Windows 10 Windows Defender vs Other Third-Party Security Tools - Equitable Comparison

Many people compare or read a comparison between Windows Defender with third-party's Internet Security, Total Security and so on. Most of these comparisons are not equitable because these tools have antivirus as well as other security tools such as Firewalls, Internet security and others, while Windows Defender is just an antivirus program.

What Windows built-in security services are included and enabled by default?

Windows Defender is an antivirus software that protects your system against viruses, malware, spywares and network threats. It is a Windows Service that works with other Microsoft security and maintenance services such as Windows Firewall and Microsoft SmartScreen (which is Internet security: phishing and malware filter used in several Microsoft products including Internet Explorer, Hotmail and Microsoft Edge). All of these services are enabled by default and starts at system startup, of course, if you do not have installed a third-party security software.

When you install a third party security tool, Windows turns off its corresponding security service. For instance, Windows turns off Windows Defender automatically when you install a third party antivirus and you cannot turn it back on because Windows Defender settings become inactive unless you uninstall the third party antivirus.

In addition, security updates and critical updates protect against vulnerabilities to malware and security exploits. By default these updates are downloaded and installed by Windows Update service automatically.

Moreover, Windows Update takes care of updating Windows Defender automatically. Updating Windows Defender does not require system restart.

Finally, take in your consideration that Microsoft security tools are built into the Windows operating system and fully compatible, reliable and working smoothly with fewest bugs and side effects.

How to schedule Windows Defender to run system scan?

By default, Windows Defender is scheduled to run quick scan as part of daily basis Windows Automatic Maintenance job when the system is in idle status. When the task is missed or interrupted by the user (when the user returned to use the computer), the system re-runs the scan the next time the system goes to idle status (re-runs the scan from beginning and does not resume it from the point it stopped last time).

To see what tasks are included in the system Automatic Maintenance, change the time or run the system maintenance manually in Windows 10, open "Security and Maintenance" window in Windows Control Panel (or type Security and Maintenance in the search box near to the Start menu). Then expand Maintenance section to see the Automatic Maintenance.

                Security and Maintenance -> Maintenance -> Automatic Maintenance

Windows Task Scheduler service is used to schedule a Windows Defender system scan. Do not change the default quick scan to full system scan. Microsoft, the system builder and developer, sets all necessary settings of security and maintenance tasks to give you the best over-all system security and performance for most consumers to perform their normal daily works.

Windows 10: http://windows.microsoft.com/en-us/windows-10/schedule-a-scan-in-windows-defender

Windows 8 (More detailed with screenshots - Same procedures for Windows 10):

http://www.thewindowsclub.com/schedule-scans-in-windows-defender

There is no need for, and I do not recommend, a daily full system scan. This (full scan) takes more computer resources for a long time and slows down your system performance. In my opinion, the best practice to perform a full system scan is when you feel that your system is infected by a virus or when you clicked on a suspicious link online or in an email message and the quick scan did not solve the problem. In these cases, run the full system scan manually. If you want, you can run the full system scan from time to time (once a month for instance) manually.

Although, you don’t need to schedule a full system scan, you can setup your own scheduled task to perform a full system scan and, again, don’t change the Microsoft default settings. For this purpose, use Windows Task Scheduler tool.

To run a Quick, Full or Custom scan manually, open Windows Defender then from the main page (Home) select a scan option and click "Scan now" button to start the scan.

Who needs to change built-in security tools?

Maybe, you need to change some of default settings, built-in tools and/or use additional security tools using higher-rated 3rd-party software, if you are working on public place and using many of others possibly infected external memories (such as Flash drives and External HDDs), connecting to an unsafe public Wi-Fi frequently, opening unknown and dangerous websites, playing with hackers or visiting their websites (maybe for downloading, installing or testing some illegal apps), visiting porn websites, and/or downloading and testing apps from unknown sources. In these cases, you are exposing to viruses and external attacks from hackers more than usual.

Although, for many of these cases, Windows built-in security tools with default settings are good enough to block these external attacks, you can use higher-rated 3rd-party tools and/or antiviruses depending on the case you have. 

http://www.pcantivirusreviews.com/Comparison/

To increase your system security, if you want, you can install Malwarebytes Anti-Malware as a precaution.

https://www.malwarebytes.org/antimalware/

Why we prefer third-party antiviruses?

There are some key points that most consumers prefer third-party antiviruses:

  1. Virus and Spyware Protection:

    Most of higher rated third-party antiviruses, as I saw, give you around 5% to 15% more virus detection capability than Windows Defender. If you want to play with hackers or visit unknown and dangerous websites, then you need higher rated antivirus and firewall to protect your computer. The thing that most of people do not.

  2. Virus Scan Speed

    Many of higher rated antiviruses scans for viruses faster than Windows Defender. However this is an advantage, but you will not do a full scan for viruses every day. There are situations that you need to scan a driver or full computer scan such as when you feel that your system not working properly and the quick scan did not solve the problem. Maybe, this happens once in several months and sometimes a quick-scan solves the problem, if your antivirus includes this option.

  3. Resource Usage

    Some antiviruses needs less system CPU and memory usage to protect your pc. Although, Windows Defender has good system resource usage, some third-party software give higher rating in some tests.

What are the advantages of Windows Defender and Windows security system?

If you want to choose between Windows built-in security and a third-party security software, take the following points into consideration that many people do not think about.

  1. Windows security tools including Windows Defender, Windows Firewall and Microsoft SmartScreen are fully integrated in Windows operating system and working in the background. You will not even feel that they exist in normal conditions.
  2. When you upgrade your Windows to a newer version or install an update of current version, Windows security services are updated as well. Many third-party antiviruses have some issues when you upgrade your Windows or, sometimes, when you apply some updates to current version, and some of them stop working completely.
  3. Quick-scan checks the places on your computer's hard disk that spyware is most likely to infect.
  4. Windows Defender has a feature called Real-Time Protection (RTP). RTP is running in the context of the logged-on user. It monitors the registry and file system on the computer by using agents that monitor auto-start extensibility points (ASEP). RTP continuously monitors your computer and scans everything you download or run on your PC.

Although, many other third-party systems have this feature (RTP) and/or quick-scan option, RTP in Windows Defender with the default scheduled quick-scan kills some advantages of other higher rated third-party antiviruses such as lower system resource usage, and higher scan speed. With the existence of RTP and scheduled quick-scan, you do not need full system scan and startup scan because the RTP and quick-scan do the job. Therefore, the higher rated “higher speed of full system scan” and “lower system resource usage” are no longer advantages of third-party antiviruses. This is because you do not need startup scan and full system scan anymore except in some situations, such as when you feel that you system is infected and quick scan did not solve the problem, you perform a custom or full system scan depending on the case you face.

Summary:

If you want to compare or read a comparison between Microsoft security system with other third-party security systems, such as Internet Security and Total Security tools, you have to consider Windows Defender along with Windows Firewall, Microsoft SmartScreen, Windows Update, and Windows Schedule Tasks all together to get accurate and reliable results.

Recommendations:

If you want to give a priority to higher security, then choose a higher-rated third-party security software. In the other hand, if you want to use your computer for your daily business and give the priority to higher over-all system performance and reliability with good security level, then the best choice for you is Windows built-ins security including Windows Defender, Windows Firewall and Microsoft SmartScreen.

If you are not on a public Wi-Fi, Windows Firewall does its job efficiently and you don't need to install a third party firewall. If you chose to use a third-party product and you are not on a public Wi-Fi and you do not need extra services included in the third-party security systems, it is enough to get an anti-virus rather than a complete security set. For example, use ESET NOD32 Antivirus instead of ESET SmartSecurity or Bitdefender Antivirus instead of Bitdefender Internet/Total Security. Moreover, these extra tools usually slow down the system.

In my personal opinion, I recommend to stay on Microsoft built-in security system for a while, and do not purchase any third-party product because, as I see, most of them (if not all) have issues on windows 10 and they are not fully stable on the newly released operating system. After a couple of weeks, maybe you will find more stable security systems in the market. Then you can decide whether you want to use one of them or stay on Windows built-in security system – the most stable security system.

If you decided to stay on Windows built-in systems, you can improve your system security by using some of additional free tools. When you feel your system is infected or attacked:

 

Discussion Info


Last updated December 10, 2018 Views 25,937 Applies to:

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

Alan,  I'm not certain how effective the encryption provided by those 3rd-party archive tools truly is, since I've never investigated them in a serious way.

As for password protection though, this is typically not as secure as most people believe, simply because most won't create a password long enough to insure true protection.  What most don't understand is that beyond complexity, it's mostly the length of the password that matters when someone has possession of the file, since password brute-force programs can operate at very high speeds when the program and file are on a local drive.

I don't recall exactly how quickly these could reach several characters in password length, but it was far faster than I'd have personally thought even a decade ago when computers only had dual cores at best.  Here's an article discussing this that includes a Bruteforce Attack Time Estimator, though this is an Excel Template containing macros, so use that at your own risk since I don't truly know the reputation of this particular website.

http://www.mandylionlabs.com/PRCCalc/BruteForceCalc.htm

As for encryption, this can also be broken in time, though that depends a lot on the specific encryption algorithms and key size.  If your purpose is to protect files from unskilled adversaries, this may not be important, but a skilled adversary simply needs time, tools and computing power to decrypt even the best encryption.  If the encryption can be unlocked using the password then this is the greatest risk, since unless this is long and reasonably complex beyond simple words, it can be brute-forced relatively quickly.

Here's a discussion at StackExchange about password protection of archive files, which also mentions some known methods for shortening the time to decrypt files with particular formats like Word, due to the fixed header information these contain and the fact that file length can still be determined within archives.

https://security.stackexchange.com/questions/18281/does-password-protecting-an-archived-file-actually-encrypt-it

Please note that I'm not stating that using these archive encryption features is pointless, only that you need to be fully aware of the cracking technology you're up against today.  Unless you truly understand the specific risks and compensate accordingly, most of these abilities are at best only going to slightly slow down a determined adversary.

Rob

Rob, thanks for the links and sound advice. I guess the vulnerabilities hold for a Windows password or PIN, the encryption apps in the Microsoft Store and BitLocker (assuming someone steals your computer). The encryption for WinRAR and 7-Zip is the same, AES-256, in use by the government and Microsoft. I get the impression few people assert it couldn't be broken given time and resources. If by 'truly is' you mean do those programs actually implement it, I've got no idea, but I think I'd get to drifting into 'Matrix Land' if I questioned everything, except (as everyone knows) the Apollo 11 mission was filmed in Nevada and the astronauts were out-of-work Hollywood stunt men.

On passwords I imagine people know the guidelines. Contrary to pass manager etc claims it's easy to create solid passwords unbreakable in a rough and ready way to someone without access to the Sunway TaihuLight. You're right to point out the pitfalls, but for most users there's a trade-off between security and functionality, and using a very long random pass increases the risk of losing data. The threat of 'brute force' attacks is documented, but I'm encrypting my e-mail login, not working for the Department of State. As you most likely know most pass checkers throw in the towel after about 20 random characters, but cryptography's a profession and by that standard the advice gets impractical for everyday purposes. On Windows 7 I memorized a 47-character random pass for the encrypted system drive which I had no problem using. I'd be skeptical if someone said it's easy to crack, but for sure someone always will. You've probably noticed IT security is heaven for the hobbyist or paranoid.

Obviously the most unwelcome scenario here is hacking, but the smarter security experts get at preventing it the more knowledgeable people who 'test' the prevention in their spare time become, since to a large extent we're talking about the same people. Security seems like a never-ending challenge, and like yourself I think I spent too much time worrying about it considering no sane person would want to go to much (or any) trouble to read my e-mail or get their hands on the $200 in my bank account.

As for 'Only purely random passwords, generated by special purpose generator tokens, drawing from the largest ASCII character sets available can keep a step ahead of these cracking programs.' (link 1) I think, OK, fellas, forget about the brute force, I'll give up my $200 rather than work out what it means or do it with my passwords every six months (probably every five minutes if you're Bruce Schneier).

Aside from encryption and password strength, once you add unsecured networks, broadcast SSID names, default router passwords, Bluetooth exploits, Trojans, keyloggers, clipboard capture, a computer like Fort Knox and an unprotected cellphone switched on all day I think I'd rather go with Brad's remark from August 2015 'if someone wants to hack in to your computer doesn't matter what you do, if they know what their doing they'll get in anyway.' rather than worry too much. I tend not to keep much on my hard drive for that reason.

On a positive note I decided to ditch WinRar. As we were mainly discussing uploading to OneDrive I found a German company (yes, WinRar is headquartered in Germany too), Secomba GmbH, who offer a free licence of an end-to-end on-the-fly-encryption program for one cloud account, so after factoring in https it's a step up from what I had. I understand your point was directed at encrypted files in transit rather than system integrity (for which there is Windows Defender and Malwarebytes), so if you foresee any more flaws it would be good to know.

Alan















Actually Alan, as one of the discussions I read about those archive password encryption schemes mentioned, a large part of the problem with these is that the original file lengths can be easily determined.  That problem is basically solved by entire disk encryption schemes, since the disk in effect looks like a single large encrypted file, even though it contains many smaller individual files.  So it's the workarounds that allow portions of the encryption protection to be bypassed that cause much of the problem.

As for Windows password security, I'd known that Windows 10 Hello and Credential Guard existed, but hadn't looked into even the Windows specific password issues in the past.  The first article I found gives an excellent overview with links near the end to the Hello and other potential mitigations, though I haven't read those yet and as I recall these typically require additional hardware features like TPM.

Cracking Windows 10 Account Password: Is it Still Possible? How to Prevent it?

As I mentioned, I'd never really looked into Windows password security specifically, so that article is revealing and worth understanding if you truly care about device security.  For most this will likely only affect devices that commonly leave the house like laptops, and even then only if they store truly critical personal data on them.

In general as both you and I stated in different ways above, all of this really depends upon the nature of the data you are protecting, as well as the likelihood of anyone caring to access that data.  Since most attacks against consumers today are Internet based, worrying excessively about device or encrypted stream/file attacks is likely pointless, except in terms of basic device security to avoid easy exposure.

Most device thefts today are only after the device itself, so any data theft is typically only as a result of making no attempt to password protect it at all.  The only reason that most businesses require device encryption to protect data is either compliance requirements or simply to avoid the negative publicity that an unencrypted lost device brings with it.

I made my earlier points only to ensure that if your data was critical, you truly understood the risks.  However, making a choice to move to a product that more seamlessly performs the encryption for you is a good decision in any case, since it's when managing the security manually becomes tiring and you skip that step that the most damaging breach always seems to occur.

That's why Microsoft now requires all new devices certified for Windows 10 to include support for things like TPM 2.0, though that's now possible in firmware rather than as a hardware module, since that allows for seamless use of both the Hello and encryption features for even future consumer devices.

So yes, the overall need for and management of security constantly advances, but Microsoft and other industry players have been moving more of that into the system itself, removing the need for most users to truly understand how it all actually works.

However, it's still valuable to have that understanding if you truly wish to be secure, since ignoring the fundamentals is why so many are successfully attacked by simple things like ransomware or even malware they've downloaded as part of supposedly "free" software.

Rob

I have used Russian antiviruses (kasperskey and Dr.Web) for my older windows pcs and the detection rate was considerably high apart from the functionalities that they provided.

Therefore, my question is why hasn't Microsoft windows provide the same functionalities for their windows defender and firewall which is inbuilt by default? how can the end user "see and verify with assurance" that his/her information is protected (including privacy)

Please note that I am not downloading any content  or software by doing research via various websites (legal) and am mostly search via google. (non-Microsoft)

Thank you 

Hello shekawanigaratne,

I don't know the answer, maybe because the question is based on the present lack of consensus about what is a good AV program, however I think it is worth bearing in mind that in supposedly impartial tests (e.g. AV Comparatives) rather than commercial ones, which are often paid for by the AV vendors, the actual amount by which any Microsoft program falls short is proportionately really quite small on average and sometimes it can be that certain features excluded from Windows Defender (such as system backup or a password manager) are what cause the difference (I realise you excluded functionalities, but they can make a big difference to the score, and even how user-friendly the GUI can make an irrelevant difference). Also, Microsoft programs are catching up quite fast.

I think Microsoft would say you can 'see and verify' just from the fact that Windows Defender is up-to-date and switched on. I don't think lower detection rates are the only key to evaluation, because of different attitudes to what is a malware problem and also the existence of many 'false positives'. Also, a lot of commercial products fail to detect what is blatantly malware. This can be checked easily, for example by viewing tests broadcast on YouTube.

Based on its reputation Kaspersky is obviously a very good program. I used it for three years myself and it functioned very well. I used Dr Web for four years prior to upgrading to Windows 10. In my opinion Dr Web Security Space is the best internet security program avaiable. It's not widely known only because the company refuse to participate in tests as they disagree with the criteria employed. It's a very good program, better even than Malwarebytes and Hitman Pro at detecting real-time threats based on my experience of using them. A quick look here: https://en.m.wikipedia.org/wiki/Comparison_of_antivirus_software shows how comprehensive the program is. A score of 19/19 shows they and Kaspersky are ahead in terms of features. Dr Web detection and protection rates are also second-to-none according to my use of the program. Dr Web Firewall is particularly good. Since you mention privacy, of note is that it lets nothing past which does not conform to its definitions.

On the other hand, so far I think Windows Defender performs well and has the advantage of being native to Windows and seemlessly integrated.

I'm sure you will get an official reply from Microsoft soon, as the spokesperson here is very efficient and helpful.

Regards,

Alan

@Alan

A lot has changed since this thread opened way back when in 2015 also when i originally responded to this. 

Ill keep it short. Antivirus companies protection levels move around month by month. Some Vendors will get some more variants of malware than others will. Generally speaking you will see a clear pastern of good antivirus vendors who continuously keep out malware.

Who has the best internet security software? well that depends on the month really. I keep my blog updated on what i think is the best.

As long as you select something in the top 5 and are competent at using your PC (not going to torrenting / adult sites and so on) you should be fine.

Always back up!!!!

Also i would like to note Microsoft's Windows Defender has improved significantly since i reviewed it in 2015. 

**Thread locked by the moderator since it has already run its course. The efforts of all of the contributors in this thread are very much appreciated. If you're having issues with any Microsoft products or services, feel free to use the 'Participate' menu to ask a question or just simply click the 'Ask a Question' button on the upper right corner of the page.**
❀ ℳitch ❀

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.