Q&A Is the improved performance of Microsoft Defender a myth? Should we necessarily be using a 3rd party AV?

geek166

New Member
Thread author
Dec 3, 2021
7
I know independent AV tests have shown windows defender to have significantly improved in protection compared to earlier years. But there is a youtube channel that is known for it's dependable review of AV products with it's thorough testing. This channel checks the performance of AV products for known malware (using traditional signature based detection) as well as zero day attacks (using behavioral scanning, etc).

Below are it's findings:
  1. Windows defender found only 80% of all sample malware used whereas the best 3rd party AV's have much much higher detection rate.
  2. Windows defender failed miserably to protect from ransomeware whereas kaspersky was near perfect and bitdefender was slightly lagging but still decent enough.
  3. It suggests to avoid windows firewall for reasons mentioned in below youtuve video and suggests using 3rd party firewall or hardware firewall if feasible.
  4. Below page does NOT contain any malicious content nor does it try to phish details, but by an industry wide agreement this page is detected as a page to be blocked so that people can verify if their anti-malware product’s detection capability is configured correctly. Windows defender didn't detect it.
Feature Settings Check - Phishing Page Test - AMTSO

After all this, iam wondering if paying for a really good 3rd party AV is worth it (not to mention addl featured included like secure browser for banking, etc)? Below are the review links.

 
Last edited by a moderator:

SecureKongo

Level 28
Verified
Top poster
Well-known
Feb 25, 2017
1,721
I don't want to start criticising TPSC again as we went through this multiple times now. All I will say is that he often doesn't properly test the products, at least in my opinion. This might be due to the lack of research on his tested products before his actual tests.

Now to your question: I personally think that you can't go wrong with Microsoft Defender (MD) as your standalone security solution. If you don't shut down your head completely while browsing there is nothing to be afraid of. There are also tools like ConfigureDefender or DefenderUI that can improve the protection of MD by enabling protections that are disabled by default and mostly can't be accessed easily by the average user. Both developers are active here on MalwareTips and are very responsive and helpful. I'd recommend you contacting them if you have any detailed question about Microsoft Defender.

Developer of ConfigureDefender: @Andy Ful
Developer of DefenderUI: @danb

Protection-wise there is no real reason to use a third-party AV anymore as Microsoft Defender provides not the best but definitely sufficient protection. Most people here that are still using third-party AV's are using them due to for example performance advantages. At least that's what I picked up lately.
 

perseveration

New Member
Dec 9, 2021
1
Those Defender add-ons/alternate ui's look interesting. I didn't know about them. Which do you think is better? ConfigureDefender or DefenderUI?

My view is that statistically Defender is going to be the most attacked because of its ubiquity; a second opinion AV never hurts, aside from material and time costs, which are small compared to a terrible malware experience.
 

Moonhorse

Level 32
Verified
Top poster
Content Creator
Well-known
May 29, 2018
2,157
Are you running thousands of malware against defender on default settings or even lowered settings on your home computer?

Microsoft defender current state is
+ low false positives
+ can be hardened with defenderui & configure defender to beat most of free and paid antiviruses
+ use together with hardened edge

- memory/cpu usage may be worse than competors, but i have ran every single free antivirus on my desktop , and no difference in browsing speed, scanning speed, etc, until i take a look on process explorer / task manager to see difference, that is just a visual problem

80 detection rate is probably offline , with cloudblock rule its probably over 9000

it seems leo thinks his youtube fans are too stupid to live with microsoft defender, of course he promotes paid antiviruses as he gets paid for that
 
Last edited:

SecureKongo

Level 28
Verified
Top poster
Well-known
Feb 25, 2017
1,721
Those Defender add-ons/alternate ui's look interesting. I didn't know about them. Which do you think is better? ConfigureDefender or DefenderUI?

My view is that statistically Defender is going to be the most attacked because of its ubiquity; a second opinion AV never hurts, aside from material and time costs, which are small compared to a terrible malware experience.
Matter of preference. ConfigureDefender is portable while DefenderUI requires installation. I personally prefer using ConfigureDefender as I didn't like the fact that you need to install an additional software just to configure your existing AV.
 

Szellem

Level 4
Verified
Well-known
Apr 15, 2020
162
I know independent AV tests have shown windows defender to have significantly improved in protection compared to earlier years. But there is a youtube channel that is known for it's dependable review of AV products with it's thorough testing. This channel checks the performance of AV products for known malware (using traditional signature based detection) as well as zero day attacks (using behavioral scanning, etc).

Below are it's findings:
  1. Windows defender found only 80% of all sample malware used whereas the best 3rd party AV's have much much higher detection rate.
  2. Windows defender failed miserably to protect from ransomeware whereas kaspersky was near perfect and bitdefender was slightly lagging but still decent enough.
  3. It suggests to avoid windows firewall for reasons mentioned in below youtuve video and suggests using 3rd party firewall or hardware firewall if feasible.
  4. Below page does NOT contain any malicious content nor does it try to phish details, but by an industry wide agreement this page is detected as a page to be blocked so that people can verify if their anti-malware product’s detection capability is configured correctly. Windows defender didn't detect it.
Feature Settings Check - Phishing Page Test - AMTSO

After all this, iam wondering if paying for a really good 3rd party AV is worth it (not to mention addl featured included like secure browser for banking, etc)? Below are the review links.

TPSC the biggest Troll of the Galaxy. He's tests is bullshit and misleading!
 

JasonUK

Level 5
Apr 14, 2020
203
Most people here that are still using third-party AV's are using them due to for example performance advantages. At least that's what I picked up lately.
That's certainly the case for me as, for some reason, Defender is noticeably 'laggy' on my desktop compared to say Avast or even Avast+MBAM. That said I am using Defender suitably hardened currently!
 

Shadowra

Level 17
Verified
Malware Tester
Sep 2, 2021
836
Even if I tend to prefer its competitor Avira, Microsoft Defender has come a long way!
Since 2016, Microsoft has developed Machine Learning AI, which has allowed the antivirus to progress. It is one of the 1st to detect large variants of the Emotet botnet when it was very active!

You can also use DefenderUI which will allow you to fine-tune the settings (or choose predefined modes)


 

show-Zi

Level 33
Verified
Top poster
Well-known
Jan 28, 2018
2,273
Most people here that are still using third-party AV's are using them due to for example performance advantages. At least that's what I picked up lately.
I think there are many people who simply like the category of security software. If it is a novel and interesting security software, I expect that many members will want to use it regardless of performance.:)
 

franz

Level 4
May 29, 2021
156
I see again and again that one defends WD on the grounds, one can increase protection by using ConfigureDefender or DefenderUI or by being careful when browsing the internet. I believe this is stretching WD's ability to protect us right out of the box.

Most people need a program that protects you whether you can improve your security program yourself or if you don't know how to browse securely. I don't trust WD, but of course respect those who mean the opposite. I want to feel safe, and WD doesn't give me that feeling.
 

SecureKongo

Level 28
Verified
Top poster
Well-known
Feb 25, 2017
1,721
Yes, here we go again, because one test, be fair and honest about a product. ;) I'm looking at other testers, for example Shadowra (Bro, this is not licking :)), and they also argue, and show for the pros and cons with correct settings.
As I said already I am not a big fan of his tests either but we don't have to mention that in every post... Right? :unsure:
 

shmu26

Level 85
Verified
Helper
Top poster
Content Creator
Well-known
Jul 3, 2015
8,131
Microsoft Defender is good protection in typical Windows user scenarios. As others already mentioned, it can be hardened with ConfigureDefender. However, many Youtube testers create artificial testing situations that do not reflect real-life use.

To be specific:

1 MD is not so good at offline detection. In typical real-life situations this is not a problem, because if you downloaded the file, your internet is working.

2 MD is not so good at detecting files that were downloaded in certain compressed formats such as RAR files. In typical real-life situations this is not a problem, because you most likely won't encounter such files, unless you are playing with pirated software -- in which case, no AV will be able to protect you adequately.
 

Andy Ful

Level 79
Verified
Helper
Top poster
Developer
Well-known
Dec 23, 2014
6,814
I know independent AV tests have shown windows defender to have significantly improved in protection compared to earlier years. But there is a youtube channel that is known for it's dependable review of AV products with it's thorough testing. This channel checks the performance of AV products for known malware (using traditional signature based detection) as well as zero day attacks (using behavioral scanning, etc).

Below are it's findings:
  1. Windows defender found only 80% of all sample malware used whereas the best 3rd party AV's have much much higher detection rate.

This result is related only to Defender static detection. All threats except probably one were detected dynamically (after execution).
Any similar video-tests cannot be real protection tests. You can read why here:
https://malwaretips.com/threads/int...amples-league-of-antivirus.111222/post-966507

  1. Windows defender failed miserably to protect from ransomeware whereas kaspersky was near perfect and bitdefender was slightly lagging but still decent enough.

It is not true:
https://malwaretips.com/threads/windows-11-vs-ransomware-tpsc.110854/post-963974

  1. It suggests to avoid windows firewall for reasons mentioned in below youtuve video and suggests using 3rd party firewall or hardware firewall if feasible.

Most 3rd party firewalls on default settings will not be much better (with few exceptions). Windows Firewall can be configured to get strong protection.

  1. Below page does NOT contain any malicious content nor does it try to phish details, but by an industry wide agreement this page is detected as a page to be blocked so that people can verify if their anti-malware product’s detection capability is configured correctly. Windows defender didn't detect it.
Feature Settings Check - Phishing Page Test - AMTSO

Yes, this demo test failed (even with Edge), but we know well that Edge uses good anti-phishing protection (SmartScreen). There are 5 more tests under the "Verify if your desktop security software" and all of them are detected by SmartScreen in Edge (SmartScreen + PUA enabled).
Feature Settings Check - Phishing Page Test - AMTSO

After all this, iam wondering if paying for a really good 3rd party AV is worth it (not to mention addl featured included like secure browser for banking, etc)? Below are the review links.

The prices of very good AVs (KIS, Norton 360, etc.) are affordable for most people. These AVs can protect better compared to the Defender free on default settings. But, the difference will be hardly visible in the home environment. This conclusion follows not from the video-tests, but from cumulative results of protection tests made by professional AV Labs:
https://malwaretips.com/threads/the-best-home-av-protection-2019-2020.106485/post-927440
The results for the year 2021 are similar (I will publish them in February 2022).
 

Local Host

Level 25
Verified
Top poster
Well-known
Sep 26, 2017
1,430
You don't need to pay to get better protection than Windows Defender, malware targets it the same way it targets the Windows Firewall, they both extremely easy to bypass and methods for it are included in 90% of malware samples (obviously cause Windows comes with both built-in).

The true protection is safe habits, to avoid the malware itself, if you can't achieve that you should not rely on Windows Defender whasoever, I install Kaspersky on every family member PCs for a good reason, I don't wanna get calls about issues (which is something Windows Defender cannot accomplish).

Then we have the performance issues, which makes Windows Defender even more useless than a paper weight, I rather have it off by default than wasting resources in the background, even it provides better protection than none, I practice safe habits.

Then we have both sides of the coin, fanboys who protect WD with tests against old malware and/or relying on third-party tools (which even then tends to fail a good chunk of times), and haters who test WD against new malware and see it fail miserably in comparison to competition.