Windows Defender is still one of the best antivirus solutions, independent testing lab...

Polycount

TS Evangelist
Staff member

Now, Microsoft had its hard work with Defender validated yet again -- for the most part. Another independent testing lab, AV-Comparatives, has published its September 2019 malware protection report, and Windows Defender is one of the antivirus (AV) solutions tested.

Defender boasted an online protection rate of 99.96 percent, which puts it in the top 10 AV programs examined by AV-Comparatives. However, it's worth noting that the overall results do not (with one major exception, which we'll get to in a moment) vary significantly from program to program. For example, Defender managed to successfully block 10,552 pieces of malware (out of 10,556), but even the lowest-ranked program -- Total Defense -- blocked a respectable 10,537.

With that said, given the devastating effects even one piece of malware can have on a system, it's certainly worth going with one of the best. In this particular test, Avast, AVG, and Trend Micro take that crown, with 100% protection rates. The "worst" programs for virus protection were McAfee (99.82 percent) and the previously-mentioned Total Defense (99.82 percent).

Now, detection rates are another story. As part of their test, AV-Comparatives thought it would be wise to see how "cloud-reliant" each AV program is. In other words, the group wanted to see how effective the software is at blocking malware without an active connection to the internet.

Unfortunately for Microsoft, Defender faltered in this category. Its offline malware detection rate sat at just 29.7 percent, which is better than Panda Antivirus (28.6 percent) and Trend Micro (20.9 percent), but not by much. For reference, Avast's offline detection rate was 97.4 percent. When we look at the online detection rates, Microsoft's results are much better at 76.3 percent, but they still fall behind the rest of the pack (all of which surpassed the 92 percent mark).

If you're a bit confused about what the difference between protection and detection is, here's AV-Comparatives' explanation:

This Malware Protection Test checks not only the detection rates, but also the protection capabilities, I.e. the ability to prevent a malicious program from actually making any changes to the system. In some cases, an antivirus program may not recognise a malware sample when it is inactive, but will recognise it when it is running.

So, in short, a lower detection rate (such as the 76.3 percent figure quoted before for Defender) is not necessarily the sole marker of a bad or ineffective piece of AV software. Defender might not catch all viruses when they lie dormant, but it'll almost certainly do so when they try to actively harm to your system.

Another metric that prevents Defender from snagging the #1 antivirus spot is its false positive detection rate. As part of its report, AV-Comparatives gave each participating AV program a set of clean files to scan, and took note of how many items were incorrectly flagged as malicious (the total number of files is unknown).

During the "False Alarm" test, Microsoft flagged 13 false positives, putting it in the "many FPs" category (albeit on the low end -- the worst offender tagged 40). Avira, Eset, and Kaspersky performed the best here: Avira only flagged one false positive and the latter two detected none.

All in all, despite a few hiccups, Windows Defender is still one of the best antivirus programs out there, and it's relatively non-intrusive as far as free software goes...

All in all, despite a few hiccups, Windows Defender is still one of the best antivirus programs out there, and it's relatively non-intrusive as far as free software goes (you won't be harassed to shell out cash for a paid upgrade). In AV-Comparatives tests, Defender managed to earn the two-star "Advanced Malware Protection" rating, alongside Panda, Kaspersky, F-Secure, and a few others.

However, the software is not perfect, and Microsoft clearly still has a ways to go in the offline virus detection department. We hope the company improves this aspect of its security software moving forward.

Image credit: AV-Comparatives, Shutterstock

Permalink to story.

 

Uncle Al

TS Evangelist
Yeah, I still really like it with one small exception .... it tends to "fight" with other anti-virus programs, other than that it's pretty darn great and you can't beat the price!
 

PEnnn

TS Addict
. The "worst" programs for virus protection were McAfee (99.82 percent) and the previously-mentioned Total Defense (99.82 percent).

Ah yes, McAfee, the same squatter that many PC makers install on their PCs and laptops when they sell them to the gullible public!!
 

brucek

TS Guru
Not sure about the methodology here. I'd be more interested in a study that looked at this from the perspective of an active attacker. If I'm a criminal or intelligence agency looking to buy an exploit, which of these program(s) will it beat? My guess is the top dollar ones beat 100% of them, at least for some time. Even if that's true, is there a point at which there starts to be noticeable differences? I.e., are there some programs that update faster than others, meaning the period of infection will be lower? Do "professional" attackers consider some defenses easier to overcome than the others?

For this test, I'm getting the feeling that the results say more about the test library than they do about the actual defense systems.
 

Evernessince

地獄らしい人間動物園
Not sure about the methodology here. I'd be more interested in a study that looked at this from the perspective of an active attacker. If I'm a criminal or intelligence agency looking to buy an exploit, which of these program(s) will it beat? My guess is the top dollar ones beat 100% of them, at least for some time. Even if that's true, is there a point at which there starts to be noticeable differences? I.e., are there some programs that update faster than others, meaning the period of infection will be lower? Do "professional" attackers consider some defenses easier to overcome than the others?

For this test, I'm getting the feeling that the results say more about the test library than they do about the actual defense systems.
I think you misunderstand the purpose of an anti-virus. It is to remove identified malicious code from a system. It does not protect against active attackers let alone governments.

No anti-virus will prevent someone from using an exploit on your router to scoop up all the data passing through your network.

There are some Internet security programs that include a firewall and browsers plugins that prevent users from being stupid but that's about the extent of it. Ultimately none of those solutions protect against exploits or vulnerabilities nor active attackers. In the end the security of a system largely depends on the end user. There are few exceptions to this rule.




 
  • Like
Reactions: mat9v and Karlos95

Karlos95

TS Booster
I don't understand why people use anything else. Not only comes out on top but it is free.

Ultimately, if you know what you are doing you don't need one to begin with.

I recommend Windows Defender to all my customers. I feel anything else is just a waste of money unless they use it for something special (ie: Passwords, Data encryption, webpage crawlers, vaults.) and even then there are better solutions.
 
  • Like
Reactions: scavengerspc

Arris

TS Evangelist
. The "worst" programs for virus protection were McAfee (99.82 percent) and the previously-mentioned Total Defense (99.82 percent).

Ah yes, McAfee, the same squatter that many PC makers install on their PCs and laptops when they sell them to the gullible public!!
I've always considered McAffee AV to be a virus. Machines run worse with it installed than when riddled with virii.
 

cliffordcooley

TS Redneck
I live on the edge, I specifically disable Defender and install nothing else.
Same! But I'm also careful and wise to the internet. My nan though, she gets riddled with Virus's regardless of which anti-virus is installed!
I used to go without an antivirus. It wouldn't bother me to do so again. But as long as Defender seems to be working and doesn't bother me without cause. I'm good with it installed and active.
 

Dimitrios

TS Guru
Microsoft only got a few things right .

1.) Windows XP
2.) Windows 7
3.) Gaming consoles
4.) Defender
5.) DIRECTX8.1 with it's programmable shaders for GPU's.
 

Puiu

TS Evangelist
I generally use Windows Defender on Windows 10 or Bitdefender if I need a good pro paid antivirus. I just don't trust AVG or other abominations that keep spamming people with pop-ups.
 
  • Like
Reactions: Peter Farkas

isamuelson

TS Booster
Roast me, I use Norton!
So do I. For me, it runs just fine. This on a 10 year old computer running AMD Phenom II X720 and when I monitor resources, Norton 360 is nowhere near the top of consuming resources.

At work, I have a 1-year-old lap top and they use McAfee. It's CONSTANTLY scanning, causing disk utilization to spike. And I have seen on our application servers where the CPU spikes constantly when McAfee kicks off. It's even worse when we deploy new WAR files to our application servers. It got SO bad I had to file an exemption so that it wouldn't scan the Tomcat WebApps folder.

And to this day, when we reboot after patches to the server, Tomcat will start hogging 100% CPU resources due to McAfee. McAfee IS a virus. Stay away from it.
 

brucek

TS Guru
I think you misunderstand the purpose of an anti-virus. It is to remove identified malicious code from a system. It does not protect against active attackers let alone governments.

No anti-virus will prevent someone from using an exploit on your router to scoop up all the data passing through your network.

There are some Internet security programs that include a firewall and browsers plugins that prevent users from being stupid but that's about the extent of it. Ultimately none of those solutions protect against exploits or vulnerabilities nor active attackers. In the end the security of a system largely depends on the end user. There are few exceptions to this rule.
I agree one of their purposes is to match and remove "Identified Malicious Code". (I'd also argue the good ones look for patterns of system access from not yet identified code and flag it for review.)

Anyway, as the near uniformity of the results in the article point, the solutions are essentially identical against those identified malicious codes that are well known. The difference, then, is at the margin, with how quickly formerly unidentified malicious code becomes identified malicious code. That's what I was talking about.

I agree in principle that a well executed attack such as a trojan by a sophisticated government against a small number of users may represent one of the most extreme cases of code that can go undetected for long periods (although, even then, some of these are eventually found and published.) Of course on the other end there are dumb attacks that spread as fast as possible and do not conceal their effects (I.e., spam ads) and are destined to be identified very rapidly, but even for those easiest cases someone finds it and deploys a solution first.

Anyway, while my methodology may not have been perfect, my point stands that using a list of previously identified viruses is not what is most interesting in differentiating these solutions. I'd still be interested in a review from the perspective of how quickly they react to new malware.
 

arrowflash

TS Booster
I live on the edge, I specifically disable Defender and install nothing else.
Same. I just use a good adblocker and script blocker (that are more effective in thwarting threats than any av browser module). When downloading executable files from shady sources or torrents, I just use Virustotal or some offline on-demand scanner such as Kaspersky Virus Removal Tool before running them.

If you actually know how to use computers and have a bit of common sense, you don't really need realtime av protection slowing down your machine and bogging your network almost as bad as some viruses.

I do work in IT with infrastructure support though, and for the networks and clients we support, we obviously do use endpoint realtime av protection in all workstations - since most users don't know how to use computers, and don't have any common sense... and despite all these tests over the years gloating over Windows Defender efficacy, in my experience it's still barely any better than using no antivirus at all. My last experience with Defender in a real world scenario was 3 years ago, and it still detected tons of false positives while 70% of real threats passed straight through it... (hey, it did improve! Back in the Windows 7 days, it wouldn't detect 95% of actual viruses - now it's 70%!). Seriously, I doubt it significantly improved since then, for me to start using and recommending it. If you need av for a company network, I use and recommend paying up for ESET products (NOD32, ESET Endpoint Protection, etc), they're very lightweight and provide excelent protection. For small companies who don't want to pay up for an av license I recommend Avast Free Antivirus, it is a resource hog but the protection is pretty decent and much more effective than Windows Defender.

Granted, I don't trust the results from these kinds of tests even a little bit, they almost never reflect actual efficacy of av products in real world scenarios. Over the years, I often found out that the products with best results were the less effective in real world usage, and vice-versa.
 

Ravalo

TS Booster
”The "worst" programs for virus protection were McAfee (99.82 percent) and the previously-mentioned Total Defense (99.82 percent).”

What about protegent?