Is Windows Defender Good Enough? Not Yet

One of the most common questions we get asked at Tom's Guide is "Is Windows Defender good enough to protect my PC?"

The short answer is: Nope. The longer answer is: No, but it might be someday.

Microsoft's built-in antivirus software isn't meant to compete with full-fledged, commercially distributed antivirus software. Instead, when it was first built into Windows 8 in 2012, Windows Defender was intended as a stopgap, a minimum level of defense for the millions of Windows users who hadn't installed any antivirus software on Windows XP, Vista or 7.

The problem with Windows Defender is that its malware detection, to put it plainly, sucks. In lab tests conducted since the beginning of 2013, it's stopped about 89 percent of widespread, well-known malware, and about 78 percent of previously unknown "zero-day" malware.

The problem with Windows Defender is that its malware detection, to put it plainly, sucks.

Because what matters isn't how much malware is stopped, but how much gets through, a detection rate just under 90 percent isn't a B plus — it's an F.

MORE: Best Antivirus Software and Apps

Most other products we review, free or paid, stop better than 95 percent of zero-day malware, and 98 or 99 percent of widespread malware. Our best-reviewed products, Avira Free Antivirus and Bitdefender Antivirus Plus, have detection engines that consistently stop between 99 and 100 percent of both categories of malware.

That doesn't mean Windows Defender isn't getting better than it once was. It is — slowly. In evaluations conducted on Windows 8.1 in November 2015 by German independent lab AV-TEST, Windows Defender detected 97.5 percent of zero-day malware, and 99.6 percent of widespread malware.

But Windows Defender's detection rates are consistently inconsistent. In December 2015, its Windows 8.1 zero-day-detection rate slipped to 90 percent. In earlier tests conducted on Windows 10 by AV-TEST, Windows Defender stopped 80.5 of zero-day malware in September 2015, and 95 percent the following month. (To be fair, it stopped between 99.1 and 99.9 percent of widespread malware in all three instances.)

Still, those erratic numbers are a vast improvement from 2013 and 2014, when Windows Defender was scoring about 65 percent against zero-day malware, and about 70 percent for widespread malware. Things may be looking up for Microsoft's free AV software.

The Long Road to Microsoft Self-Protection

Windows Defender isn't Microsoft's first foray into the antivirus pool. The company had earlier failed with a paid product, Windows Live OneCare, that was discontinued in 2009. OneCare was replaced with Microsoft Security Essentials (MSE), a free download for Windows XP, Windows Vista and the then-new Windows 7.

It was MSE, not Windows Defender, that made established antivirus companies cry foul and threaten to complain to antitrust regulators. Then they had a look at the software and breathed sighs of relief.

Microsoft Security Essentials turned out to not be half as good as even the best free third-party antivirus product — and Windows Defender is just a rebranded version of MSE for Windows 8 and later. (To be precise, the later Windows Defender incorporates both the active-defense MSE and the earlier Windows Defender, a post-infection malware-cleanup tool.)

MSE is still around, protecting countless Windows 7 and Windows Vista machines. Unlike Windows Defender, it must be downloaded and installed manually, although its malware definitions are automatically updated. (The most recent versions don't support Windows XP.)

None of this is to say that Windows Defender is terrible; it's better than nothing.

As with Windows Defender, MSE's detection rates are all over the place. They bottomed out at the end of 2014, when the software caught 49 percent of zero-day malware in November (according to AV-TEST), and 72 percent of widespead malware in December. MSE peaked in January 2016, when it stopped 91.8 percent of the zero-day bugs and 99.7 of the widespread ones. (Both rates dropped the following month.)

The Many Moods of Windows Defender

Windows Defender does have its advantages. It doesn't require any installation, is well integrated into Windows, isn't terribly hard to use and has minimal system impact while running in the background. Like other antivirus products, it works by matching files with known malware, analyzing the behavior and code of unknown files and collecting new samples from its users.

But Windows Defender also has a heavy system impact during active scans, can be difficult to configure beyond the default settings and doesn't stop non-Microsoft web browsers — anything other than Internet Explorer and Edge — from visiting malicious websites.

Most paid antivirus products, and many free ones, work with Mozilla Firefox and Google Chrome, as well as Internet Explorer, to screen out harmful URLs. Most have lighter system loads than Windows Defender during full and quick scans. And many paid ones come with extra features that you'd otherwise have to buy separately, such as password managers, system optimizers or online backup storage.

None of this is to say that Windows Defender is terrible. As a last-ditch defense, it's better than nothing, which is what many people had before Windows 8 was introduced. But there are far better ways to protect your PC, whether you want to spend money or not.

TOPICS
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.