I guess that's a fair question, as it does seem to suffice for most people. I have a few reasons:
* Extensive use of Chinese sites, which are quite a mess. I think the risks of visiting that part of the Internet are much greater than someone engaged in more typical usage.
* Features like firewall are useful for things other than protecting against direct hacks, and I use it to ensure privacy and occasionally even to simulate failures when testing my code. I think that Defender has such a thing, but less sophisticated?
* Probably just being more paranoid than most, having lived through an era when less protection was available, and having to un-hack family members.
ETA: also, it's good to have a different sort of protection when the majority is all homogeneous. Windows Defender is the obvious high-value target for hackers. Same kind of weakness and monoculture.
I'm in the space and it's actually pretty rare to see a real 3rd party host-based firewall. Most AV products that have firewall really just offer a different control surface for the built-in windows firewall or iptables.
* Extensive use of Chinese sites, which are quite a mess. I think the risks of visiting that part of the Internet are much greater than someone engaged in more typical usage.
* Features like firewall are useful for things other than protecting against direct hacks, and I use it to ensure privacy and occasionally even to simulate failures when testing my code. I think that Defender has such a thing, but less sophisticated?
* Probably just being more paranoid than most, having lived through an era when less protection was available, and having to un-hack family members.
ETA: also, it's good to have a different sort of protection when the majority is all homogeneous. Windows Defender is the obvious high-value target for hackers. Same kind of weakness and monoculture.