If you're using Windows 8 or Windows 8.1, you don't have to worry about installing antivirus, because that function is built into the operating system, right? Well, no. It's true that Windows Defender tries to protect you, but independent lab tests and my own hands-on testing reveal that you need more.
Earlier Windows versions also included a tool called Windows Defender, but it was specifically aimed at spyware protection. In those versions, you'd install Microsoft Security Essentials if you wanted a Microsoft antivirus. The latest Windows Defender offers precisely the same level of protection, so you can't even install Microsoft Security Essentials in Windows 8.x.
Call It a Baseline
All of the independent antivirus labs that I follow include Microsoft products in their testing in one way or another, but the results aren't always as informative as I'd like. While ICSA Labs and West Coast Labs both certify Microsoft for malware detection and cleanup, they specifically test Microsoft's enterprise-level antivirus. Virus Bulletin has tested Windows Defender itself, but only in one of the latest dozen tests; it did receive VB100 certification in that single test.
Of the ten products included in the latest report from Dennis Technology Labs, Microsoft was the only one that didn't receive certification at any level. On a scale where 300 is a perfect score, Microsoft earned negative 86 points. It did manage a perfect score on the false positives test, meaning that it didn't block any legitimate programs.
Microsoft Windows Defender Lab Tests Chart
AV-Test Institute rates products in three areas, protection, performance, and usability, with six points possible in each area. Windows Defender earned 6.0 points for usability, meaning no false positives, and 3.5 for performance. But it took no points at all in the protection test. Where the malware detection rate for most products ranged from 95 to 100 percent, Microsoft averaged less than 75 percent.
Reports from AV-Comparatives clearly state that they treat Microsoft as a baseline only. The reports don't assign a rating to Microsoft. However, in some cases it's possible to see exactly what rating Microsoft would have gotten. In a test specifically measuring how well products removed malware that all of them detected, Microsoft would have passed, with a Standard rating. However, in the file-detection test and real-world dynamic protection test, it wouldn't have reached even that lowest passing rating.
See How We Interpret Antivirus Lab Tests
Microsoft representatives take the position that these lab tests aren't entirely representative, and that Windows Defender does a good job protecting against the threats that real-world users are experiencing. In fact, last summer Microsoft commissioned AV-Comparatives to re-analyze the latest file-detection test, weighting the results based on Microsoft's own prevalence data. Without the weighting, Microsoft's score was the lowest of 22 products. After the adjustment, it was number 6 from the top. Talk about cellar to stellar!
However, the top products earn excellent ratings from the labs without any adjustments. In particular, the labs love Panda Free Antivirus 2015 and Bitdefender Antivirus Free Edition (2014).
Poor Malware Blocking
Windows Defender didn't do so well in my hands-on malware blocking test, either. When I opened the folder containing my malware samples, it did start eliminating those it recognized as malicious. However, it only detected 46 percent of the samples at this stage. Baidu Antivirus 2015 detected and eliminated 75 percent of those same samples before I even opened the folder.
To continue the test, I launched the samples that weren't eliminated on sight, giving Windows Defender a chance to detect their behavior or wipe out installed components. It only detected a third of those remaining samples, and allowed a couple of them to place malicious executable files on the test system.
Worse, some of the samples it missed were truly virulent. One was a ransomware application; it completely took over the test system and demanded payment to release it, despite alleged protection by Windows Defender. Another tried to set up a botnet using the test system. Before I rolled back the system to an uninfected state, it managed to trigger a botnet traffic alert from my ISP.
Microsoft Windows Defender Malware Blocking Chart
Windows Defender's overall score of 6.1 points is pretty poor, though not as bad as the egregious 1.3 points earned by IObit Malware Fighter 3. The other three products tested with this relatively new sample set all scored better than Windows Defender.
Tested with my previous collection of malware samples, Webroot SecureAnywhere Antivirus (2015)£22.49 at Webroot UK detected 69 percent of the samples on sight and eliminated all the rest after I launched them, for a perfect 10 of 10 possible points. Comodo Antivirus 8, the top-scoring free product in that test, managed a respectable 8.3 points.
Probably the best way to avoid attack by malware is to completely avoid malware-hosting websites. My malicious URL blocking test uses a feed of newly discovered URLs supplied by MRG-Effitas. I launch each in turn, discarding those that return an error message. For each functional URL I record whether the antivirus prevented access, wiped out the downloaded executable file, or sat idly twiddling its thumbs. I keep going until I've accumulated data for at least 100 URLs.
Windows Defender didn't divert the browser from any of the malware-hosting URLs; that's just not something it does. It wiped out a measly 3 percent of the malware downloads, worse than all other tested products except IObit and Spybot - Search & Destroy +AV 2.3. The top score in this test, 85 percent protection, goes to McAfee AntiVirus Plus 2015£24.5 at McAfee UK.
See How We Test Malware Blocking
Phishing Protection
I assume that anyone relying on Windows Defender for antivirus will leave SmartScreen Filter turned on in Internet Explorer. That feature didn't do a thing to block the malware-hosting URLs I used for testing; apparently they were too new for it. But Internet Explorer does manage to detect and deflect a certain number of fraudulent websites.
Microsoft Windows Defender Antiphishing Chart
I recently analyzed months of antiphishing tests to determine which browser's built-in protection works best. Chrome walked away with top honors. Parsing the results another way, I determined that on average Internet Explorer's detection rate lags 47 percentage points behind that of consistent protector Symantec Norton Security£198.7 at Amazon UK. It came in 39 percentage points behind Chrome, and 24 points behind Firefox. Still, over a third of the products I've tested recently didn't do as well as Internet Explorer alone.
It's Not Enough
All the major independent labs include Microsoft Windows Defender in testing, to one degree or another, and its aggregate test score is a big fat zero. It isn't the worst antivirus product I've tested lately, but it's way down there in my own test results. Letting ransomware take over the system doesn't demonstrate much in the way of protection.
Panda Free Antivirus 2015 is our Editors' Choice for free antivirus, and the paid edition of Bitdefender Antivirus Free Edition (2014) is an Editors' Choice for paid antivirus. But really, almost any other free antivirus will protect your PC better—the very worst ones I've tested weren't free!