Advice Request Is the improved performance of Microsoft Defender a myth? Should we necessarily be using a 3rd party AV?

[ScandinavianFish]

It's middling because it's in the middle, and it doesn't do well when it comes to system impact. I also tried the same by installing various AVs and running benchmarks plus through feel, i.e., browsing folders with different content and loading apps, and only because I notice that's what slow for one user is fast for another, and dependent on the type of hardware, usage, etc.

I have to take their word for it in the same way I have to take anyone's word on this forum for such. In which case, I'll focus on these sites with details on methodologies and results, as well as those that present tests on video given various testing methods.

I welcome comparisons between free and paid products because I'm not very keen on spending more on AVs, especially given the point that I want to buy other things. In one case, I calculated for paying for AVs for at least nine computers (yes, I've a nice, big family), and even with volume purchase and discounts for the first year only (!), I felt like it was buying a new hard drive every year.

In which case, I really do want Windows Security to work, but what happens if it doesn't detect some new ransomware, and all machines at home are infected. I'll be sent to the doghouse for that!

If you get infected by ransomware thats the fault of the users, not the security software or system

 

[Andy Ful]

I calculated for paying for AVs for at least nine computers (yes, I've a nice, big family), and even with volume purchase and discounts for the first year only (!), I felt like it was buying a new hard drive every year.

If you have 9 computers in-home, and some of them are used by children, then the chances of infection in some years cannot be ignored. The children have to be learned how to use safely the computers, just like they are taught to cross safely the street. It is long-term learning because safe habits have to be trained. I do not think that there is an easy way for that. Someone has to sacrifice time and pay attention to do it. This can be a similar challenge as teaching reading and writing.

In my opinion, the best method for children is to use a restricted system with special AV settings or Windows built-in features.
The best AV for that would be Kaspersky with Application Control (@harlan4096 setup). There are other possibilities too (also with non-AV applications).
Advanced users can adopt Windows built-in protection (Defender with advanced settings, Edge with SmartScreen and PUA, SRP, Windows Policies, Exploit Protection) and Parental/Ads control for web browsing (like Adguard DNS).

The clue is that the child should not be allowed to easily bypass the AV alerts. Unfortunately, most security solutions show such (Allow / Deny ) alerts for users' convenience.
Another problem is that most parents do not have sufficient knowledge or patience, or simply do not have time to apply & use a restricted system on a child's computer.

That is why there is no good solution for many people. The AV default settings are not sufficient for children. In many cases, the children are allowed to visit dangerous places and do dangerous things. Their security when using computers is a kind of roulette.

 

[plat]

If you get infected by ransomware thats the fault of the users, not the security software or system

Of course, but then what is the point of having an anti-ransomware component? Especially for enterprise, that's a major major demand. People make online mistakes all the time; these products are supposed to step in after the fact (one hopes).

This is an old debate actually. If you pay to get your dog vaccinated against rabies and it gets rabies anyway--what is your course of action? At some point, the product has to step up to the plate somehow, even when it's part of a multi-layered approach (as it should be). Otherwise, it's useless.

Insofar as Defender is concerned: I would never run it alone, I don't care how shrill people get about it. I tolerate it as an in-built convenience. It seems capable nowadays and I'll leave it there. If not Defender, demos and product test videos abound.

 

[Andy Ful]

...
Insofar as Defender is concerned: I would never run it alone, ...

That is a common view among MT members (also when dealing with any AV on default settings). The con of Defender free is that Microsoft did not give the home customers a dedicated application to apply advanced settings. One has to learn PowerShell or use 3rd party tools. Furthermore, one has to use Edge as a complementary solution or add some extensions when using another web browser.

 

[JasonUK]

That is a common view among MT members (also when dealing with any AV on default settings). The con of Defender free is that Microsoft did not give the home customers a dedicated application to apply advanced settings. One has to learn PowerShell or use 3rd party tools. Furthermore, one has to use Edge as a complementary solution or add some extensions when using another web browser.

It's not just the settings it's also the quality of the alerts ~ I've lost count of the times that Defender has reported after a scan that 'action has been taken against X threat(s)' only for nothing to appear in protection history at all. I've even had Defender delete an installed file (from DXO the well regarded photo processing software) entirely and not report anything even though it's been scanned as clean by Smartscreen, VirusTotal & every other AV scanner available. I wouldn't mind if it reported it, quarantined it and allowed users to reinstate it (if approriate) consistently but it doesn't so you end up either layering security or dropping Defender entirely.

Insofar as Defender is concerned: I would never run it alone, I don't care how shrill people get about it. I tolerate it as an in-built convenience. It seems capable nowadays and I'll leave it there. If not Defender, demos and product test videos abound.

Me neither.

 

[mlnevese]

If you have 9 computers in-home, and some of them are used by children, then the chances of infection in some years cannot be ignored. The children have to be learned how to use safely the computers, just like they are taught to cross safely the street. It is long-term learning because safe habits have to be trained. I do not think that there is an easy way for that. Someone has to sacrifice time and pay attention to do it. This can be a similar challenge as teaching reading and writing.

In my opinion, the best method for children is to use a restricted system with special AV settings or Windows built-in features.
The best AV for that would be Kaspersky with Application Control (@harlan4096 setup). There are other possibilities too (also with non-AV applications).
Advanced users can adopt Windows built-in protection (Defender with advanced settings, Edge with SmartScreen and PUA, SRP, Windows Policies, Exploit Protection) and Parental/Ads control for web browsing (like Adguard DNS).

The clue is that the child should not be allowed to easily bypass the AV alerts. Unfortunately, most security solutions show such (Allow / Deny ) alerts for users' convenience.
Another problem is that most parents do not have sufficient knowledge or patience, or simply do not have time to apply & use a restricted system on a child's computer.

That is why there is no good solution for many people. The AV default settings are not sufficient for children. In many cases, the children are allowed to visit dangerous places and do dangerous things. Their security when using computers is a kind of roulette.

It's my personal experience that with children, Bitdefender with its mostly automated approach is a better solution than Kaspersky... you can let it deal with the threats and if anything requires your intervention, deal with it in Bitdefender Central.

Lock the setting with a password and activate parental controls.

Obviously, never give an admin account to a child. Restricted user.

Backup the computer daily, at least;

Have an image ready for when everything fails and you have to restore a backup anyway. Children have an amazing talent to be hit by malware and every solution will fail to stop it eventually

 

[ScandinavianFish]

At default settings WD is sub-par, but properly hardening it using Group Policy or ConfigureDefender it is more than a match for third party AV's, since you now get almost the same protection that Microsoft Defender ATP offers for businesses, and its in many ways better than almost all AV's in the fact they have dedicated protection against PUP's, even ones not yet in their database, like Malwarebytes and Kaspersky

 

[Local Host]

It's middling because it's in the middle, and it doesn't do well when it comes to system impact. I also tried the same by installing various AVs and running benchmarks plus through feel, i.e., browsing folders with different content and loading apps, and only because I notice that's what slow for one user is fast for another, and dependent on the type of hardware, usage, etc.

I have to take their word for it in the same way I have to take anyone's word on this forum for such. In which case, I'll focus on these sites with details on methodologies and results, as well as those that present tests on video given various testing methods.

I welcome comparisons between free and paid products because I'm not very keen on spending more on AVs, especially given the point that I want to buy other things. In one case, I calculated for paying for AVs for at least nine computers (yes, I've a nice, big family), and even with volume purchase and discounts for the first year only (!), I felt like it was buying a new hard drive every year.

In which case, I really do want Windows Security to work, but what happens if it doesn't detect some new ransomware, and all machines at home are infected. I'll be sent to the doghouse for that!

There was never any comparison between Free and Paid products, that was only another excuse they came up to defend Windows Defender, Free Anti-Virus solutions can still provide better protection than Windows Defender at less performance cost on top.

I personally already provided examples where Windows Defender fails, that third-parties don't, and they failed to reply going around in circles and making up more excuses.

It's my personal experience that with children, Bitdefender with its mostly automated approach is a better solution than Kaspersky... you can let it deal with the threats and if anything requires your intervention, deal with it in Bitdefender Central.

Lock the setting with a password and activate parental controls.

Obviously, never give an admin account to a child. Restricted user.

Backup the computer daily, at least;

Have an image ready for when everything fails and you have to restore a backup anyway. Children have an amazing talent to be hit by malware and every solution will fail to stop it eventually

All the options you stated are available in Kaspersky, I use them myself on family members PCs, so I can't argue why one is better than the other.

 

[ScandinavianFish]

Kaspersky shill

Shill = anyone who disagrees with US propoganda of Kaspersky being spyware.

 

[mlnevese]

I have used Kaspersky for years... I'm quite sure Russian intelligence does not have copies of my kid's pictures... if they do I hope they can send me a backup if all my copies are destroyed

I have used all major brands and some minor ones over the years. they all have their positive and negative sides. Choice should be based on many factor including who will be using the software. On the side of protection, they are so close to one another that it's really pointless to discuss.... the chance you'll be hit by one of the malware in the 0,1% detection difference among the top brands, and I'm including WD in this, is minimal.

Performance is really machine dependant, even the driver version of some hardware may hit performance when using product X while product Y does not conflict with it.

In other words, there's no perfect solution, some products will be more adequate than others in certain scenarios, which doesn't make any of them superior, so choose according to your needs, if possible, test the product in your machine to check for possible hidden conflicts, use the trial periods to the last day. If you are still undecided after this, go for the cheapest one

I have used Windows Defender during the Dev stage of Windows 11 and it has improved a lot since it was released but it is not very good when offline, so if the computer will be used offline, go for something with strong offline signatures, such as ESET, for instance.

 

[Andy Ful]

It's my personal experience that with children, Bitdefender with its mostly automated approach is a better solution than Kaspersky..

It is not better but only more convenient than Kaspersky with @harlan4096 settings. This setup is a smart default-deny and any unknown file (in KSN) is blocked. So, a child or a happy-clicker can hardly be infected. It also covers scripting (including HTA and JAR scripts) and it is a far stronger setup for children compared to Bitdefender.
With Bitdefender, the chances of being infected are similar to most of the popular AVs that do not allow the reputation-based approach for applications and scripts. Some AVs have HIPS modules but this approach would be too complex and inconvenient for most users.

 

[SeriousHoax]

It is not better but only more convenient than Kaspersky with @harlan4096 settings. This setup is a smart default-deny and any unknown file (in KSN) is blocked. So, a child or a happy-clicker can hardly be infected. It also covers scripting (including HTA and JAR scripts) and it is a far stronger setup for children compared to Bitdefender.
With Bitdefender, the chances of being infected are similar to most of the popular AVs that do not allow the reputation-based approach for applications and scripts. Some AVs have HIPS modules but this approach would be too complex and inconvenient for most users.

I think what @mlnevese meant is in default settings or minimal settings changed scenario. Bitdefender is probably the most automated AV out there. Malware, PUP, safe Hacktools, it takes care of everything automatically.
I understand his points perfectly because I've setup Bitdefender Free + Hard_Configurator (MT profile) on a few of my friends and family members PC. They never complained or had a problem. Paid version is even better with BD central.
Since BD free is ending, I can't think of any comparable annoyance free, 100% automated free protection for them.
MD requires user interaction for PUP detection, Kaspersky also needs for those "not-a-virus....." PUPs, Avast has scareware.

And to answer OP's question, Microsoft Defender has surely improved protection wise. You can't deny facts, nor you should. It still has quite a few flaws and some are even annoying.
Most people probably don't need a third party AV, but there are many reasons to go for one.
Microsoft Defender is good but has room for improvements.

 

[Andy Ful]

... Free Anti-Virus solutions can still provide better protection than Windows Defender at less performance cost on top.

Repeating personal opinions (without any reliable sources) will not make them more true.

I personally already provided examples where Windows Defender fails, ...

I did not see any reliable example, except personal opinions.

 

[Andy Ful]

...
Backup the computer daily, at least;

Have an image ready for when everything fails and you have to restore a backup anyway. Children have an amazing talent to be hit by malware and every solution will fail to stop it eventually

If I correctly understood you propose to use a very good AV on default or slightly tweaked settings and secure the data via frequent backups. It is not a bad idea but it has some serious cons on the computers of children:

1. As you have noticed in most cases it is only a matter of time that the child's computer will be infected.
2. Children and most parents mostly do not have sufficient knowledge to quickly recognize the infection, except for ransomware attacks.
3. The child's computer can be infected for a long time and can silently infect other family computers, computers of the child's friends, and your friends.
4. If your network will be infected by something like Emotet, then the worm can infect wireless networks in close neighborhood.
5. Even when using frequent backups you can be forced to use the old backup (several weeks old). Furthermore, you cannot be sure which backup will be clean.

That is why I suggested using a smart-default-deny setup for children.

 

[Andy Ful]

It's not just the settings it's also the quality of the alerts ~ I've lost count of the times that Defender has reported after a scan that 'action has been taken against X threat(s)' only for nothing to appear in protection history at all. I've even had Defender delete an installed file (from DXO the well regarded photo processing software) entirely and not report anything even though it's been scanned as clean by Smartscreen, VirusTotal & every other AV scanner available. I wouldn't mind if it reported it, quarantined it and allowed users to reinstate it (if approriate) consistently but it doesn't so you end up either layering security or dropping Defender entirely.
...

Yes, the Defender's alerts and History feature are not especially good. But, Defender can do well the job after malware detection, better than many 3rd party AVs. Of course, Defender is one of many possible choices.

 

[ScandinavianFish]

Nah. I don't live in the US nor do I care what the US says.

That guy always shills Kaspersky here. Dig through his post history.

Thats him having an opinion, nothing else.

 

[Andy Ful]

All the AVs (including Microsoft) know that their average user cannot handle the security, especially any alerts.

Yes, but there are many above-average home users too. Most of them do not use PowerShell and it would be strange to learn it only for tweaking Defender.

Today's main IT security problem is the same as that of 10 or 20 years ago. Users are ignorant, they don't care, they're not predisposed to put in the effort to learn or configure, and users expect and demand that they should be able to do what they want on their devices, regardless of the consequences.

I think that the problem is far more serious than 20 years ago due to the expanding online activity and expanding cybercrime activity.

 

[Andy Ful]

I understand his points perfectly because I've setup Bitdefender Free + Hard_Configurator (MT profile) on a few of my friends and family members PC. They never complained or had a problem. Paid version is even better with BD central.
....

I understand well his idea, but your setup is very different from Bitdefender alone + frequent backups (your setup is much stronger). My concern was not related to using Bitdefender instead of Kaspersky, but rather to using much weaker computer protection (for children) compared to smart-default-deny (with file reputation support).

 

[Andy Ful]

It does not matter. The situation is the same with other security software.
...

I do not think so. Although most users are not interested in tweaking AVs, there are still many home users who want to use advanced Defender settings to protect family computers or home business computers. They are forced to use 3rd party applications for that or change the AV.
But, I understand your point - Microsoft does not bother much for home users.

 

[mlnevese]

@SeriousHoax Got what I meant. Bitdefender will deal with most everything without prompting the user which is ideal when dealing with children... I probably would listen the screaming from the other side of the street if a default deny solution stopped my kids with prompting

Anyway, hardening the OS is not something most common users would know how to do. The average user of this forum is nowhere close to the average users out there. Even doing daily backups is beyond the technical knowledge of many But if you know how to do it then seriously, do it

It' not as much a decision of what is the safest way but what is the safest way that won't drive you crazy because of the kids complaining