Any on that list will provide decent protection. It really comes down to what the user(s) decide they want, if they want to tweak or harden, if it does not cause problems, if they like it, etc. Is the user a scripter, a developer, an administrator, or just an average person off the street? What is the system used for? Is the user a prolific downloader of files? Is the physical system 10 or 15 years old, or is it less than 5 years old? And so on.
If you are paranoid and think nation states are trying to hack you to death, then either use heavily default-deny tweaked native Windows or set Emsisoft behavior blocker to Alert Always (the only non-Microsoft security solution that has prevented various nation-state attacks, such as FinSpy (and others not to be listed)). Either of these will cover a broad spectrum of potential attacks with few chinks in the armor - as long as the user has the knowledge and does their part.
If you lean towards usability without issues then default or tweaked Windows Defender or F-Secure.
Why do I personally use F-Secure?
1. I like it. It works for me. It meets my needs. Solving issues is easy.
2. It exist without conflict besides native Windows security and Defender.
3. It provides protections that Windows Defender does not, even tweaked.
4. I am a mundane, low-risk user that impalements and practices high security via Defense-in-Depth.
5. It is low resource intensive.
6. Support is responsive.
7. I report problems and they get fixed within timeframes that are within industry standards (e.g. a few months or less).
8. It has been the least PITA internet security suite that I've ever used.
9. For geopolitical reasons, I am OK with a Finland-based vendor.
It's not perfect, but it is close enough for me. I don't allow others to influence my decision; what I choose is done solely on the consideration of all data points, and then my own self-performed security and pentest results. F-Secure is not a Swiss Army Knife. It is a specifically designed tool to handle specific security issues. It needs to be supplemented with other defense layers - of which user knowledge is of supreme importance (true of all on the above list).
If you have children, then Standard User Account configured to absolute default-deny for everything and\or virtualization-based protection capable of being easily reset (e.g. Shadow Defender, Rollback Rx). Who knew that being a parent required them to be cybersecurity subject matter experts (SMEs)?
