Tuesday, August 13th 2019

A Case for Windows Defender: Triad of Perfect Scores in AV-Test

Here's a strange thing: a case for a free, bundled software solution being better (in the metrics concerned and evaluated) than paid, third-party counterparts. We're writing of none other than Microsoft's own Windows Defender suite, which is bundled with Windows and offers a security solution integrated into your OS. While the "paid is always better" philosophy has been proven wrong time and again and isn't that much of a powerhouse behind users' thought process anymore, the fact is that Windows Defender has somewhat been taken for granted as an "undesirability" in users' computers. However, a comparison made by AV-Test, which pits many of the available cybersecurity solutions available on the market, has found Microsoft's Windows Defender to be worthy of a triad of perfect scores.

The results for Windows Defender include perfect (6.0) scores in the "Protection", "Performance" and Usability" categories. The testing period refers to May through June of this year, and only F-Secure SAFE 17, Kaspersky Internet Security 19 and Norton Security 22.17 managed to get the same perfect scores as Windows Defender Version 4.18. Check out the link for the score of your cybersecurity solution of choice. But it's clear that least where this period is concerned, Windows Defender walked circles around some paid solutions.
Source: AV-Test
Add your own comment

43 Comments on A Case for Windows Defender: Triad of Perfect Scores in AV-Test

#1
VulkanBros
Interesting....
But no mention of virus definition update rates and, to my knowledge, Defender has no website check (SmartScreen - so they have) no email scanning client.

Common sense should be enough :fear:
Posted on Reply
#2
las
Defender is working just fine, I'd never pay for AV
Posted on Reply
#3
amit_talkin
Here using free Comodo Internet Security for like 10 years now. Happy with it. Cant find any better firewall out there compared to Comodo.
Posted on Reply
#4
trparky
VulkanBros, post: 4097537, member: 6693"
no email scanning client
I don't think that they need an email scanner, that's just one more background service running that can soak up precious CPU cycles. For many of us here at TechPowerUp, we want our processors doing what we want it to do; not needlessly toiling away running God knows what kind of background crap that many of today's "security suites" have as part of them.

I used to use Avast but I dumped them simply because they're getting a lot naggier as of late, I always got notifications to buy more stuff.
Posted on Reply
#5
XiGMAKiD
This is good news at least for me, they really took their time to get here
Posted on Reply
#6
willace
las, post: 4097548, member: 111974"
Defender is working just fine, I'd never pay for AV
Been using Defender + adblock for a long time.

No issue at all.
Posted on Reply
#7
Octopuss
I heard claims that Defender is performance hungry or something. No idea if it's true.
Posted on Reply
#8
sam_86314
Been using Defender for as long as I've used Windows 10 and haven't had any issues.

I used Microsoft Security Essentials before I moved to Windows 10. It was a mixed bag. I got a few bad things with it, but it would take care of them when it finally caught them.
Posted on Reply
#9
Tomorrow
No ESET in the list while most others are represented. Odd...
Posted on Reply
#10
TheLaughingMan
I have been using Windows A/V for years because I am cheap, it was convenient, and performance was good as best I could tell. I am surprised as to how good it is.
Posted on Reply
#11
Camm
Its a damn good default.

But its also the default that all malware needs to overcome.
Posted on Reply
#12
Rahmat Sofyan
yup, since windows 10 first launch I've never use any other av, windef quite enough ..

just make sure regularly check for an update, at least once a week ..

simple, integrated, no ads so far and easy to update ..
Posted on Reply
#14
Zareek
I will stick with my free Sophos Home account until one of my PCs has an issue with it. I used M$ built-in with the last fresh install for a week or two. It seems pretty good but after Security Essentials and everything that it missed, my confidence in M$ protecting their own OS is shaky at best. On top of that the Sophos stuff allows me to prevent my wife and son from installing crapware on their machines.
Posted on Reply
#15
rblc
VulkanBros, post: 4097537, member: 6693"
Interesting....
But no mention of virus definition update rates and, to my knowledge, Defender has no website check (SmartScreen - so they have) no email scanning client.

Common sense should be enough :fear:
3x per day.
Posted on Reply
#16
danbert2000
There's just no need for anything else nowadays. Half the battle is protecting yourself from suspicious sites and downloads, which is pretty much common sense among people that frequent this forum. The other half is something that is updated to scan for the biggest threats. Microsoft does a great job at defining these threats because they have the analytics of the Windows 10 user base to identify malicious software campaigns.

I remember the good ol' days of running AVG or Zonealarm, but since Windows has a competent firewall and antivirus now, you don't really gain anything from Norton or McAfee. You get a different solution, not a better one.
Posted on Reply
#17
bug
My beef with Defender is that because it comes bundled, it is the default target for an attacker.
My beef with free AV alternatives is they nag you about upgrading at a reduced price.
And because of the above, of course my beef with paid AV alternatives is they're too expensive.

Fwiw, my installed AV solution has caught only a handful of potential threats in the past decade (and they were all stuff my wife brought home on a stick). A combination of not letting the firewall open up ports at will, using your head when downloading stuff and NoScript works wonders ;)
Posted on Reply
#19
Bitgod
https://www.av-comparatives.org/ said in their June testing that Defender had a ton of false positives, so they ranked them in the middle. Though I guess if you use it and aren't getting alerts, it's working for ya.
Posted on Reply
#20
TheGuruStud
It doesn't work at all unless you like false positives and restoring your files.

I immediately disable this pile of crap after install. Have you noticed that microtards no longer let you take control of reg keys to fully disable it? Scumbags.
Posted on Reply
#21
trparky
TheGuruStud, post: 4097961, member: 42692"
It doesn't work at all unless you like false positives and restoring your files.
Have you ever heard that it's better to be safe than sorry? I'd rather have something be detected as a false positive than to have the malware run roughshod over my system and my data.
Posted on Reply
#22
TheGuruStud
trparky, post: 4097975, member: 170376"
Have you ever heard that it's better to be safe than sorry? I'd rather have something be detected as a false positive than to have the malware run roughshod over my system and my data.
What does it matter if it doesn't catch anything useful?

Install eset, turn on all options and disable defender. You'll get a few falses while blocking virtually anything, especially before they download or a script inject does something naughty.

I've never seen a synthetic AV/malware test that was relevant in my life. Remember how well mcaffe and Norton would score (and apparently still does, what a joke)? Lul
Posted on Reply
#23
rtwjunkie
PC Gaming Enthusiast
Octopuss, post: 4097655, member: 74316"
I heard claims that Defender is performance hungry or something. No idea if it's true.
Only when actively scanning. I use Windows Defender and Malwarebytes Pro (they both are coded now to allow each other resident with no ill effects) on my HTPC. It runs an i3-4160.

I know on startup it is going to run a scan after an update definition, so those use about 80 to 85% CPU cycles. After that, though, it has practically zero impact. I can stream from Netflix or Amazon or from my Server and no slowdown of any of the streaming and playback.

Also, in the last two years it has not given me a single false positive.
Posted on Reply
#24
Frick
Fishfaced Nincompoop
TheGuruStud, post: 4097961, member: 42692"
It doesn't work at all unless you like false positives and restoring your files.

I immediately disable this pile of crap after install. Have you noticed that microtards no longer let you take control of reg keys to fully disable it? Scumbags.
I can't remember ever seeing a false positive with Defender.

Also, edgy.
Posted on Reply
#25
John Naylor
Well that is a 1st ... its been getting better and better every year but kudos to MS for detecting everything, scoring well on performance and also no false positives... however, doing something once once or twice, that the leaders do every test, does not a competition make. It's all about consistency ... and to date, Defender has yet to show that. As time goes on, it doesn't take anyone much time to just copy everyone else's detection schemes.

1. I'll pay attention when they do it 12 times in a row.

2. To borrow a phrase, there are two types of folks in this world ... those who have been infected and those who haven't been infected yet.

3. If you read the actual test reports ....

a) Defender has 2 false positives last time (April) . How much time you gonna waste investigating / trying to remove ? Is your time worth $6 a seat ? That's one "decider" right there.. Spending 1 hour investigating a single false positive pays the AV subscription for 5 boxes for 6 years. Our systems oft detect "infections" years after the file came in. All of a sudden, a can detects an infection and the file has been there ... 2, 4 heck 8 years after it was last opened. prolly had about 6 - 8 of these in last 10 years. I quarantine the file and I send it in to the vendor ... within a day or 2, I get an an answer back saying the file is fine and that they have updated the detections. Does MS do that ? If they don't what course of action is available to you ?

b) They also don't usually do well on the performance tests, usually having slowdowns higher than the industry average. This time they did well here but again consistency. To be fair, every vendor takes a hit here now and then.

4. What you do for your AV solution, like most other things, depends on what you are protecting .... if it's a gaming box and your time has no value for an OS reinstall and redownloading all your system games no big deal. But if you have 25 years of business records, 30 years of family photos, 35 years of CAD drawings ... assuming all your backups are intact, what is cost of bringing your home / small office box back on line ? What's the loss in billing rates at $60 - $180 an hour when an employee can't access a file in a small office ? Is it worth $5.50 - $7.50 per year ? Even a false positive is going to eat up and hour figuring out whether or not it's something to worry about. There's also the other things that come in the package ? Do any of those have any benefit ?

The privacy protections that prevent tracking ? * On our network, the average number of blocked tracking attempts per box exceeds 17,000 so far this year
Does the included backup and restore utility provide any additional value ?
Does the included Parental Control utility provide any additional value ? Prolly more so for office usage :)
Does the included software update utility provide any additional value ? *
Does the included financial transactions protection utility provide any additional value ? *
Does the included mail spam provide any additional value ? *
Does the included software monitoring the utility provide any additional value ? *
Does the included banner utility provide any additional value ? *
Do the gaming, auto scheduling, battery features provide any value ? *
Does the included anti-keylogging features provide any additional value ? *
Does the included port monitoring utility provide any additional value ?
Does the ability to scan encrypted embedded web site connections have any value ? *

* Not part of defender or Windows

I have not investigated this but is there a way to allow Defender to update itself while still allowing you to review all Windows Updates before they are installed. ? Without it, its like nagware.

in short ... it's a risk / reward / cost analysis. AV / Malaware protection consistency is proven over time... false positives and performance is better ... and the extra features and protections that Defender doesn't have save me time, reduce risk and the need to use other utilities to duplicate these functions.

Octopuss, post: 4097655, member: 74316"
I heard claims that Defender is performance hungry or something. No idea if it's true.
This time it beat industry avrage ... last test, didn't do so well.

rblc, post: 4097789, member: 171912"
3x per day.
I just checked... last update it did was 7 am on Sunday. I see that i can set it to download updates before each scheduled scan and that i can set iut to scan up to once a day.

bug, post: 4097884, member: 157434"
My beef with Defender is that because it comes bundled, it is the default target for an attacker.
My beef with free AV alternatives is they nag you about upgrading at a reduced price.
And because of the above, of course my beef with paid AV alternatives is they're too expensive.
Many of the free ones also require manual updates
You can get deals as low as $5.50 a seat, tho $7,50 is more typical for small groups.

We negotiated a deal some years back for my professional society ... $2 a seat ... also done with boy scouts etc. We recommend getting 5 folks together and doing 5 or 10 seats for 3 years which averages about to about $5.50 a year for 10 and $7.50 for 5 seats. My son shares a house with 2 fiends and they got a 3 year pack of 5 seats for them and 2 of their GFs.... averages out to $7.49 per box per year. One of the GFs had her banking data stolen some months before via keylogging which is something she no longer has to worry about.

trparky, post: 4097975, member: 170376"
Have you ever heard that it's better to be safe than sorry? I'd rather have something be detected as a false positive than to have the malware run roughshod over my system and my data.
The "better safe than sorry" cliche has no relevance to this discussion. While Defender has managed a very commendable spotless detection rate in the last 3 months (7 false positives), that's as far back as it goes.

In the last 24 months ... 25 Zero-day infections and 158 known widespread infections got thru windows built in AV while experiencing 120 false positives
In the last 12 months ... 4 Zero-day infections and 50 known widespread infections got thru windows built in AV while experiencing 21 false positives
In the last 6 months ... 0 Zero-day infections and 11 known widespread infections got thru windows built in AV while experiencing 10 false positives

No vendor has a philosophy which says sacrifice detection in exchange for not getting false positives ... MS had 100% detection and 0 false positives in 2 consecutive months and they deserve credit for that ... that being said, it's the 1st and only time they have managed this. There are vendors who manage 100% detection 12 times a year, year after year and maybe get a 1 or 2 false positive a year ... kaspersky has had 0 infections and 4 false positives in the last 24 tests. So while it's extremely encouraging that Defender has looked pretty good over the last 3 months ... kasperky has 0 infections and half as many false positives in 24 months as defender has shown in last 3 months.

If the last 3 months performance continue, I won't feel compelled to advise folks to think twice before going with Defender alone. Again, 'think twice' is not a negative recommendation ... just "think about if it's the best long term option for your specific instance". If going with Defender, still would say:

a) Download a copy of the 30 day free trial of Kaspesky and / or BitDefender and keep on ya HD... doesn't cost ya a dime, and ... if something gets past Defender, you have something on hand. Worst case you take the HD out of the box and clean it in a USB HD dock connected to another system. Over the years, whichever i was using I always had the other install program on a HD so that I would have a backup option.

b) Try out one of the paid apps for 30 days ... even if you have little to risk with slightly less protections, see if the extra features are worth skipping a trip to Starbucks for a Latte and a Blueberry Muffin
Also wanted to note as it's been mentioned... malware bytes scored a 2.0 / 6.0 on protection in last test.

Its also worth noting that Defender's performance in the most recent tests is more impressive than it other wise would be in that ONLY 4 vendors (Kaspersky, Defender, TrendMicro and Norton) scored perfect scores on detection. Only 2 of those had 0 false positives (Defender and Kaspersky). This month, that puts Defender on par with the industry's best historical performer will will quiet a lot of critics, if that level of performance ca be maintained over time.

BitDefender had an off month with 4 zero day malwares getting thru and 4 false positives. It would seem that the days of criticizing Defender for how well it does what it does are about to sunset. The discussion will now shift to what it doesn't do and whether having those features are worth $5.50 - $7.50 a year from a 3rd party vendor.
Posted on Reply
Add your own comment