Follow ZDNET: Add us as a preferred source on Google.
ZDNET's key takeaways
Microsoft Defender Antivirus is 99% effective at blocking threats.
Data suggests most infections are due to user behavior.
Businesses need specialized endpoint security software.
Last April, someone at Microsoft published a document on the Windows Learning Center that made a thoroughly uncontroversial claim: "For many Windows 11 users, Microsoft Defender Antivirus covers everyday risk without requiring additional software. The choice to add third‑party antivirus depends on how you use your PC and which features you value."
The article drove a flurry of coverage from tech blogs, but the hullabaloo died down in a few days.
Also: How to get free Windows 10 security patches until October 2027 - and avoid the $30 fee
And then, a month or so later, the article disappeared in a puff of virtual smoke. It vanished without a trace, a note, or an explanation, with the former link redirecting to the Windows Learning Center home page.
Fortunately, Microsoft couldn't scrub the page from the Internet Archive, which still has a mirror of the original content.
As far as I can tell, Microsoft has never publicly addressed the reasons why the post was removed. (I've asked the company for comment and will update this post if I hear back.) If I had to guess, I would suspect howls of protest and accompanying threats of antitrust complaints from the third-party security industry had something to do with it.
How big is the consumer security software market? A pricey and proprietary Security Products Tracker from IDC reportedly pegged "endpoint security revenues" at $21.6 billion, "divided between the Modern Endpoint and Consumer Digital Life Protection secondary markets." That's a lot of market to defend.
Also: How to upgrade your 'incompatible' Windows 10 PC to Windows 11 - for free
But the debate raises a legitimate question: Is Microsoft Defender, in combination with the rest of the security tools in Windows 11, good enough for most consumers and small businesses? Is there still a case to be made for third-party software?
The answers, I think, are yes and yes.
How likely are you to get infected?
The trouble with researching security software is that there are few truly independent, reliable sources of information. Some of the larger players, including CrowdStrike, Palo Alto Networks, Cisco's Talos division, Mandiant (now part of Google), and Microsoft, release thorough reports on the threat landscape that mainly focus on securing enterprise networks.
Those reports often take a cursory swipe at the state of unmanaged devices, but that's not their main focus.
The companies that sell consumer-facing security software are, naturally, more interested in demonstrating how scary the online universe is and how you are continually being targeted.
Also: A crucial Windows security certificate just expired - how to check your PC
But there is some data available. One fascinating data point from the 2025 Cybersecurity Threat Report by OpenText Cybersecurity found that the infection rate for consumer PCs in 2023-2024 was 3.07%, compared to 2.39% for business PCs.
Both of those numbers seem reassuringly low. A few other notes from that report jumped out at me: "Of all the consumer endpoints encountering an infection in 2024, 56% saw an additional infection over the course of the year."
The report's authors didn't speculate on the reasons for that rate, but they did note that 37.6% of malware detected on consumer PCs was "hiding in the Downloads folder." How did it get there? I hypothesise that those infections have more to do with user behavior, such as downloading pirated apps, clicking on dangerous links, and failing to install updates, than with the quality of underlying security software.
How good is 'good enough'?
When I looked at this topic two years ago, I found an interesting survey by Security.org with some seemingly credible numbers about the US market. That survey found that roughly 54% of Americans use the default protection that comes with their device, while 46% use third-party antivirus (AV) programs. And only half of those who replace Microsoft Defender do so with paid products, with Norton and McAfee collectively accounting for the majority of those paying customers.
Also: This free Windows tool shows why my PC is slowing down (and it beats Task Manager)
Most modern AV products score 99% or higher on real-world benchmarks, and Microsoft Defender is right there with its third-party competitors. The most recent results from the AV-Comparatives Real World Protection Test, covering the period from February through May 2026, gave Microsoft Defender a 99.0% protection rate. Defender was the only product they tested with no false positives.
That's been the case for a long time. In a recent blog post, the independent testing group noted: "AV-Comparatives has tested Microsoft Defender as a regular participant in the Consumer Main Test Series since 2007. The results show a product that has matured into a credible modern security solution."
For the straightforward task of detecting potentially dangerous software and stopping it from executing, Defender passes the "good enough" test for consumers.
In fact, the marketing from competitors like Norton and McAfee reflects that reality, as they now tout their products as all-in-one protection suites, with identity protection, privacy controls, scam detectors, and VPN capabilities.
If you find those features valuable, then maybe they're worth considering. But the antivirus portion is no longer the differentiating factor.
Where do the threats come from?
As I noted in that earlier post, the default security on every platform, desktop and mobile, is now good enough. On Windows, there are multiple layers of protection at work:
Automatic updates protect against newly discovered vulnerabilities. Your modern email client blocks any kind of executable file attachment, including script-based files. Network firewalls have come a long way since (checks calendar) 2002.
On average, a modern antivirus app blocks 99.2% of the very few incoming threats that get past the other layers of protection. And even then, your own instincts ("Don't click that link!") are also effective. This is why the modern, fully patched consumer PC isn't really a target of the criminal gangs responsible for modern malware.
The result, as the OpenText report made clear, is a world in which 97% of PCs don't experience malware infections. And among the unlucky 3%, better training is probably more important than better software.
What about businesses?
That conclusion absolutely does not apply to businesses, especially multinational corporations. Most attacks against businesses are launched by sophisticated criminal gangs, using vulnerabilities more likely to be in third-party software than in the OS itself.
Also: Microsoft patches record 198 Windows bugs in June update - and 3 are zero days
Administrators managing enterprise networks are not buying off-the-shelf antivirus apps and installing them on PCs. They're typically deploying endpoint security products that integrate into a broader security system, where those admins manage everything from a unified dashboard that continuously monitors those endpoints. While endpoint security products scan for malicious files and processes, of course, they do much more, including detecting and investigating threats, automating incident responses, and remediating damage when prevention fails.
If you're still paying for antivirus protection on your home PC, it might be time to let that subscription expire. But if your IT department at work says they want you to install an endpoint monitoring app, take them at their word.
View original source — ZDNet ↗



