Task Scheduler, which hasn’t changed much since Windows Vista and will try the resourcefulness and patience of most users.
Because it’s part of Windows, there’s nothing to install or turn on with Windows Defender. It’s there whether you want it or not.
Unlike some other free malware programs, however, Windows Defender has Microsoft’s 24/7 phone and email support to answer a question or sort out a tough infection. There are also a lot of resources online, including set-up tips, reports of new malware and detailed instructions.
Windows Defender now provides world-class malware protection and makes a good argument for not replacing it with a third-party antivirus program. Its only flaws are that some of its protective tasks, like scheduling scans, are hard to set up, and it delivers too many false-positive misidentifications.
If you want the overall best free antivirus protection with a decent number of extra features, Kaspersky Security Cloud Free is the way to go.
Tom’s Guide is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.
World news – US – Windows Defender review