Microsoft Windows Defender Security Center

In its last big update, the antivirus built into Windows gained new responsibilities and a grand new name: Microsoft Windows Defender Security Center. The Windows 10 Fall Creators Update adds simple ransomware protection and access to some settings that most users shouldn't touch. I salute Microsoft for ensuring that all users have at least some degree of antivirus protection. However, there are many free antivirus utilities that offer better protection, and commercial ones that are better still.

Similar Products

• Avast Free Antivirus 2017

  

   

  at

  $0.00

  MSRP

• AVG AntiVirus Free (2017)

  

   

  at

  $0.00

  MSRP

• Panda Free Antivirus (2017)

  

   

  at

  $0.00

  MSRP

• Bitdefender Antivirus Free Edition (2017)

  

   

  at

  $0.00

  MSRP

• Check Point ZoneAlarm Free Antivirus+ 2017

  

   

  at

  $0.00

  MSRP

• adaware antivirus free 12

  

   

  at

  $0.00

  MSRP

• Sophos Home Free

  

   

  at

  $0.00

  MSRP

• Avira Antivirus (2017)

  

   

  at

  $0.00

  MSRP

• Qihoo 360 Total Security 8.6

  

   

  at

  $0.00

  MSRP

• Comodo Antivirus 10

  

   

  at

  $0.00

  MSRP

• FortiClient 5.0

  

   

  at

  $0.00

  MSRP

• Kaspersky Free

  

   

  at

  $0.00

  MSRP

Windows Defender differs from other free antivirus in that there's no installation required; it's already present. When you click the Defender icon in the notification area, it opens the full Windows Defender Security Center. The main window's home screen reports security status, and offers five additional feature pages, accessed by clicking large icons across the bottom or small icons in the left rail menu. I'll go into detail about these pages below.

View All 10 Photos in Gallery

In addition to the expected Quick, Full, and Custom scan options, Windows Defender offers what it calls Offline Scan. Designed to handle persistent malware that doesn't yield to a normal scan, this scan reboots the system and runs before Windows fully loads. That also means it runs before any malware processes load, so the malware is defenseless. If you feel that you still have a malware problem after a regular scan, give the offline scan a try.

Lab Results Improving, but…

Some years ago, Windows Defender routinely earned truly awful scores, coming in below zero at times. It's been improving steadily, at least with some of the four testing labs that I follow, but its scores are still just middling. Microsoft does contract with both West Coast Labs and ICSA Labs for certification. Among the products that I review, the only others that contract with both of those labs are AhnLab and ThreatTrack Vipre.

Security experts at AV-Test Institute rate antivirus programs on three criteria, Protection, Performance, and Usability. The antivirus can earn up to six points for each of these. For certification, a product needs a total of 10 points and no zeroes. Windows Defender got 5.0 points for Protection, 4.5 points for Performance, and 4.0 points for Usability, a total of 13.5 points. That's a passing grade, but not a high one. Kaspersky rated a perfect 18 points. Among free products, Avast, AVG AntiVirus Free, and Avira earned 16.0, 16.5, and 17.0 points respectively.

Lab Test Results Chart

London-based SE Labs awards five levels of certification, AAA, AA, A, B, and C. In the latest report from this lab, every tested product managed either AAA or AA certification. Windows Defender was among those certified at the AA level, while Avast and AVG both took top honors.

Antivirus products don't get a numeric score or grade from the researchers at AV-Comparatives. A product that passes the test gets Standard certification. Those that do more than the minimum can rate Advanced or Advanced+. I follow four of this lab's many tests. In those, Windows Defender got two Standard and two Advanced certifications. Kaspersky, Bitdefender, and Avira earned Advanced+ ratings in all four tests.

I'm not terribly concerned that Windows Defender failed both tests from MRG-Effitas. In this lab's tests, a product either achieves a near-perfect score or it fails. Half the tested programs failed the general malware protection test, and three quarters failed the banking Trojans test. Because of their pass/fail nature, I give less weight to results from this lab when calculating an aggregate score.

That aggregate score for Windows Defender is 7.5 points out of a possible 10, the lowest score for any program tested by all four labs. Kaspersky managed a perfect 10, while Avira Antivirus and AVG came in at 9.3 points.

Varied Malware Protection

If you don't have any other form of malware protection, or your antivirus expires, Windows Defender steps in and does its best to keep you safe. How safe? To get an idea, I challenged it to protect my test system against a collection of various types of malware. Note that Windows Defender doesn't promise to detect lower-risk items such as adware and potentially unwanted programs, or PUPs. Most other antivirus programs at least give you the option to detect and remove both of these.

Some antivirus products take a file's origin into account when evaluating whether it might be malicious. I've recently switched from just opening a folder of samples to downloading that same folder from Dropbox. Tested in that way, Symantec Norton AntiVirus Basic managed 100 percent detection and a perfect 10 points.

With Windows Defender, that testing method proved significantly awkward. Dropbox supplies the downloaded folder as a ZIP file. When I tried to extract all the files, Windows Defender shut down the whole operation on detection of one malware sample. I had to drag each item from the ZIP file to a local folder, and deal with Windows Defender's reaction. At this stage, it eliminated 64 percent of the samples.

I observed something in testing that I hadn't noticed before. When most antivirus programs detect a file that's infected by a virus, they attempt to disinfect the file, restoring it to its virus-free previous state. Windows Defender includes no such option. All it can do is eliminate the whole file.

My sample folder also contained 20 PCMag utilities, programs that dig deep into Windows and that are old enough to be uncommon. Happily, Windows Defender didn't meddle with any of those.

I took the remaining samples and launched them one by one, noting how Windows Defender reacted. It caught some, but not all, of the remainder at this point. It detected 86 percent of the samples overall, and scored 8.3 points. That's a big improvement over the 67 percent detection and 6.5 points it earned in my previous test, but it's absolutely what I expected. During that last test, Windows Defender submitted all the samples to Microsoft, and I haven't changed to a new sample set. In truth, I expected more improvement. These scores don't necessarily reflect the way Windows Defender would handle a new collection.

Tested with my previous collection of samples, several products detected every single one; Webroot and Comodo Antivirus aced the test with a perfect 10 points. Avast took 9.7 points, and AVG earned 9.5 points, both very good scores.

Malware Protection Results Chart

Windows Defender gained no advantage in my malicious URL blocking test because the URLs were completely different from its previous test. My malicious URL blocking test uses the newest malware-hosting URLs I can find, typically no older than the previous day. I launch each URL and note whether the antivirus blocks all access to the page, eliminates the downloaded malware, or does nothing at all. Technically SmartScreen Filter provides this protection, but Windows Defender manages SmartScreen Filter.

Out of 100 sample URLs, Windows Defender blocked seven percent at the URL level and another 46 percent by wiping out the malware. It did the latter in two ways. For some files, SmartScreen warned that the download is unsafe, stopping it at the source. For others, the real-time antivirus wiped out the file after or during download.

This product's total protection rate of 53 percent is among the very lowest of current products, which is surprising given its 86 percent protection rate in my previous test. Norton, the top scorer, fended off 98 percent of the samples, and Avira Antivirus Pro scored 95 percent (Avira's free edition didn't do as well).

A full antivirus scan of a clean test system with Windows Defender took an hour and 30 minutes, twice the current average, and a second scan wasn't much faster. Kaspersky Free finished in 30 minutes. It used the first scan to note safe files requiring no further scanning, which allowed the second scan to run in just four minutes. AVG took a bit over an hour for its first scan, but a second scan ran to completion in les than 10 seconds.

So-So Phishing Protection

Phishing websites don't try to infect your PC with malware. Instead, they try to fool you into giving up your login credentials for your email provider, banking website, even dating and gaming sites. They do so by creating a page that looks exactly like the real thing, and hoping you don't notice that the URL in the Address Bar is wrong. These sites get blacklisted and shut down quickly, but the fraudsters just pop up with a new one.

To test phishing protection, I gather reported phishing URLs from various websites. I favor those that haven't yet been analyzed and blacklisted. Anybody can block blacklisted sites. A real antiphishing solution needs the ability to detect frauds in real time. Phishing attacks vary wildly over time, so instead of reporting a hard percentage, I compare the product's detection rate with Norton's, and with the phishing protection built into Chrome, Firefox, and Internet Explorer.

Phishing Protection Results Chart

Here again, SmartScreen Filter is the specific component that handles protection. I tested it in Windows 10's Edge browser, figuring that might outperform Internet Explorer. I figured wrong. This tool's detection rate lagged 30 percent behind Norton's, 12 percent behind Firefox's, and 8 percent behind Internet Explorer's. It did beat Chrome by a single percentage point; Chrome was having a bad day.

Webroot, Trend Micro, and Bitdefender are the only recent products that have beaten Norton in this test. However, Avast came in just 2 percentage points lower than Norton, and adaware antivirus free 3 points lower.

New Ransomware Protection

Buried in the antivirus settings is a hidden gem that offers a degree of ransomware protection. It's turned off by default. Scroll down to "Controlled folder access" and turn it on. By default, it protects your Documents, Pictures, Videos, Music, and Favorites folders.

To test this feature, I tried to edit a text file in a folder on the desktop using a tiny text editor I wrote myself. When I tried to save, I got a message, "Stream write error," and a popup from Windows Defender noting that it prevented the change. The same thing happened when I ran my simple encrypting malware simulator.

The similar feature in Bitdefender, Trend Micro, and Panda Free Antivirus lets you extend trust to an unrecognized program directly from the popup warning. With Windows Defender, you must dig into settings and choose the application, but you can totally do it.

Security Center

There's a reason they call this utility Windows Defender Security Center. In addition to providing protection against malware, it serves as a central location to manage other security features. Clicking the icons at the left side of the main window brings up pages of security information and settings.

The Device Performance & Health page checks for any issues with Windows update, storage capacity, and device drivers, offering help to resolve any detected issues. On this page, you can also click for a "fresh start," a full reinstallation of Windows that retains your documents and some settings, and restores your Windows Store apps. However, it warns that the process wipes out desktop apps, including Microsoft Office and third-party antivirus.

From the Firewall & Network Protection page, you can check the status of Windows Firewall and perform simple tasks like allowing an app through the firewall. It also offers quick access to network troubleshooting and firewall configuration. Windows Firewall is effective enough that you may not need a third-party firewall.

You use the App & Browser Control page to configure aspects of SmartScreen Filter. By default, it warns if you download dangerous files or venture to dangerous websites. You can set it to block without warning, or—bad idea—turn off protection. SmartScreen also checks web content used by Windows Store apps. New in the latest edition, this page also lets you view and modify existing Windows technologies designed to block exploit attacks. However, unless you're an operating system security maven, you shouldn't touch these settings.

The final page, Family options, tracks the parental control options built into Windows 10. Parental control features include content filtering, screen time control, and limiting kids to age-appropriate apps, as well as locating the children's mobile devices. However, it works only on Windows and only in Microsoft browsers, and it can't compare with the best third-party parental control software. It's of little use in this modern multi-platform world.

Better Than Nothing, but You Need More

Making sure that every Windows 10 PC has at least some degree of antivirus protection is a good move on Microsoft's fault. Windows Defender is better than nothing, by a long shot. However, it simply ignores lower-risk malware types, rather than letting you choose whether to block them. Its lab test scores, while improved, still aren't the best. The antivirus scored better in my malware blocking test, but since it already processed those samples during the previous review, it can't take full credit for that. And its score in my malicious URL blocking test dropped precipitously. Given that you can get better protection for free, relying on the built-in is just not a good idea, and its score reflects this fact.

If you don't want to pay for your antivirus, you'll get better protection from either of our Editors' Choice products, Avast Free Antivirus and AVG AntiVirus Free. Even though Avast has acquired AVG, the two have their own distinct feature sets. Avast comes with a network inspector, a password manager, and a bevy of security bonus features. AVG rates website safety, actively blocks privacy-invading trackers, and integrates with AVG's Zen management platform. You're free to try them, or any of our other top-rated free antivirus tools, and choose the one that suits you best.

Of course, if you can scrape up the subscription cost, the best commercial antivirus tools are even better. We've evaluated more than 40 of them and identified five that merit our Editors' Choice honor. Bitdefender Antivirus Plus and Kaspersky Anti-Virus routinely earn fantastic scores from all of the independent antivirus testing labs. Symantec Norton AntiVirus Basic earned perfect and near-perfect scores in my own hands-on tests. The unusual journal-and-rollback method that Webroot SecureAnywhere AntiVirus uses to handle unknown programs lets it reverse the effects of ransomware. And one subscription to McAfee AntiVirus Plus lets you install security software on every device in your household, whether it runs Windows, macOS, Android, or iOS. Each has its merits; pick the one that suits your needs.