AV-Comparatives: Microsoft Defender has a large impact on system performance
Security research and testing company AV-Comparatives released the results of its April 2022 Performance test. The test analyzed the system performance impact of antivirus solutions on Windows devices.
The company ran a number of tests on a fully patched Windows 10 version 21H2 device. The device was powered by an Intel Core i3 processor, 4 Gigabytes of memory and Solid State Drive hard disks.
The tests included common operations and activities on the device, including file copying, archiving and extracting operations, the installation or uninstallation of applications, the browsing of sites, and launching applications. Additionally, the researchers ran benchmark tests in PC Mark 10 Professional to measure the system impact during real-world usage.
The ranking system awarded slow, mediocre, fast and very fast rating for each of the products in all test categories. The four ratings reveal how much better or worse a product did in comparison to the other tested programs.
Only one antivirus solution, K7, got the very fast rating in all test categories. ESET, G Data and Panda had a single "fast" rating while all others were considered "very fast".
Microsoft Defender did not perform well in the tests. It ranked second to last in the test, only Total Defense had a higher impact on system performance than Microsoft's product.
While Microsoft Defender did get several "very fast" ratings, in launching applications, browsing websites and downloading files, it received the worst score, "slow", in the first run file copying test. It performed better in subsequent runs, getting a "very fast" rating in that test category.
Microsoft's security product got a "mediocre" rating in the installing applications test, which it shared with Total Defense. All other products got "fast" or "very fast" ratings in the test.
Microsoft Defender placed second to last in the test. It did not perform well in two of the test categories and that resulted in it having a large impact on system performance while these specific tasks were performed on the test system. The benchmark test result places it in the middle of the tested applications.
Closing Words
Tests were run on a single low-powered system and results may differ on other systems. Faster systems may see less of a performance impact when these activities and operations are run. A comparison with other low-powered systems might have given a clearer picture of the performance impact.
Microsoft Defender did not do well in AV-Comparatives offline scanning capabilities test either.
Now You: which security software do you use on your devices?
Since these types of articles can provide information that may be useful in choosing an AV, I’d like to know 2 things:
1. Ok it scored low on performance (such as file copying), but the score doesn’t tell me much. It was slower by how much? Theoretically you could be last place in performance while being only 1 millisecond being others, which in real world usage doesn’t mean much (at least to me). I would have liked to se the raw data. How many (minutes, seconds, milliseconds?) slower was it for copying how many files, for starting a program, etc…
2. This is for a low end system. I would have liked to see the performance impact (if any) on a high end, or at least an average system.
I’ve come across countless articles and opinions in recent years saying that since “Defender is part of Windows, it’s automatically ultra-fast, super-light, the best you can get and ditch all else”.
These claims are usually made without any sort of serious testing. News flash: it might come with Windows, but it’s still a separate program with its own additional processes.
If these are poorly programmed and configured -which they are, contrary to popular opinion- they will slow any slowish system down.
Not saying it’s garbage (it has improved), but it’s very far from being “the best”. Being from Microsoft and part of the OS, means absolutely nothing. If anything, it makes your system an easier, far more popular target.
So, your suggestion is?
My first suggestions would be:
1. Whatever software you use, even more so for A/V, first read carefully their privacy policy, making sure how they interact with your system, files and activity.
2. Avoid A/V software that implements HTTPS filtering. Many do unfortunately, probably most.
3. If an A/V significantly impacts performance on a modern PC, avoid it.
If you want more specific software suggestions, I’ll have to do a thorough research again. It’s been a long time. Emsisoft remains a good candidate, even if a bit buggy at times.
From the AV comparitives site, “The tests were performed on a machine with an Intel Core i3 CPU, 4GB of RAM and SSD hard disks. We consider this machine configuration as “low-end”. The performance tests were done on a clean Windows 10 21H2 64-Bit system (English) and then with the installed consumer security software (with default settings). The tests were done with an active Internet connection to allow for the real-world impact of cloud services/features.”. So, they admitted that they consider the machine configuration as low end. Windows defender is a bit of a hog, yes. But, it does it’s job well. You do have options to exclude file types, processes, etc. I have set UAC to notify me with a password everything there is a new software install etc. That along with safe browsing practices and a light firewall like simplewall works great.
Windows Defender, from the beginning, when it was MSE, always scanned EVERYTHING on access. None of the others do this by default, for performance reasons, and is unnecessary. A common behavior is to not scan “known good files” from Windows, etc.
First thing I disable on my computers.
I use Windows 7 and Windows Defender.
The latest versions of Defender does slow down installing programs I downloaded from Internet.
I solve this problem by using the Nirsoft AlternateStreamView program to remove the NTFS stream that contain metadata like the url of the downloaded files, that Defender uses to know which files were downloaded and thus should be scanned.
The metadata of the url is also a privacy risk.
Next I use VirusTotal or metadefender.opswat.com to check if the program is infected with malware.
AV-Comparatives reports have been meaningless for at least a decade.
As a non-power user I am currently using AcrilicDNSProxy with some filters, Keyscramble and Kaspersky, Firefox is configured with uBlock and Arkenfox user.js. In the upcoming new installation of Windows 10 (not necessarily) I would have liked to avoid third-party antivirus and maybe try Simplewall and Microsoft Defender. Maybe I could disable the latter too by relying on periodic scans with Kaspersky ART\TDSS Killer, ESET Online Scanner or similar products.
I am not happy when I read the Privacy Policy of these products (among other things, where is that of Microsoft Defender which has also recently earned a couple of posts that are certainly not positive?).
lmao who still uses “antivirus” scamware in this day and age? security should never get in the way of performance and user freedom, otherwise it becomes a walled garden.
I’ll skydive without a parachute if I want to. I have the right to do so as often as I wish.
@pHROZEN gHOST
Good line. I have to remember this.
if you want security something that handles it is needed anyway. whether it is an antivirus or an alternative.
By far the fastest is no AV at all. So if you want speed, don’t use an AV. That was meant ot be sarcasm BTW.
Although speed is a consideration, there are many other factors to consider. Do some real research. Fast is not always best.
I find this report hard to believe. Avast, Avira look more like adware/spyware than anythig else.
I use ESET Internet Security along with Adguard.
On my web browsers, I use the Adguard Browser Assistant, LocalCDN, and Privacy Badger extensions.
I’ve been using ESET’s products for the past eighteen years, and I’m more than happy with it.
I installed Bitdefender Free and have noticed a big (positive) difference in performance over Windows Defender, it does use more RAM but less CPU and CPU spikes and launching programs is faster.
Windows Defender does its primary job very well, and I’ll happily continue to use it.
Which security software do I use on my devices? None.
System-wide, 6.5MB of daily updated blocklists (IPs and sites) managed by DNSCrypt-proxy (beyond its DNS encryption functionality). Windows’7 Defender has always been disabled. Windows Firewall, of course.
Browser : uBlock Origin, essential, plus several other filtering extensions. But I always keep in mind that connections are not only established from within the browser :=)
Never encountered a successful intrusion (and, if aborted, never heard about it, I see but logs of blocked or not connections) on the reference device, a PC running Windows 7 (SP1 of course) installed August 2013 (correct: that’ll be nine years).
Panda is one of my preferred AV. Thanks for the article! :]
That’s why on all my computers Defender is completely uninstalled and removed from the systems and replaced with a 3rd party antivirus that is less resource heavy, provides the same or better protection and it’s easier to control.
You managed to uninstall Windows Defender? Congratulations. I never made it any further than disabling it, and on Win7 moreover. Must be a hell of a work to uninstall the “thing” on Win10/11 …
just remove it from iso
how can we do that?
> Emsisoft Anti-malware
Proprietary. Boo.
> Comodo Firewall
Also proprietary! Boooooo!
But, then, if you’re willing to submit to a proprietary Operating System brought to you by a convicted monopoly, then you’ll fall for anything.
Do you know many effective open-source antimalware solutions?
Sandboxie-Plus counts, kind of.
I am running Emsisoft Anti-malware at the moment. Its not free, but not expensive, and I have been fairly happy with it. Feels fairly light on resources and I think it is decent on privacy.
I have also been using Comodo Firewall. It is free. Once you get the settings right it has been pretty handy spotting stuff that tries to connect to the Internet. I do not activate most of the features. You can choose what parts to use. I don’t trust MS firewall, but I have not tried any of the firewall control programs.
uBlock Origin is essential.
And I recommend running a pi-hole.
The subject is Microsoft Defender. Pi-hole is not Windows software. uBlock origin and Comodo Firewall are not alternatives.
@Anonymous: While you are correct that the Pi-Hole is not Windows software, I was responding to Martin’s good question: “Now You: which security software do you use on your devices?”.
@rafiii: Thanks for the reply. As for Asus-Merlin, I have experience with that, too. It is absolutely great and recommended. However; installing stuff to run on a router is much less “set-and-forget” than the Pi-hole, especially when you update the custom firmware. Nothing wrong with that, of course.
Its all about the context set by the heading.
AdGuard Home is better than Pi-Hole because he has DNS-over-HTTPS, DNS-over-TLS, safe search on search engines and you can run it on Asus-Merlin.
(laughing in Linux)
Ever notice that them there Linux posers never mention which one of the 85,393 and eleventy thirds of distros they run?
It’s like some one getting in on a gourmet discussion and announcing, “I use sauce.”
Linux?
You mean the PC Operating System that is so irrelevant for anyone so they don’t get many malware targeted at them because they are unimportant?
At least you show how clueless you are because there have been malware targeted at linux, there have been even Universities submit bad code to prove how there is not even a code review when they accept changes, plus we can also include the vulnerabilities in IOT and other devices that are Linux based.
In fact, running an antivirus or antimalware or whatever 24/7 in Windows is stupid, the article actually proves that because moving files and doing stuff like that get affected by software checking them to see if they are malicious like if magically the file will become malicious after being in a disk for 10 years.
New downloads are the problem and even then, it can be avoided, people can easily submit most files to websites like virustotal and see what it says, without having to have a software check all files when 9.9999999999999999999999999999% of files are not malicious of the existing files that anyone can have in a computer.
The malware is not even going to execute unless people execute it, so it is only the careless clueless people who run the program that is call ‘happy birthday.exe’ and then they get problems after that.
You talk about Linux like if it was this special OS, it is full of bugs and vulnerabilities, it is not compatible with most relevant software.
Linux doesn’t even have a proper out of the box Firewall, so you are pretty much giving all your data and information to whatever application runs in your beloved Linux.
The Linux firewall is so stupid, it can only do IPs…. there is only one firewall that can filter by apps, and it was forked because the original one was dropped, I mean, if you think is smart to let the OS give internet connection to any app, then whatever, but pretending Linux is this super amazing OS only because you are clueless about computing.
If Linux had 85% of marketshare and Windows had 1% what do you think would happen? the malware wouldn’t target Windows and probably windows would be the secured OS and I guess “laughing in Windows” would appear somewhere.
But even with 85% marketshare there is no reason why people who supposedly read these articles and now about technology would have a useless, full of false positives “security” software.
I mean, even processhacker 3 can do virustotal checking and even processhacker has 1 detection from whatever engine about not being ‘clean’, but ProcessHacker 3 can even check if processes running are malicious and I think process explorer also does.
I mean, you are totally clueless, because in the end the biggest problems people get today are phishing and fraud and stealing of credit card information not malware that can be avoided and will never run or be installed by itself, it has to be ran by the user AND have admin rights.
Phishing is careless people who think people are giving free money only because they exist on the internet and humans are greedy, similar to fraud, people can’t even check where they are submitting their information trying to get a nice super deal even if it doesn’t make sense.
And card information being stolen is a big problem because sometimes it happens even if you don’t use your info anywhere on the internet, that’s why some people sell some CC protectors but you never have to trust them 100%.
Anyway, maybe you should get educated and stop posting clownish stuff that it is obviously stupid and Linux people should stop pretending their OS is perfectly fine.
Windows is free because it can be gotten for free even today thanks to the win7 to win10 free upgrade, so the price doesn’t matter anymore, but I am sure your hours typing on a terminal to fix the simplest thing or having a slower windows apps because “I can run windows apps in Linux even if it is so slow and almost useless” or anything that you can’t see the reality why Windows was targeted with malware than any other OS, now I would say it is switching to be also android being targeted more because people on phones have less protections and ways to stop malware, at least Windows Defender is out of the box for the clueless something Android doesn’t but they are billions of android users who will be an easy target, not only from unofficial apps, but also even apps in google store have had malware or ways to steal people’s sensitive information, not the fake dumb sense of ‘privacy’ that some people have where they think the government is spying them but using some extensions and dns servers and vpns will stop them from doing it, I am talking about real information that will really affect people economy, like stealing their CC information and making payments of thousands of dollars in a place you never heard of.
Are you trolling? If not you clearly don’t know much about Linux, maybe you should look into it you might be surprised. Most of the internet is ran on Linux. 95% of the servers that run the world’s top 1 million domains are powered by Linux. Most routers/switches/iot devices/etc. run on linux. Linux runs on 100% of the world’s 500 supercomputers. 85% of smartphones are based on Linux. That hardly seems “irrelevant” to me. Pretty much everything you said in your post was wrong, maybe you should do some research.
Most, if not darn near all malware these days are installed by the user manually. This is true for both Linux, and Windows.
wow wall of text for being butthurt
I restored my system a few days ago and decided to rationalise the number of programs available. One decision based on a lot of positive articles was to allow Defender to run rather than install Kaspersky again (which seems to warn of conflict with other programs more frequently in recent times).
Despite having shutdown a lot of inessential background task my laptop ran comparatively warmer, which tends to conform AV-Comparitives results. Task Manager told most of the load was Defender. Other task were minor.
Yep, Defender is slow on installing new things or also executing new binaries (like just downloaded installer). Think it may be related to smart screen i.e. defender tires to get some additional info about file.
But in everyday usage.. can’t say it slows down anything