Microsoft’s built-in security software has improved enormously, but it still has a few shortcomings. A reader writes in to ask: Can it get the job done as well as a third-party antivirus utility?
By Max Eddy
I mostly write reviews of VPNs, articles and features about VPNs, and responses to emails (of varying degrees of hostility) from or about VPN services. In nearly all of these contexts, I’ve tried to explain that VPNs (although excellent for securing your internet traffic) don’t replace password managers, antivirus suites, or the use of two-factor authentication (2FA). But recently a reader asked me whether I was implying that the security software from Microsoft was somehow lacking. That’s a question worth considering.
Here’s what our intrepid reader sent me (note that this excerpt has been edited for brevity and to remove personal information):
“You recommend third-party anti-malware, McAfee, Bitdefender, and Kaspersky in one of your articles. Are you suggesting that Microsoft Security Essentials on Windows 10 is not sufficient?”
The short answer is that the bundled security solution from Microsoft is pretty good at most things. But the longer answer is that it could do better—and you can still do better with a third-party antivirus app.
For those who are unaware, Microsoft Security Essentials was antivirus software included by Microsoft with Windows starting in 2009 and continuing until it was supplanted by Microsoft Windows Defender Security Center. With this software, Microsoft ensured that customers would have some kind of protection from the moment they first booted up their computer. It costs users nothing and doesn’t require them to take any action.
When Microsoft’s security offering first went under the microscope, it didn’t impress. But it improved over time, so much so that it started to snag top scores from independent lab assessments. In his review, my colleague Neil Rubenking found that Microsoft’s offering does an excellent job detecting and preventing malicious software.
Now, Defender hasn’t totally stolen the spotlight away from the McAfees and the Bitdefenders of the world. You could chalk that up to decades of name recognition for competitors, but also, testing has revealed some notable shortcomings in Windows Defender. We found that the SmartScreen filter in Edge blocked just 68 percent of phishing sites, for example. That’s particularly bad compared with the 89 and 90 percent blocked by Firefox and Chrome. In those tests, Kaspersky and McAfee blocked 100 percent of the phishing sites.
That’s especially disappointing because phishing attacks can do so much damage, and they don’t require a lot of technical sophistication on the part of attackers. A phishing site tricks people into voluntarily handing over personal information—such as credit card numbers—by impersonating a legitimate website. For more on this particular threat, you can read our story on how to avoid phishing attacks.
Windows Defender also doesn’t cover the same breadth of products that third-party security companies do. The company that sells you antivirus software can also provide backup protection, a password manager, a VPN, parental control, and more besides, often rolled up in a security suite.
Still, the ascension of Windows Defender is a good story. We conclude our review thusly:
“We used to say Windows Defender is better than nothing. At present, we’re willing to say it’s pretty darn good. Some of its lab test scores are excellent now, though it took a while to reach this point. […] It earned a great score in our hands-on malware protection test but didn’t do so well at detecting phishing frauds.”
I’m always glad when I get a reader question that I can answer definitively. I’m even happier when I can point to the work of an eminent colleague like Rubenking to back me up. But I want to address this reader’s question directly as well.
I realize that even when I tangentially recommend security products, I should strive to make the recommendations as accessible as possible. Windows Defender is a great example. It’s something most people already have, it works well, and it doesn’t require you to pay anything (beyond the cost of Windows, at least).
This is especially important because the two biggest obstacles preventing people from adopting good security practices are money and effort. Security software is not fun to buy and only a little fun to use. It’s also expensive! These days, we’re expected to pay subscriptions for the videos we watch, the games we play, and now, security software. We’re rapidly approaching a future where security and especially privacy area luxury afforded to the people who can pay extra.
It shouldn’t have to be that way, and it doesn’t have to be. High-quality free security products do exist, and Windows Defender is a good way to keep you and your computer safe. It is, however, not the best. For that, we recommend Bitdefender Antivirus Plus, Kaspersky Anti-Virus, and Webroot SecureAnywhere AntiVirus, among others. If you can afford them, these options will provide far more protection.