Microsoft Windows Defender review: An ideal (if unfriendly) business security solution

There's a saying that the best antivirus product is the one you actually have installed. That's the approach Microsoft has taken: its Defender security system is integrated into every installation of Windows 10 and 11, ensuring a baseline level of protection across the whole operating system.

Defender isn't just widespread - it's effective. Every Windows computer with an internet connection automatically downloads the latest signatures and recognition algorithms on a daily basis, meaning newly identified threats can be very quickly shut down.

And we can't argue with the results. In the most recent tests by AV-Comparatives.org, Defender successfully blocked 99.96% of malware samples; AV-Test.org reported that, during January and February 2022, the software scored a perfect 100% against both known threats and brand-new zero-day attacks.

Defender doesn't operate in a vacuum, however. It's one part of the wider Windows Security app, which includes ransomware protection, reputation-based assessment, firewall management and even parental controls, to prevent kids from inadvertently accessing dangerous or inappropriate content.

Perhaps because all of this is plumbed into Windows at a low level, it has very little effect on system performance. AV-Test.org found that Windows Security slowed down web performance by a mere 5% on a standard PC, compared to browsing with protection disabled. For comparison, Avast One Essential had a 17% impact, while AVG had a massive 28% penalty.

Windows Security also had a minimal impact on application launch speed, incurring a 6% slowdown while Avast and AVG both hit 12%. Defender does seem to scan applications more rigorously when they're first installed: here Windows Security was 14% slower, compared to 9% for Avast and 16% for Avira Free. That's a smart way of doing things, though, since you might launch an application every day, but you're only going to install it once.

Our biggest issue with Microsoft Defender is to do with usability. The whole Windows Security app is a mess, with nine different pages of buttons and links to hunt through. Everyday functions rub shoulders with obscure technical features such as CPU extensions, and ransomware protection is bafflingly turned off by default. That might be to protect users from its impenetrable interface though, which requires you to dig deep into the advanced security settings to approve applications.

Then again, that might not matter - because one of the biggest benefits of Windows Security is that business users don't need to manage it for themselves. Using either group policies or Windows Intune, organisations can control every aspect of user security, ensuring protections are enabled, current and appropriate for the needs of the business and the individual.

That might not appeal to small businesses wanting to minimise their management commitment. In some scenarios, it will make more sense for staff to use a free consumer-grade antivirus solution. In a larger organisation, however, the benefits of central administration will surely outweigh any individual security features: for them, the best antivirus really is the one that's already installed.