If I were to do the same analysis, I would fall on the same conclusion but with a different angle.

I think we must analyse if something is good or secure by starting from our threat model. The threat model is the idea to look at what you have and who could be interested to this. For most people, the answer is “passwords" and “low level malicious actors that don’t target you specifically, but rather shoot for the mass". If you’re the president of the United States, the answer would be “a lot of things, including the atomic weapon" and “a lot of highly skilled malicious actors that could put millions of dollars to get access to this".

The idea is that the degree of effort you should put in securing yourself varies depending on your threat model.

So for most people, Windows Defender is more than enough. End of the discussion.

Of course, we can talk about different alternatives, for the fun of it. I won’t.

But if you have spare time to secure yourself, I wouldn’t spend it on choosing an anti-virus. I would rather make sure I have a good password manager and never reuse passwords, I would enable MFA everywhere I can, I would add my email to the mailing list of “have i been pwned”, I would make sure I have a robust backup strategy, I would make sure I update regularly all the software I use (that includes Windows) and to uninstall the ones I don’t and I would enable bitlocker on my computer (after making sure my backup strategy is working!).