r/microsoft u/JoeS830 15h ago

How safe is Microsoft Defender? Discussion

I recently installed MS Defender (honestly by accident trying to fix Windows Security on the Surface Pro X) and it looks like it has some worthwhile aspects, like breach notification.

There was one aspect that gave me pause though. The entirity of the text under "How do we protect your data" on Microsoft's own service description states "When you add a piece of information to be monitored, we securely transmit that info to Experian." That's it.

I don't particularly trust Experian to safeguard my *all* my data, so now I'm curious which pieces of information are sent to Experian, and whether that itself introduces risk.

2 Upvotes
  • permalink
  • link
  • reddit
  • reddit

63% Upvoted

14 comments sorted by

2

u/repostit_ 10h ago

Experian is the better of the 3 credit bureaus and has everyone's sensitive info already. This should be fine.

1

u/JoeS830 2h ago

Thanks, I'm just curious how much infor Experian gets. MS Defender also monitors passwords for breaches which typically is done safely (like sending only a verifiable hash) and it's not something Experian would normally have any involvement in. I'm curious if MS Defender would send *any* extra unencrypted info to Experian, like browser history to make sure that people were indeed on some merchant's site before a purchase happened etc. I'm hoping someone here knows more, because as I quote in the OP, the description on the MS website is not particularly detailed.

1

u/repostit_ 1h ago

I believe they monitor email, name, address, SSN etc. info from data breaches. There are lot of other companies do that as well including Google, https://haveibeenpwned.com/ etc.

1

u/JoeS830 44m ago

The password breach checks I’m reasonably comfortable with, I’ve been using hibpawned for a long time. I see users mention that they input their debit and credit card info in the app, which I would be less comfortable with. I’m just curious about exactly who monitors what, and how secure those channels are. 

3

u/chaosphere_mk 10h ago

What do you mean you "installed it"? It's built into the Windows operating system.

3

u/CodenameFlux 5h ago

No. Microsoft Defender Antivirus is built into Windows. Microsoft Defender is a different product.

It's like how .NET Framework and .NET are different products. Or how Outlook, Outlook, Outlook, and Outlook Express are different products.

0

u/chaosphere_mk 2h ago

That link sends me to Microsoft Defender antivirus. For android, ios, and windows. If you click the windows tab, it says right there it's built into the OS.

1

u/ThePoliticalPenguin 33m ago

From the link:

"Important: This article is about the Microsoft Defender app that is included with Microsoft 365 Family or Personal subscriptions. If you're looking for information about the Microsoft Defender Antivirus that is built into Windows, see Stay protected with Windows Security."

More info here.

1

u/chaosphere_mk 12m ago

It's the Defender for Endpoint client. It's the same client across all platforms whether it's M365 enterprise or personal/family.

They all use the same client. For windows, built in Defender AV. For android and iOS It's the Defender app.

2

u/JoeS830 3h ago

I *think* what used to be WIndows Defender is now "Windows Security". The new(ish) Microsoft Defender is some new multi-platform security suite with password breach monitoring and identity theft monitoring.

1

u/Hifilistener 10h ago

I mean it's going to Experian. If you don't trust it, don't use that feature.

I occasionally use the VPN on public wifi.

1

u/JoeS830 2h ago

Makes sense, I kind of like the identity protection features, but only if it doesn't send Experian a bundle of data that they're eventually going to leak, sell, or lose in a breach. I'm kind of surprised that there's not more of a privacy T&C available, or maybe it's governed by the Office 365 terms.