From a CNET response I wrote awhile back:
Is Windows Defender Good Enough?
I used to use Norton and we still have it at work, where most of the users are women in the 20-35 year old range with basic computer skills--they know how to use a browser, send email, do basic things with MS Word (e.g., they don't know that letterhead should not be a header ...)
At home, starting with Win 8.1 I have just used MS's built-in with no problems.
You need to understand MS's evolving view of its own anti-malware.
Any good anti-malware product has to hack deep into the operating system. Historically, anti-virus was a major source of revenue for companies like Norton and McAfee--back when they were basically the only major players in anti-virus.
Remember that Microsoft got sued by the Justice Department for basically putting Netscape out of business by making Internet Explorer a core part of Windows so it could not be removed. They also got hit by the European Union for bundling Windows Media Player, which hurt RealPlayer.
MS was known for "Embrace, Extend, Eliminate"--embrace someone else's new technology (Stacker with disk compression, Steve Gibson's defragger, Netscape's web browser ...). Extend Windows by adding the features most users of the new product actually use. Eliminate the company that came out with the new product by building the same idea into Windows--so people wouldn't buy that company's product. Make it harder to duplicate Windows functionality because now any potential competitor would have to include those features.
Back then, if MS had built in really effective anti-malware, they pretty much certainly would have been sued by the Justice Department, European Union, Symantec and McAfee for monopolistic, anti-competitive practices. (And, yes, I am an attorney.)
But with something like 10 (or more) major players nowadays, it would be hard for any companies to say "We got screwed because of what Microsoft did."
There's also another consideration. MS knows that most people obtain Windows by buying a new PC. Pretty much all new PC's include a bundled trial copy of Norton, McAfee, or some other major anti-virus. When the trial period runs out, most users don't buy a license. So when their PC does get infected ... who do they blame? %$#@ WINDOWS (&*^ ED UP!!!
So ... to protect its own reputation and to protect other users of its product who receive infected emails, etc., from the people who don't buy after the trial, MS started including really effective anti-malware, now that they don't have to worry about being sued for alleged anti-trust activities.
Another thing is that most people who get hit with malware don't report it to their anti-malware company. And now, the few who do are reporting to one out of something like 10 different companies. But all of those are running Windows. So if MS gets involved, the chances are much greater that the anti-malware company (MS) will actually get notice of new malware.
There are two scenarios where additional protection definitely should be used--"real dodos" who don't have a clue about computers, and folks who regularly visit sites "you know da*n well you really shouldn't be visiting!"