Home Microsoft How effective is Windows Defender?

How effective is Windows Defender?

Windows 10 |
© G0d4ather | Dreamstime Stock Photos


Windows Defender Security System – also known as Windows Defender Antivirus – is a built-in antivirus product and anti-malware component of Microsoft Windows.  It was first released as a downloadable free antispyware program for Windows XP, and was later shipped with Windows Vista and Windows 7. It has evolved into a full antivirus program, replacing Microsoft Security Essentials as part of Windows 8 and later versions.

Anti-virus software

Antivirus software was originally developed to detect and remove computer viruses. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from: malicious browser helper objects (BHOs), browser hijackers, ransomware, key loggers, backdoors, rootkits, Trojan horses, worms, malicious LSPs,  diallers, fraud tools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity (privacy), online banking attacks, social engineering techniques, advanced persistent threat (APT) and botnet DDoS attacks.

 Basic features of Windows Defender

Before Windows 8, Windows Defender only protected users against spyware. However, it has now evolved and includes a number of real-time security agents that monitor several common areas of Windows for changes which might have been caused by spyware. It also has the ability to remove installed ActiveX software.

Windows Defender features an integrated support for Microsoft SpyNet that allows users to report to Microsoft what they consider to be spyware, and what applications and device drivers they allow to be installed on their systems. Protection against viruses was subsequently added in Windows 8, which resembled the earlier iteration of the company’s anti-malware program,  Microsoft Security Essentials (MSE). It also uses the same anti-malware engine and virus definitions from MSE.

In Windows 10, Windows Defender settings are controlled in the Windows Defender Security Center. In the Windows 10 Anniversary Update, a new logo is introduced and a pop-up notification will appear to announce the results of a scan, even if no viruses are found.

Advanced features

Advanced features of Windows Defender include:

Real-time protection: The user can configure real-time protection options.

Browser integration: Integration with Internet Explorer and Microsoft Edge enables files to be scanned as they are downloaded to detect malicious software inadvertently downloaded. Although it does not integrate with non-Microsoft web browsers, Windows Defender scans for malicious downloaded files as part of its real-time protection.

Limited Periodic Scanning: Windows 10’s Anniversary Update introduced Limited Periodic Scanning, which optionally allows Windows Defender to scan a system periodically if another antivirus app is installed. It also introduced Block at First Sight, which uses machine learning to predict whether a file is malicious.

Firewall Antivirus Alert Protection Security Caution Concept

How different is Windows Defender different from other antivirus products?

The main difference is that users are not required to go through an installation process as they have to with all other free antivirus tools. Users who want to see its interface can just go to their notification area and then click on the Windows Defender Security Center icon. After clicking the icon, the main interface for the application will open up on its own.

How effective is Windows Defender?

Historically, Windows Defender had a poor reputation when it came to protecting users from malware and other types of viruses, especially when compared it with some of the best antivirus products around town. However, Microsoft has put in a lot of work to bring the product up to scratch, and has significantly improved its overall performance. For example, in May 2017, Travis Ormandy, a vulnerability researcher from Google, discovered security vulnerability in the module of Microsoft’s Antimalware Engine (MsMpEngine), which affected, amongst other programs, Microsoft Defender. Within three days,  Microsoft had released a patch to all affected systems.

Despite the progress made, an independent test of 15 antivirus (AV) products last December, saw Defender only ranked seventh tying with four other vendors. The top AV products for Windows 10 across protection, performance, and usability were Trend Micro, Vipre, AhnLab, Avira, Bitdefender, Kaspersky, and McAfee, according to AV-Test.

Windows Defender rated highly on protection, detecting 100% of new and old malware, but lost points for performance, which measures how much an AV slows applications and websites, and usability, which counts false-positives or instances where AV wrongly identifies a file as malicious.

Windows Defender’s performance rating was dragged down because it slowed the installation of frequently used applications more than the industry average, and wrongly detected 16 pieces of legitimate software compared with the industry average of four.

Ransomware antivirus immunization word cloud concept

Microsoft’s response

Microsoft has responded to the criticism by letting its enterprise customers know that Windows Defender is only half the picture, given the option for customers to also deploy Windows Defender Advanced Threat Protection’s (ATP) “stack components” including SmartScreen, Application Guard, and Application Control.

It has also retrained it machine-learning classifiers to detect some of the samples it missed, although it has subsequently argued that Defender ATP did catch them, and that independent testers need to evolve their testing methodologies.

SE Labs

SE Labs is a London-based independent testing lab, which carries out its tests based on a products performance and awards the antivirus product with five types of certifications, ranging from AAA at the top to C at the bottom.

In a recent report evaluating anti-virus software, Windows Defender earned the lowest rating possible, and was out-performed by all the free anti-virus software programs tested. That suggests that Microsoft still has some way to go to improve the performance of Defender.


Whilst Windows Defender has successfully made the transition from a poor performer to good, it still lacks the functionality and performance of the best free online antivirus products like AVG Free Antivirus and Avast Free Antivirus, which offer more protection and have better scores from independent lab tests.

Therefore, if you are running Windows 8 or above and want the best anti-virus software and malware protection available, then do not just rely on the built-in Windows Defender Security System, but go ahead and download one of these free options for added security and peace of mind.