Comparing Windows Defender in Windows 8 vs. third-party malware tools

Microsoft has strengthened Windows Defender for Windows 8, but IT may find third-party anti-malware products more useful than Windows 8 Defender.

Windows 8 is more secure out of the box than any Microsoft operating system before it, in part because of Windows Defender, an anti-malware program built into Windows 8 and enabled by default. Windows 8 Defender protects against viruses, Trojan horses, worms and other attacks, similar to the way that third-party products, such as those offered by Avast, ESET, Bitdefender and McAfee protect against malware. But does Windows Defender provide the same level of protection as these other products?

Because Windows Defender is integrated into Windows 8, it cannot be uninstalled. However, users can disable Windows 8 Defender and install their own anti-malware programs, as can OEMs intent on shipping Windows 8 computers with a security app, often a trial version. Yet even when a user starts out with Windows Defender, Windows 8 will disable the program if and when another security application is installed. Only when Windows 8 senses that the computer is not protected does Windows Defender kick in.

But users should be aware that the Windows Defender that ships with Windows 8 is not the same Windows Defender available to previous Windows versions. The original Windows Defender is an anti-spyware app users can download for free. Windows 8 Defender is essentially a rebranding of Microsoft Security Essentials (MSE), an antivirus program also available for free for earlier Windows versions.

In fact, the Windows Defender in Windows 8 looks a lot like the old MSE and uses the same anti-malware engine as in MSE. You can think of Windows Defender in Windows 8 as a composite of the original Windows Defender and MES, neither of which will run on Windows 8.

Windows Defender on the desktop

Most would agree that a Windows 8 computer running Windows Defender is better than a computer running no security software at all. The OS already has other built-in security features, such as Early Launch Anti-Malware (ELAM) and the Unified Extendible Firmware Interface (UEFI).

Yet Windows Defender is not a full-featured security application like those from Norton and Symantec. In Windows Defender, you cannot, for example, configure the frequency of definition updates, and you don't have the granular control and task-scheduling capabilities found in third-party products. More importantly, Windows 8 Defender does not offer the same level of protection as many of these other products.

In 2012, Bitdefender ran a series of tests against Windows 8 to determine its effectiveness in protecting against malware. The security vendor staged 385 types of malware attacks against the OS. Most of those attacks were Trojan horses, but they also included worms, file infectors and rootkit viruses.

Without Windows Defender enabled or other protection installed, 244 of the staged attacks succeeded. When Windows Defender was enabled, only 61 of those attacks -- about 15% -- were successful. An improvement, certainly, but a significant number got through nonetheless.

Pitting Windows Defender against other products

As meaningful as these findings are, we can't forget that Bitdefender has little to gain by seeing Windows Defender succeed, given that Windows Defender competes directly with Bitdefender's own anti-malware products. Yet Bitdefender's test results seem to have hit pretty close to the mark.

Earlier this year, AV-Test, an independent IT security analysis lab in Germany, evaluated 26 anti-malware products running on Windows 8. The lab used Windows Defender as the baseline and rated each product according to the following three categories:

  • Protection: How well the product protects against widespread and prevalent malware discovered in the past four weeks, as well as against zero-day attacks -- those that exploit previously unknown vulnerabilities.
  • Performance: The product's effect on a computer's speed and daily usage when the user is visiting websites, copying data and downloading, installing or running software.
  • Usability: The product's impact on the computer's usability, particularly with regard to false warnings.

Of the 26 products included in the tests, Windows Defender scored the lowest in the protection category, earning a score of 2.0 out of a possible 6.0. The only other product to score that low was AhnLab's V3 Internet Security 8.0.

Yet it wasn't Windows Defender's ability to protect against widespread malware that was at fault. In that area, the product lagged only slightly behind the industry standard. Where Windows Defender fell flattest was in its ability to protect against zero-day attacks, missing over 18% of them.

More on Windows 8 security

Q&A: Microsoft exec discusses Windows 8.1 updates and security

Microsoft tightens security in Windows 8, but vulnerabilities persist

Using whitelisting to bolster Windows 8 malware protection

Ask these questions to improve desktop security

Desktop security reviews must account for Windows 8

Windows Defender did manage a better showing in the performance category, scoring 3.5 out of the 6.0. And in the usability category, Windows Defender scored a whopping 6.0, giving the product a total rating of 11.5 out of a possible 18.0.

Compare that with Bitdefender's Internet Security 2013, which came in at 17.0, and BullGuard's Internet Security 13.0, which scored 16.5, and you can see that Windows Defender does not provide the fullest protection possible. The Bitdefender and BullGuard products both scored a perfect 6.0 on protection.

Other third-party products also outpaced Windows Defender, with Symantec's coming in at 15.5, Avast's at 15.0 and ESET's at 14.5. The only third-party products that Windows Defender beat out were those from AhnLab and Comodo, each of which scored only a 10.0.

Windows 8 Defender in the enterprise

Windows Defender is primarily a consumer-oriented security tool, not an enterprise solution. It lacks the centralized management capabilities found in such products as Kaspersky's Endpoint Security 10.1 and F-Secure's Client Security 10.0. For example, in Windows Defender, you cannot set alerts about neutralized malware or generate reports about individual machines.

Windows Defender is targeted mainly at users who are unable or unwilling to purchase a commercial product and prefer not to mess with one of the free products available online. Even enterprises could be tempted to stick with Windows Defender because of its hassle-free management and low price tag.

Although Windows Defender does provide a basic level of protection, it could lull users and enterprises into a false sense of security, putting their desktops -- and the networks that link them -- at greater risk. Building anti-malware capabilities into the operating system might seem like a good idea, but sensitive resources could be vulnerable. Sure, Windows 8 Defender is better than nothing. But is that good enough?

Dig Deeper on Windows 8 and 8.1