Detox-Comic

Is Windows Defender better than third-party antivirus?

I've been asked by several people whether Windows Defender today is now as good as, or better than, third-party antivirus tools. I assumed that the answer was no but decided that I should really do some research to ensure that I have some hard data to back up my answer.

A quick history lesson over at Wikipedia informs me that it is now referred to as 'Windows Defender Antivirus' and that it has evolved from the free anti-spyware tool bundled with Windows XP into a fully-fledged antivirus tool.

Jumping over to Microsoft we learn that Windows Defender currently features competitive detection, behavioural detections and cloud-based protection, tamper resistance and automatic updates. There are also several versions of Windows Defender depending on whether you are a home user or business. We will focus on use in the home for the purposes of this article.

So it sounds good on paper, how does it do in practice? The best place to evaluate how good an antivirus or anti-malware tool is over at AV Comparatives.

Antivirus

At the time of writing the latest report available is the Real-World Protection Test July - November 2017.

I have summarised the results in the table below based on the tools I've used. My current antivirus of choice, AVIRA, missed 5 infections and both Avast and AVG missed 7. Windows Defender missed 15. However, of the 5 AVIRA missed all 5 infected the PC being tested, and of the 7 Avast and AVG missed all 7 infected the PC. With Windows Defender it flagged 14 of the 15 as suspicious and asked the user what they wanted to do. As long as they chose to treat them as malicious only 1 virus would compromise the PC, but that does depend on the user making the correct choice.

ToolViruses blockedUser dependentCompromisedProtection rate percent
Panda176900100
AVIRA17640599.7
Avast, AVG17620799.6
Windows Defender175414199.5

The next test was the False Positives test (FP). This checks for the detection of infected files that are not actually infected, hence a false positive. Summarising the above tools the results in the table below show that Windows Defender did worse than AVIRA by almost double. That said the average in the AV Comparatives results was 18 so it fell just under average. Bare in mind however that after a full system scan the 17 FPs will be added to the 14 actual infections found in the table above and therefore the user would have to know which of the 31 detected potential infections were real or not. If they were to err on the side of caution and remove all 31 detections that would mean that 17 files would be removed that were not actually infected, possibly resulting in lost data or software that will no longer run due to missing files.

ToolNumber of FPs
Panda10
AVIRA9
Avast, AVG11
Windows Defender17

Due to the above FP score AV Comparatives downgraded Windows Defender, amongst others, and awarded it a 2-star result, whereas Panda, AVIRA, Avast and AVG all obtained a 3-star award.

Anti-malware

The next set of tests evaluate the protection rate against malware infections.

ToolMalware blockedUser dependentCompromisedProtection rate percent
Panda200100199.99
Avast, AVG200090299.99
AVIRA200050699.97
Windows Defender19782023298.84

These results are a little more damaging to Windows Defender in that it came out the worst overall and missed 226 infections in comparison to AVIRA.

The next test was the False Positives. The table below shows that here Windows Defender fared better with only 6 FPs in comparison with 12 detected by AVIRA.

ToolNumber of FPs
Panda42
AVIRA12
Avast, AVG9
Windows Defender6

The final test results for malware detection sees Windows Defender fail to gain even one star while AVIRA and Panda scored better with 2-stars and Avast and AVG were awarded 3-stars.

In addition to antivirus and malware detection tests AV Comparitives runs other tests such as how the tools affect system performance but for the purposes of this article we are only focusing on how good Windows Defender is in comparison to other popular AV tools in the detection of malicious software.

Summary

The purpose of my research was to learn whether Windows Defender was actually better than, or as good as third-party (non-Microsoft) antivirus tools that are available for Windows PCs. While Windows Defender has come a long way since Windows XP it still has a little way to go before it's as good as the likes of Panda, AVIRA, Avast and AVG. So when I am next asked if Windows Defender is as good as third-party antivirus tools such as AVIRA and Avast, my answer remains: No.

Last updated: 23rd December 2017

Click here for more articles