Windows Defender review

Do you need antivirus on a Windows 10 PC?

Windows Defender
Image Credit: Microsoft

Our Verdict

Its accuracy is just okay, but Defender's simplicity and ease of use has a lot of appeal.

For

  • Lightweight
  • Easy to use
  • Unlikely to conflict with other apps

Against

  • Average detection rates
  • Few configuration options

Windows Defender has been trying to protect PCs from malware since 2006, but its early years were far from successful. Independent testing showed its technology trailing far behind just about everything else, with dire detection rates which would have left you exposed to a host of threats.  

Microsoft has invested a great deal of time and effort in improving Defender in recent years, though, and it's clearly paying off, with Defender climbing the test rankings and now outperforming some big security names.  

The Windows Defender Security Center combines a wide range of features. There's automatic and on-demand scanning for malicious files; blocking of dangerous URLs; a simple firewall, and low-level exploit protection.

Parental controls enable filtering the websites your children can view, and limiting the time they can use their device, as well as monitoring multiple devices from a central web console.

There's now even an extra layer of anti-ransomware protection in Controlled Folder Access, which protects files, folders and some areas of RAM from changes by untrusted applications.

None of these features give you the power of the best of the free antivirus competition, but there's still a lot of functionality here. If you've taken Windows Defender for granted, mostly ignored it, we would recommend you explore what's on offer and find out just what it can do.

Setup

One of the greatest benefits of Windows Defender is it comes integrated with Windows, so there's nothing to download, nothing to install, and in theory at least, nothing to configure. Defender doesn't add an icon to your system tray or have any immediately visible interface, it just gets on with protecting your system. Security newbies don't even have to know that Defender exists.

It's not all good news. If you'd like to change Windows Defender settings, it's not always easy to find the options you need. Even when you find relevant options, it's not always clear what they do, and how they work.

Still, you'll figure out the basics quickly enough, and Microsoft does at least have plenty of documentation on most Defender features. If you're unclear about the Controlled Folder Access feature, for instance, you can read details about it on the Microsoft site, and test that it, and other Windows Defender features, are working from Microsoft's own test page.

Features

With Windows Defender you can perform a full scan, custom scan or even an offline scan on your Windows 10 PC (Image Credit: Microsoft)

Features

The Windows Defender Security Center opens with a panel displaying its various modules and their status. There's no Scan button or any other one-click way to perform some useful action, so you must choose a particular module, first.

Click 'Virus and threat protection' and you're able to run quick, full or custom scans. You can also scan selected files, folders or drives from Explorer's right-click menu. That's all the core functionality you need, although experienced users might miss features like the ability to build a library of custom scans, tweak low-level details of how they'll work, or easily run them on a schedule. (If that sounds like you, it's not all bad news. Command line support enables running Windows Defender in various ways from your own scripts.)  

Although it's hidden away (Virus & threat protection > Virus & threat settings), Windows Defender now supports a layer of simple ransomware protection in its Controlled Folder Access (CFA). This enables restricting user and custom folders (Documents, Pictures, Music and more) so that only approved apps can modify them.

Firewall

You can easily configure firewall settings within Windows Defender (Image Credit: Microsoft)

Click Defender's Firewall icon and you're able to view your current Windows firewall status, as well as getting access to key firewall functions: allowing an app through the firewall, adjusting firewall notification rules, running the network and internet troubleshooter, or, as a last resort, restoring the firewall to its default state.  

If you know what you're doing, there's a lot of security power here, but it does require some network knowledge to understand and the Windows Defender screen is really just giving you another way to access standard applets. The 'Network and Internet Troubleshooter', for instance, just points you to the standard 'Internet Connections' troubleshooter you'll find in Windows Settings (Update and Security > Troubleshoot.) 

Windows Defender's App and Browser Control section gives you control over some key settings. The excellent Windows SmartScreen can be set to automatically block, warn you or just ignore unknown apps and files, and Defender's Exploit Protection features use some very low-level technologies (DEP, ASLR, SEHOP, Control Flow Guard) to block common routes used to attack your system. These are valuable, but you'll need real technical expertise to understand what these do, or when and if you might want to turn some of them off.

Elsewhere, basic parental controls allow you to define when your kids can use their devices and the websites they can visit, as well as getting reports on their activities.

The Family Options page also enables remotely viewing the status of multiple devices from a central console. That's not just useful for watching kids: it could be handy for monitoring your grown-up family, business systems or even multiple devices of your own (you could check the status of a server at home, for instance, wherever you are.) 

Protection

A website with known threats blocked by Windows Defender (Image Credit: Microsoft)

Protection

Microsoft has upped its security game considerably in the past few years, and the testing labs results make this very clear.  

AV-Test's September/October 2015 Home User report found that Defender's protection rate for zero-day attacks could be as low as 80.5%. The industry average at the time was 97.2%, and top packages usually scored 99% or more.  

By the November/December 2018 report, Defender was blocking 99.9% of known malware, and in two months of zero-day testing it blocked 100% of brand-new threats. To put that in perspective, it was a higher detection rate than achieved by Panda, G Data, Malwarebytes, eScan and more.  

AV-Comparatives' Real World Protection tests are a tougher benchmark, and the July-November 2018 summary report placed Microsoft in a lowly 14th out of 18 contenders, with a protection rate of 99.1%.

Still, that's close to many commercial products (Norton managed 99.3% protection, Panda hit 99.3%, ESET achieved 98.9%, BullGuard 98.4%). It's also a useful reminder that although antivirus is an essential part of your PC's security, third-party packages won't always make you significantly safer. 

Final verdict

Windows Defender isn't the most accurate antivirus around, it's better than some commercial products, and if simplicity is your top priority, it might be a smart choice.