Microsoft Defender: A SecBeast or a MalFeast

The term malware is a combination of the words malicious software. It covers a wide variety of threats including viruses. Yes, although many of us, use the term Virus, viruses are actually only a small team of the malware family. Malware family includes many harmful members from adwares and keyloggers to real headaches like ransomwares. The solution was always a good and reliable Antivirus, though the correct term should be Antimalware. Security tools don’t fight only viruses, but almost every kind of Sec threat. Some more successful than others. Whatever you do, a decent Sec solution is necessary for your Windows-powered machine. For many years, we had third-party softwares to protect us for free or by a subscription. That was the model mainly because, Microsoft’s Sec solutions were meaningless, the least. Anyone remember Windows Antispyware, XP’s Defender and MS Security Essentials? If yes, I am sorry to hear that. You should had erased them from your memory, by now.

But everything changed with Windows 8 and mainly with Windows 10. Microsoft upgraded Security Essentials to a complete Antivirus suite and most importantly for free and built-in. That was the birth of Windows Defender. For years, Defender was struggling to pursuade us, that would protect our devices. And not without a good reason. Almost every other competitive product would do it better. Defender in almost all official AV tests scored so bad, that no user could trust it.

Until Windows 10. Then, the game was starting to change and Defender’s rising to the top, was actual. It managed little by little to be one of the most reliable Sec solutions for Windows. And had nothing to be jealous of the rest free or even paid solutions. Mostly some extra features which paid products offer, like VPN, etc.

But the question still remains. Is Microsoft Defender AV, as it is called today, enough to protect us? Well, that’s why I am writing this article. To offer you my humble objective opinion on that matter. With actual results and testings.

I am using Windows 10 Home 64bit Virtual Machine, through Virtualbox, in a Linux Mint Mate Host with many possible risks off. In order to lower the risk of infecting my main Host. That’s actually why I choose to test Windows VM in a Linux Host. Windows malwares are useless in a Linux-powered machine. Of course, there are cross-platform malwares, but I don’t intend to risk my device with something like this. The main purpose is to test Defender in real world scenarios and for the everyday user. My malicious library contains 100 samples of almost every kind of malware. Personally, I don’t think that a typical user, would ever have to be against such a lot of threats. So, I consider 100 samples, way more than enough. Unfortunately, my methodology isn’t a proof of a zero-day attack success. That’s mainly because as an amateur researcher I can’t have access to so complex and special libraries. That means that most of my samples might be outdated or easily detected. But that also means, this is with what kind of threats an ordinary user might come across. And basically, that’s the purpose of my article. Also, I chose Windows Home because this is the version which comes preinstalled to many notebooks and prebuilds. I try by this way, to cover the widest variety of Windows devices on the consumer market.

With simple words my article isn’t a proffessional proof of work, but rather an objective research for the ordinary user. And that’s how I wish you to think of it. But enough with the theory. It’s time for action.

Defender detected 94 out of 100 samples in real-time detection. That lowers even more with a full scan which detected more threats. The full score is 97/100. This is impressive, meaning that only three threats managed to get undetected. Of course, three threats are bad news for the user. Seems like Microsoft doesn’t do well with most of adwares or keyloggers. Let alone ransomware. But numbers are numbers. That’s why I feel the need to suggest you using and a second opinion scanner. Good choice is Malwarebytes. If you prefer portable solutions you can use Emsisoft Emergency Kit and Spybot. That would eliminate to the lowest the risk of an infection. I also used Defender Offline, but without something else detected. Offline tool is a good choice to detect rootkits. At least, in theory. What should also be noted is that, if I run the test without being connected to the Network, Defender results are lower. That proves Defender heavily depends on its Cloud-based database. This is expected. Windows devices are a wide Network so it’s easier to analyze and recognise any newer threats. It also should be noted that Defender wasn’t good at removal of the installed threats. It left some leftovers even in Registry. Some were neutralised but leftovers are leftovers. At my knowledge, other products are better on threats removal. Defender is what I can say a good preventing mechanism, but needs some tuning on removal. Moreover, it isn’t the fastest scanner out there. Many competitors offer the same or better results faster. But for a free AV, Defender isn’t behind, the rest of the competition. In many cases, is even ahead of it. Firewall feature worked as it should in most of the cases and controlled access kept out any ransomware intereference. This is definitely a plus. What really surprised me was the Security feature combination with Edge Browser. In my dangerous Urls list, Edge and Defender scored an impressive 20/20 blocked sites. Good news is there is a Sec extension for Chrome and Firefox. It works in conjuction with Google’s Safe browsing. The last thing I have to mention is that I didn’t have any false positives, but this is mainly because of my files. Defender tested by AV labs has a false positive behaviour, but nothing more unusual than the competition. I feel the need to inform you about that.

I don’t have many things to write for its performance. Defender went unnoticed. And this is comparing any other solutions I tested so far and using a stripped-down iso without Defender. Most of the time, you won’t even notice it is there, even when scanning.

You know we are talking for a free product, right? So, considering the competition is more than enough. Of course, it misses extra features which competitive products offer for a price. By the time, Defender doesn’t offer a Premium version, I have to be fair. Still some features are missing. But mostly, in paid products.

Not much to inform you here. Microsoft’s tool is one of the easiest solutions to use. Nothing difficult that an ordinary user should tune. It works as it should out of the box.

Is Microsoft Defender enough? Yes, it is a decent tool that offers a very good level of protection. In addition with some common sense and a reliable second opinion scanner, is probably all anyone would ever need. So, rest assured that MS is trying to protect you, the best possible way it can. But, Cyber-Criminals always find new ways to trick AV tools. Sometimes, masking their threats as legitimate processes and files or by any means you could possibly imagine. You can never be too careful.

But what is your opinion about Defender? Do you use it? Is it a trustworthy tool? Do you prefer another tool or solution?

Please feel free to write your thoughts in the comment section or even on our Forum.