Microsoft Defender review

It adds a password manager for the Edge browser, and subscribers to Microsoft 365 (aka Office 365) will be rewarded with an upgrade that includes dark web monitoring, ID insurance and an unlimited VPN. As good as it is, Defender’s ability to spot and disarm malware is a half-step behind Bitdefender and Avast, but you can’t beat Defender for making security easy. Our Microsoft Defender review will help you decide if this is the best free antivirus software for you or if you’d be better off upgrading to a paid product.

Microsoft Defender review: What’s covered and upgrade options

Included with every Windows 10 or 11 computer sold, Microsoft Defender comes turned on to protect the system from day one. Short of ad hoc Registry editing, the only way to disable it is to install another security program to replace it. 

Surprisingly powerful for a freebie, Windows Defender encompasses a lot of security-related features and its menu of services is comparable to some mid-range paid security programs. Some features, however, only work with other Microsoft products, creating an exclusive security food chain. On top of its firewall, drive-level encryption and parental controls, Defender uses malware scanning and behavioral monitoring for attack warnings along with email scanning, a password manager and a secure browser. 

Previously a one trick pony, Microsoft Defender for Individuals straddles the line between free and paid software. Introduced in June 2022, it’s part of a Microsoft 365 subscription that most people get for access to the company’s Office 365 apps. It costs $84 for one and $120 for six and adds dark web scanning and ID protection that includes rudimentary credit monitoring and $1 million in ID insurance. There’s also 1TB of online storage for each user – up to 6TB for the family plan – and access to the company’s VPN but there are limitations.

While others bombard users of free malware protection with popups, emailed discounts and other enticements to upgrade to a paid plan, Defender for Individuals is one of the best kept secrets. I suspect that most have never heard of it, and that’s a pity.

The focus used to be purely on Windows protection, but Microsoft’s security ambitions have expanded to include Microsoft Defender: Security for Mac systems; it requires macOS 12 (Monterey), 13 (Ventura) or 14 (Sonoma). There’s also Microsoft Defender: Antivirus (for Androids) that requires Android 8.0 or above as well as Microsoft Defender: Security (for iPhones and iPads) that needs iOS version 14 or newer and lacks the ability to perform malware scanning.

Windows Defender review: Antivirus protection

The best part is that each and every new Windows PC comes with Windows Defender in place, protecting it from the first time it’s turned on with nothing to do or install. It may seem like the slacker’s solution to security, but Defender offers powerful protection.  

In addition to advanced behavioral analysis to catch the early actions of an attack, the program has a comprehensive malware scanner that compares what’s on the system’s drive and memory with an up-to-date database of known threats. The default setup is for Defender to send questionable items from your computer to Microsoft’s online malware analysis lab for dissection. The most dangerous items get a fix created using the latest machine learning techniques. These updates are sent to the 500 million computers protected by Defender. Unlike some competitors, it’s easy to opt out of this collection scheme at the Windows Security Center. 

Defender starts by defending Microsoft’s Secure Boot startup sequence by guarding the system’s UEFI code from manipulation and extends to sandboxing suspect code so it can be safely executed without damaging the system if it goes rogue. It all happens in less than a second. The program can block fileless-malware attacks and has a memory-integrity monitor that watches for attempts to inject malicious code into the system’s RAM. It also screens email attachments for exploits.

Running a Quick Scan is easy with an actuation button on the Windows Defender Security Center page and the Task Tray’s icon. You will need to go a level deeper to get to custom scans and full examinations of the system, though. In addition to automatically scanning new drives after they’ve been plugged in, a right click on anything in the Windows Explorer can start a viral assessment.

Defender continues to be one of the hardest security suites when it comes to scheduling scans. However, it’s better and easier to allow Defender to scan when the system is idle; it’s set up that way by default.

The ultimate defense against malware is backups and Microsoft OneDrive which can hold a full archive of the system’s key files or your own personal ones; Microsoft 365 customers get 1TB of online space. They can be recovered in case of a ransomware attack.

Too bad that Microsoft’s latest trick is only available for enterprise customers. Microsoft’s Security Copilot takes security-related prompts from its security software and uses its “grounding” technology to specify the attack vector and what can be done about it. This data is sent to the software’s generative large language model to communicate the details to the user in plain English (or another language).

Defender has a built-in WinRE recovery environment to scan for malware. There’s also the ability to re-install Windows, with your personal files intact followed by a full scan.

Microsoft Defender review: Antivirus performance

Following years of inadequate malware performance as measured by neutral third party labs, Defender came into its own in 2020 with excellent scores that rivaled the best in the business. This effectiveness seems to have peaked with good protection offered at the present that, unfortunately, allows a few threats through.

To start, its perfect scores on the July-August 2023 series of appraisals of widespread and popular threats by AV-Test show Defender to be the equal of Bitdefender and Kaspersky. Only Malwarebytes fell short of the mark at 99.9% effectiveness at finding and killing known attacks. 

That said, Defender was far from perfect at evaluating and destroying zero-day assaults that thoroughly test a scanner’s abilities to discern the safe from dangerous. The software’s grades of 99.3 and 99.4%  for July and August testing mean that two or three potentially dangerous items could slip through its malware net. In this regard, Avast Free Antivirus, Bitdefender Antivirus Free Edition and Kaspersky Security Cloud Free all had perfect runs in this category while Malwarebytes, Panda Free and Avira Free Security were lower on the effectiveness scale.

During testing, Defender incorrectly warned that a single piece of safe software was possibly a threat. That’s not bad, but Panda, Kaspersky and Avira had no pesky false positive results, making them seem more reliable.

When it came to the testing done by AV-Comparatives in September and October of 2023, no malware scanners had perfect test scores. Defender’s 99.9% success rate was good, but it translates into five potentially threatening items cleared by the scanner as safe. By contrast, Bitdefender let two potentially dangerous items through its scanner, while Avast, AVG, Avira and Kaspersky let three possible threats through. Panda led this ignominious category by missing 59 items.

During AV-Comparatives’ evaluations, the Defender software had five instances of false positives, tying with Panda in the false positive category. Kaspersky, which is often perfect or close to it, six instances of incorrect danger warnings.    

Finally, Defender tied with Avast and Kaspersky in September 2023 testing by SE Labs with ideal 100% scores. Mirroring the other results, only Panda fell short with a 97%  score.

Microsoft Defender review: Security and privacy features

Part and parcel of Windows, Microsoft Defender is an integral aspect of Windows 10 and 11. It provides an alluring alternative for those who want simple security. The philosophy behind Defender is to detect and disrupt dangerous software before any damage is done. 

The operating system has a built-in firewall that other security programs seek to replace or augment, often in their paid programs. The two-way barrier has settings for private and public use as well as the ability to craft new rules for what to block and what to allow through. 

The recently added Smart App Control protects new and novel exploits by blocking apps that load unsigned or unknown code. This can stop a break-in before it can do any damage.

Microsoft’s included Edge browser can filter objectionable sites, although its online protection can’t be used with other browsers like Chrome, Firefox or Safari. The SmartScreen website filter works with Chromium-based browsers and blocks links to online destinations that have a bad reputation for delivering malware.

Microsoft has focused squarely on credential thieves so that when you log in, Defender safeguards your credentials, although it does without an encrypted or onscreen keyboard. It isolates suspect accounts and prevents the lateral movement of attack vectors that could be the start of a cascade attack.

Meanwhile, the Edge Password Manager can store your login credentials in encrypted format. There’s no standalone security browser, but Edge has been hardened to stop attacks with what Microsoft calls “Defense in depth”. Beefed up with a sandbox for safely executing suspect code, there is protection against typos and unwanted apps being downloaded, the latest additions include hardware stack protection, control flow guard and an arbitrary code guard.

There’s no specific code to protect a webcam but Defender relies on the program’s ability to spot malicious behavior prior to damage being done. Meanwhile, the parental controls allow filtering of known objectionable categories and can limit screen time on PCs, phones and tablets. It can do this for Xbox game consoles but not Macs.

No doubt, there’s a lot inside Defender but it doesn’t match up with best of breed features, including the lack of a file shredder. To get access to the VPN and ID protection, you need to subscribe to Microsoft 365 for $84 or $120 a year for individual or family accounts. The bonus is that it includes all the Office 365 apps, although at the moment the VPN only works with Androids and after 10GB per month of use, the speed might be throttled.

Microsoft Defender: Performance and system impact

To gauge performance, we used our Excel-based benchmark, which measures how long it takes to match 20,000 names and addresses from a census database. Our test machine was a Lenovo ThinkPad T470 with an Intel Core i5-7200 processor, 8GB of RAM and a 250GB solid state drive with 175GB of free space. This notebook ran Windows 10 with the latest updates, which means that, unlike the others, there’s no way to uninstall Defender. 

As a result, there’s no post-installation/pre-scan benchmark score. It took 10.2 seconds to run the benchmark with the program in place that is equivalent to the baseline scores of the others. Using the scanner was at a large cost in terms of system resources, with the benchmark time rising to 16.4 seconds – a 61% drop in performance potential versus the baseline score. This makes Defender a resource hog compared to the likes of Avast Free Antivirus’s 14% change.

Microsoft Defender took 55 minutes and 31 seconds to run its first scan and fell to 54:12 on the third pass. This makes it one of the slowest to examine the entire system. This is particularly the case because its scans were thorough with Defender looking at 1,123,314 files, although Avast’s scan of 1,116,463 items took less than half as long. 

Its quickie scan had a lighter touch, using fewer system resources. It took 15.0 seconds to run the benchmark, which translates into a better but still poor showing of a 47% decline from its initial score. By contrast, the best was Panda’s 11% rise in benchmark time. 

The Quick Scan of the most pressing threats looked at 39,965 files, quite a lot but more than 50% fewer files compared to Panda. It took two minutes and 11 seconds but by the third scan, it was down to 1:34 for 20,872 items, making it a mid-range performer.

Microsoft Defender review: Interface

The Windows Security Center continues to be the center of attention, but it can take several clicks to get to it, rather than a single click for most of its competitors. The best way to get to the Security at a glance home page is to type “Windows Security” into the search box or to put a shortcut on the desktop. 

Happily, its pages can run full screen and have go-back arrows, and the left side category menu is a big organizational help. On the downside, many of the windows require scrolling to see everything. For instance, the main Security at a glance page has seven areas that range from Virus & threat protection to Firewall & network protection to Device security. Unfortunately, on an HD screen, Family options is below the digital fold and requires scrolling.

The Virus and threat protection page has Current threats, Protection settings and Protection update sections with a checkmark or red mark next to it to show whether it requires your attention. It’s easy to start a Quick Scan from here, but to run a Full Scan or just of a file or folder, I needed to go a level below to Scan Options.

There are detailed settings under the surface, like using OneDrive’s online storage to backup key files as protection against a ransomware attack; the program lacks the ability to automatically rollback affected files. I was able to turn real-time protection on or off and the defenses can use Microsoft’s cloud presence to enhance and speed protection. Below there’s a place to use the program’s tamper protection that protects Windows code from being subverted by a virus, a vital protection that many freebies lack. There’s also a way to submit a virus sample for analysis.

While the Device Security controls the Trusted Platform Module (TPM) settings and the Secure Boot operations, the Firewall is open to new rules for what gets stopped.

The App & browser control can help get to the right level of filtering webite without it becoming onerous and the Device performance & health has a nice Health report. While it’s not strictly about security, it encompasses everything from whether you’re running out of storage space to whether your notebook’s battery is flagging.

There’s also the Privacy review, which checks your settings. My set up needed changes to the password authenticator to enhance the safety of my online world.

Defender relies on the Windows Task Scheduler to set up automatic scans, a daunting task. It shouldn’t be a deal-breaker because the system’s default setting is to look for viruses and threats when the system is idle.

The Settings icon in the lower left is where I chose from installed security software, although I only had Defender on this system. The screenshot below is from a system that is protected by Bitdefender Total Security but can revert to Defender.

Microsoft Defender review: Installation and support

The company couldn’t have made security easier. Just turn on your PC and it’s automatically protected against a wide variety of threats. 

That said, Defender’s support is better than most in the free world and includes the ability to call or email technicians with a problem or just ask a question. This service is usually reserved for paid customers by competitors. 

In addition, the online self-service section has lots of resources. They range from getting started assistance to cybersecurity tips to help protecting Office files.

Microsoft Defender review: Verdict

With features that others reserve for their paid plans, Microsoft Defender stands out from the crowd of free security products by making protection as easy as turning a system on. Its inclusion of a password manager, firewall and tamper-resistant code makes it a viable competitor to free and many mid-level security programs. On the downside, some features only work with Microsoft products and Defender’s scanning engine can put a big burden on the system. 

Its overall protection is good and users of Microsoft 365 users get Defender for Individuals that adds a VPN and dark web scanner to protect an online life from disruption as well as ID protection services that include $1 million of insurance to cover the costs of an identity crisis. 

With nothing to install, Defender does the hard work of protection, but you don’t need to do anything. For once, the lazy person’s approach just might be the best.