Why Microsoft Defender Antivirus Is Worth Another Look


Even in 2021, the epic antivirus battles continue! And among one of the leading contenders is (yes I’m saying it): Microsoft Defender Antivirus.

Annie Ballew, Title
Author: Annie Ballew of Huntress

Let’s dive into why Microsoft Defender Antivirus is worth another look — and why you should seriously consider including it in your stack.

“Free” Doesn’t Mean “Worse”

The idea of “free” or “low priced” often has an implication of cheap or low quality. Admittedly, I’ve used “buy nice or buy twice” as a justification for my spendy shopping habits.

But when it comes to Microsoft Defender Antivirus, this is simply not the case. What Microsoft has done is take the next-gen antivirus component of a fully featured endpoint offering and opened it up to anyone who has Windows. And it’s actually darn good.

Don’t just take my word for it. These reviews from actual users show how much the conversation around Defender Antivirus has vastly changed from just a few years ago. And a simple search for video reviews shows how many are starting to rethink Microsoft Defender as a viable option, given how Microsoft has demonstrably advanced their free security offering.

Even third-party tests show positive results for Managed Defender Antivirus. The latest report from AV-TEST in October 2020 gave Microsoft Defender Antivirus their highest scores (6.0) across the board for Protection, Performance, and Usability.

AV test

Results from AV-TEST for Microsoft Defender Antivirus — Oct 2020

But Is It the Best Option?

It’s hard to argue that any AV solution is “the best.” All preventive solutions will have good days and bad days — the only absolute is that 100% prevention can never be assumed. This is the very reason Huntress exists; we detect malicious activity that has bypassed these preventive defenses. And we see this happen every day.

There are even those who take it as far as to advocate getting rid of third-party antivirus all together — with examples where antivirus creates more problems than it actually solves. For these folks, Microsoft Defender Antivirus by itself is a solid option given where it sits in the underlying OS without introducing additional layers that can be potentially exploited.

The reality is, basic antivirus has become a commodity and is simply tablestakes for endpoint security; it should never be seen as a single silver bullet. We all know this and there are thousands of examples where it has been bypassed time and time again. Think about this way: if antivirus was fundamentally such a great solution to the cybersecurity problem, then we wouldn’t have so many additional cybersecurity options to choose from.

The Case For Microsoft Defender Antivirus

Here’s a question for you: How much more are you willing to pay for additional efficacy in your AV solution? If you answered little to none, you’re in the majority here.

Typically, the two biggest obstacles preventing people from adopting good security practices are money and effort. Good-quality, free security tools exist if you can harness their value — and Microsoft Defender is a perfect example. I’m here to tell you that Microsoft Defender is a solid antivirus tool that can help keep you and your customers safe at that endpoint layer — and you already have it.

We’ve known for a long time that the best security is layered security. Would you rather double down and pay extra for a slightly better antivirus solution, or maximize value out of what you already have in order to protect at other security layers?

While you think about that, here are some other points to consider.

Microsoft has an enormous footprint

Microsoft is everywhere. They are prolific on the endpoint, in the data center, in the cloud — they are tightly wound within everything we see and do.

Back in 2019, they reported visibility into 5 billion threats every month while scanning 1.2 billion devices. They have tremendous visibility into what is happening at every end of the spectrum — and they use this to power their intelligence for their security tools. It’s hard not to ignore the sheer magnitude of what Microsoft has visibility into and how they can harness that visibility into better security intelligence.

Microsoft has committed to a more secure digital world

Let’s be honest, there are countless decisions that Microsoft makes that make us all want to tear out our hair (things like confusing licensing or constant product name changes come to mind). But if we practice a little positive intent, the reality is that Microsoft is putting their money where their mouth is and making big investments into building a more secure world.

In 2017, they called for a “Digital Geneva Convention” saying:

Microsoft, like companies across the tech sector, is aggressively taking new steps to better protect and defend customers, including from nation-state attacks. This includes new security features at every level of the technology stack, reflecting the $1 billion that we’re spending annually in the security field.

Say what you will about this being a PR tactic to gain good will. The fact is that they decided to make their way-better-than-okay antivirus engine open and available for any Windows user.

Everyone has the right to feel secure — even in a digital world; Microsoft certainly seems to agree.

But Is There A Catch?

Of course! Principles of economics teach us that “there ain’t no such thing as a free lunch (TANSTAAFL).” The biggest major drawback to Microsoft Defender Antivirus is it lacks centralized management and visibility.

If you’re a partner or a business that needs that centralized management or visibility, then you can shell out for their paid higher end offering. Or you can try to take it on yourself by managing it through Windows system tools such as GPO, WMI, or PowerShell — not the easiest way to do things and requires a fairly sophisticated level of expertise to do right. This alone (not to mention security incident support) is enough to turn most IT administrators away from even considering Microsoft Defender Antivirus as a viable option for NGAV, and we wouldn’t blame you if it turned you away too.

But if it’s already there (and it’s actually pretty decent), can you really just ignore it?

Annie Ballew is technical marketer, security maven and product marketing manager at Huntress. Read more Huntress guest blogs here.