Microsoft has included antivirus protection in its operating systems for ages, going all the way back to DOS.
The modern-day Microsoft Windows Defender Security Center protects against Trojans, viruses, ransomware, and other types of malware, but it also manages your security overall.
It's always active on systems that have no other antivirus installed.
If you install a third-party security solution, Windows Defender's antivirus component goes dormant, to avoid any conflict.
We salute Microsoft for ensuring that all users have at least some degree of antivirus protection.
Our latest testing suggests that Defender does a good job.
Windows Defender differs from other free antivirus tools in that there's no installation required; it's already present.
When you click the Defender icon in the notification area, it opens the full Windows Defender Security Center.
The main window's home screen reports security status, and offers six additional feature pages, accessed by clicking large icons across the bottom or small icons in the left rail menu.
I'll go into detail about these pages below.
In addition to the expected Quick, Full, and Custom scan options, Windows Defender offers what it calls Offline Scan.
Designed to handle persistent malware that doesn't yield to a normal scan, this scan reboots the system and runs before Windows fully loads.
That also means it runs before any malware processes load, so the malware is defenseless.
If you feel that you still have a malware problem after a regular scan, give the offline scan a try.
Lab Results Improving
Some years ago, Windows Defender routinely earned truly awful scores from the independent testing labs, coming in below zero at times.
It's been improving steadily, at least with some of the four testing labs that I follow, and its scores now range from so-so to perfect.
Security experts at AV-Test Institute rate antivirus programs on three criteria, Protection, Performance, and Usability.
The antivirus can earn up to six points for each of these.
For certification, a product needs a total of 10 points and no zeroes.
In the latest report, Windows Defender got 6.0 points in all three categories, for an impressive total of 18 points.
This is the first time I've seen Microsoft reach that top score.
F-Secure, Kaspersky, and Symantec Norton AntiVirus Plus also took 18 points in the latest test.
Among free products.
Avast and AVG took 17.5 points.
London-based SE Labs awards five levels of certification, AAA, AA, A, B, and C.
Along with Avira Antivirus, ESET, Kaspersky, Norton, and Trend Micro, Windows Defender earned AAA certification in the latest test.
Avast and AVG, among others, came close, with AA certification.
Lab Test Results Chart
Antivirus products don't get a numeric score or grade from the researchers at AV-Comparatives.
A product that passes the test gets Standard certification; one that doesn't pass gets the label Tested.
Those that do more than the minimum can rate Advanced or Advanced+.
I follow four of this lab's many tests, and Microsoft appears in the latest report for three of those.
Windows Defender earned one Standard certification, one Advanced, and one Advanced+.
Bitdefender Antivirus Plus($29.99 for 3 devices / 1 year at Bitdefender) is the only product to take Advanced+ in the latest runs of all four tests.
British testing firm MRG-Effitas runs two tests that I track.
One is a pass/fail test that challenges antivirus products to defend against attacks on online banking.
In the latest banking protection test, half the tested products failed, Windows Defender among them.
The other test from this lab measures defense against a full spectrum of malware types.
In this test, a product that completely prevents all the malware attacks earns Level 1 certification.
A product that remediates the attacks within 24 hours gets Level 2 certification.
In the latest test, all products, Windows Defender included, reached level 1 certification.
Each lab uses its own scoring system.
I've devised an algorithm that maps them all to a 10-point scale and generates an aggregate score.
The current aggregate score for Windows Defender is 9.1, a big jump from 7.2 at my last review.
Also tested by all four labs, Kaspersky scored 9.9, Avira 9.7, and Norton 9.3.
Avast Free Antivirus came in slightly below Microsoft, with 9.0 points.
In a recent press release, Microsoft made much of its recent top score with AV-Test.
That release caught enough attention that I decided to look at previous results from the last three years.
Bitdefender and Kaspersky both averaged more than 17.5 points, while Windows Defender averaged 15.5, with scores ranging from a barely-passing 13.0 to 17.5 points.
In three years of tests by AV-Comparatives, Bitdefender and Kaspersky took nothing but Advanced+ certifications.
Microsoft didn't reach Advanced+ at all, earned about as many Advanced as Standard certifications, and failed three tests completely.
I'm impressed by Microsoft's recent success, but I'll be even more impressed if those high scores prove to be the new normal.
Excellent Hands-On Test Results
If you don't have any other form of malware protection, or your antivirus expires, Windows Defender steps in and does its best to keep you safe.
To get an idea of its effectiveness, I challenged it to protect my test system against a collection of various types of malware.
I made sure to configure it to detect lower-risk items, such as adware and potentially unwanted programs, or PUPs.
I also enabled the permission-based ransomware protection.
To start my hands-on testing, I open a folder containing my current set of malware samples.
Windows Defender didn't do anything right away, so I moved the samples to another folder.
That got its attention, but in a strange way.
It didn't eliminate any files, but it prevented me from moving or even deleting samples that it identified as malware.
In addition, it didn't catch them all at once, so I had to repeat the process of moving files until I came up with a group that Windows Defender immediately detect.
The others, 63 percent of the collection, weren't gone from the system, but they were neutralized.
I took the remaining samples and launched them one by one, noting how Windows Defender reacted.
It caught almost all the remaining samples at this point, detecting 98 percent of them one way or another.
Only Webroot SecureAnywhere AntiVirus($18.99 for 1-Device on 1-Year Plan at Webroot) detected more, with a perfect 100 percent.
Note, though, that Webroot lost some points for not blocking every trace of every detected threat.
It scored 9.7 of 10 possible points, the same score Norton achieved with my previous sample set.
With 9.8 points, Windows Defender has the new high score.
That's a big improvement from last year's hands-on test, in which it scored 8.0 points.
Looking specifically at free products, Avast Free Antivirus managed 9.2 points against the same set of samples.
Kaspersky Security Cloud Free scored significantly lower, but for whatever reason Kaspersky routinely scores at the top in the independent lab tests, lower in our hands-on tests.
Malware Protection Results Chart
My malicious URL blocking test uses the newest malware-hosting URLs I can find, typically no older than a couple days.
I launch each URL and note whether the antivirus blocks all access to the page, eliminates the downloaded malware, or does nothing at all.
Technically, SmartScreen Filter provides this protection, both for Edge and Internet Explorer, but Windows Defender manages SmartScreen Filter.
It's worth noting that most competing products apply malicious download protection to all popular browsers, while Microsoft only protects its own.
Out of 100 malware-hosting URLs, Windows Defender blocked access to 18 percent at the URL level, and prevented download of the malware payload for another 79 percent.
It did the latter in two ways.
For about three quarters of the files, SmartScreen warned of an unsafe download, stopping it at the source.
For the other quarter, the real-time antivirus wiped out the file immediately after download.
Trend Micro currently holds the top score in this test, with 99 percent protection.
Windows Defender's 97 percent puts it in a three-way tie for second place, joining McAfee and Sophos Home Free.
A full antivirus scan of a clean test system with Windows Defender took just short of two hours, a good bit more than the current average of 75 minutes.
A repeat scan matched the average.
Kaspersky came in a bit below that average for its initial scan.
It used the first scan to note safe files requiring no further scanning, which allowed the second scan to run in less than five minutes.
It's true that after that initial full scan, real-time protection should handle any new attacks.
However, many users like to schedule an occasional full scan for added security.
You won't find that functionality in Windows Defender, though.
If you want to schedule a scan, you'll have to dig into the unwieldy, threatening Task Scheduler app.
Most competing products make scheduling scans much, much easier.
Not So Good Phishing Protection
Phishing websites don't bother infecting your PC with malware.
Instead, they try to fool you into giving up your login credentials for your email provider, banking website, even dating and gaming sites.
They do so by creating a page that looks exactly like the real thing, hoping you don't notice that the URL in the Address Bar is wrong.
These sites get blacklisted and shut down quickly, but the fraudsters just gin up new ones.
To test phishing protection, I gather reported phishing URLs from various websites.
I favor those so new they haven't yet been analyzed and blacklisted.
Anybody can block blacklisted sites, after all.
A real antiphishing solution needs the ability to detect frauds in real time.
In addition to reporting the product's detection rate for verified phishing pages, I compare its rate to that of the phishing protection built into Chrome, Firefox, and Edge.
In this case, the product in question is SmartScreen Filter, managed by Windows Defender for Microsoft Edge, so I only had to compare Edge with the other two browsers.
In truth, I didn't need new testing for Edge's SmartScreen Filter.
I switched all my virtual machine testbeds to Windows 10 earlier this year, and started using Edge in testing.
That means I already had eight sets of data, detection percentages for Edge, Chrome, and Firefox.
I simply averaged those to get a score for Windows Defender.
The results don't look good.
Edge detected and warned about just 68 percent of the verified phishing sites, compared to 90 percent and 89 percent for Firefox and Chrome.
That puts it in the bottom half of current products, and the best of them score vastly better.
At the top, Kaspersky and McAfee AntiVirus Plus detected 100 percent of the frauds in their respective tests.
Bitdefender and Trend Micro came very close, with 99 percent.
A dozen products scored better than 90 percent.
In most cases where free and premium editions both exist, they score the same in my tests.
Bitdefender Antivirus Free Edition is an exception.
It doesn't have the full antiphishing power of its premium cousin, and hence scored just 91 percent.
It also scored lower in my hands-on malware protection tests.
Microsoft did much better when last tested against phishing frauds, with 85 percent detection.
However, I've observed that the detection rate for SmartScreen Filter, whether in Edge or Internet Explorer, tends to vary quite a bit.
In the last eight tests, it ranged from 57 percent to 85 percent.
Simple Ransomware Protection
Buried in the antivirus settings is a hidden gem that offers a degree of ransomware protection.
It's turned off by default.
Scroll down to "Controlled folder access" and turn it on.
By default, it protects your Documents, Pictures, Videos, Music, and Favorites folders.
New since my last review, it also protects the Desktop, an addition I found annoying.
I have a habit of dropping test programs on the desktop and running them from there.
Windows Defender prevented my programs from writing to their output files.
I also found that it squawked at any installer that tried to place a program icon on the desktop.
If I were relying on this feature for protection, I'd probably remove Desktop from the list of protected folders.
To test this feature, I tried to edit a text file in the Documents folder using a tiny text editor I wrote myself.
When I tried to save, I got a message, "Stream write error," and a popup from Windows Defender noting that it prevented the change.
It also prevented my simple-minded ransomware simulator from modifying text files in the Documents folder.
The similar feature in Bitdefender, Trend Micro, and Panda Free Antivirus lets you extend trust to an unrecognized program directly from the popup warning.
With Windows Defender, that's not an option.
To add an exception for a valid program you must dig into the settings.
See How We Test Security Software
Security Center
There's a reason they call this utility Windows Defender Security Center.
In addition to providing protection against malware, it serves as a central location to manage other security features.
Clicking the icons at the left side of the main window brings up pages of security information and settings.
I've already covered features of the Virus & threat protection page.
The Account protection page links to system settings related to your Microsoft account, including Windows Hello for logging in and the optional Dynamic lock, which locks the PC when a paired device isn't nearby.
From the Firewall & Network Protection page, you can check the status of Windows Firewall and perform simple tasks like allowing an app through the firewall.
It also offers quick access to network troubleshooting and firewall configuration.
Windows Firewall is effective enough that you may not need a third-party firewall.
You use the App & Browser Control page to configure aspects of SmartScreen Filter.
By default, it warns if you download dangerous files or venture to dangerous websites.
You can set it to block without warning, or—bad idea—turn off protection.
SmartScreen also checks web content used by Windows Store apps.
Expert users can dig in to configure exploit prevention technologies including CFG, DEP, and ASLR.
If you don't already know what those abbreviations stand for, you're not qualified to meddle with the settings....