Windows Defender

Windows Defender has been trying to protect PCs from malware since 2006, but its early years were far from successful. Independent testing showed the app trailing far behind just about everything else, with dire detection rates which would have left you exposed to a host of threats.  

Microsoft has invested a great deal of time and effort in improving Defender in recent years, though, and it's clearly paying off, with the package climbing the test rankings and now outperforming some big security names.  

• You can download Windows Defender here

Using Windows Defender has other benefits, beyond its detection rate. The program comes with Windows, so there's nothing to install or manage; it's lightweight, grabbing only the minimum of system resources; and there's vanishingly little chance that Windows Defender will conflict with any other security tools you happen to use. If you do install another antivirus program, Defender will usually turn itself off to avoid any problems.  

What's more, despite its early status as a very underpowered anti-spyware tool, the latest Windows Defender Security Centre now offers more features and functionality than you'll find in some commercial security suites.  

Features 

The latest edition of Windows Defender doesn't require any configuration, and there's no specific need to manually run scans or take any other actions. Defender is launched when Windows loads and immediately goes to work, looking out for danger and automatically blocking threats as they appear.  

You can also access Defender manually in the latest edition of Windows 10 by opening the Windows Defender Security Centre. This has a very ordinary interface, but is easy enough to use: icons display your security status in various areas, and a left-hand sidebar gives you speedy access to key functions.  

The Virus section offers Quick, Full System and Custom scans, and an interesting Offline feature which scans your PC before Windows starts, ideal for removing stubborn threats. That's all the core functionality you need, although experienced users might miss features like the ability to build a library of custom scans, tweak low-level details of how they'll work, or easily run them on a schedule. (If that sounds like you, it's not all bad news. Command line support enables running Windows Defender in various ways from your own scripts.)  

Although it's hidden away (Virus & threat protection > Virus & threat settings), Windows Defender now supports (as of the Fall Creator's Update) another layer of simple ransomware protection in its Controlled Folder Access (CFA). This enables restricting user and custom folders (Documents, Pictures, Music and more) so that only approved apps can modify them.  

CFA does offer some protection, but researchers have already discovered vulnerabilities. Microsoft Office applications bypass the protection by default, for instance, so an attacker may be able to bypass CFA by programmatically controlling Office.  

Click Defender's Firewall icon and you're able to view your current Windows firewall status, as well as getting access to key firewall functions: allowing an app through the firewall, adjusting firewall notification rules, running the network and internet troubleshooter, or, as a last resort, restoring the firewall to its default state.  

If you know what you're doing, there's a lot of security power here, but it does require some network knowledge to understand and the Windows Defender screen is really just giving you another way to access standard applets. The 'Network and Internet Troubleshooter', for instance, just points you to the standard 'Internet Connections' troubleshooter you'll find in Windows Settings (Update and Security > Troubleshoot.) 

Windows Defender's App and Browser Control section gives you control over some key settings. The excellent Windows SmartScreen can be set to automatically block, warn you or just ignore unknown apps and files, and Defender's Exploit Protection features use some very low-level technologies (DEP, ASLR, SEHOP, Control Flow Guard) to block common routes used to attack your system. 

Elsewhere, basic parental controls allow you to define when your kids can use their devices and the websites they can visit, as well as getting reports on their activities.

The Family Options page also enables remotely viewing the status of multiple devices from a central console. That's not just useful for watching kids: it could be handy for monitoring your grown-up family, business systems or even multiple devices of your own (you could check the status of a server at home, for instance, wherever you are.) 

Protection 

Microsoft has upped its security game considerably in the past few years, and the testing labs results make this very clear.  

AV-Test's September/October 2015 Home User report found that Defender's protection rate for zero-day attacks could be as low as 80.5%. The industry average at the time was 97.2%, and top packages usually scored 99% or more.  

By the November/December 2017 report, Defender was blocking 100% of known malware, and in two months of zero-day testing it managed one score of 100%, and one of 98.9%. To put that in perspective, it was a higher detection rate than achieved by Avira, BullGuard, ESET, G Data and more.  

AV-Comparatives' Real World Protection results are broadly similar, with Microsoft rating 98.8% in the first half of 2017, 99.1% in the second.  

While these last results place Microsoft only 13th out of 21, it's a decent showing, comparable with many commercial products, and we suspect Defender is only going to get better in the next few years. 

Final Verdict 

Windows Defender isn't the most accurate antivirus around, but it's finally good enough to be useful, and if simplicity is your top priority, it might be a smart choice. 

• Also take a look at the best antivirus for Windows 10