Windows Defender Whacked

Discussion in 'other anti-virus software' started by Frank the Perv, Apr 5, 2015.

Thread Status:
Not open for further replies.
  1. Frank the Perv

    Frank the Perv Banned

    Joined:
    Dec 16, 2005
    Posts:
    882
    Location:
    Virginia, USA
    Earned a DISMAL rating at PCWorld.

    • CONS Very poor aggregate score from independent labs. Poor score in our hands-on malware blocking test. Dismal score against downloads from malware-hosting URLs. So-so phishing protection (supplied by Internet Explorer).
    • BOTTOM LINE
      Windows Defender tries to protect your Windows 8 or 8.1 installation if you don't have third-party antivirus installed. Testing reveals that you'll be much, much better off installing almost any other free antivirus utility.
    http://www.pcmag.com/article2/0,2817,1926596,00.asp


    Hopefully this debate is over. There are other better free options.

    In the free realm, I recommend looking at Avast, Bit, Panda & Avira. I do not recommend dirty Qihoo nor Ad-Aware.


    -Frank


    Edit: Got a PM asking me about Avira. I forgot about Avira. Adding Avira.
     
    Last edited: Apr 5, 2015
  2. taleblou

    taleblou Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    1,349
    well my own tests show different to the contrary. It did very well against my pack of 313 malwares. Even better then malwarebyte in detection which was shocking to me. For me it did good in windows 8.1
     
  3. entropism

    entropism Registered Member

    Joined:
    Dec 9, 2004
    Posts:
    500
    I'm sorry, I just don't understand this. Every independent lab shows it to be HORRID at detecting malware. Microsoft themselves came out and said "Please don't use this, as it's not very good protection", and yet people say "Well, my personal tests show it did well".

    If I buy a car, and the salesman says it has 300hp, the manufacturer specs say it has 300hp, the dynometer says it has 300hp, I'm not going to sit there and say "Well, it FEELS like it's 500hp, so it must have 500hp".
     
  4. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,418
    Location:
    Slovakia
    WD, just like MRT, is designed to protect Windows against the most common malware, so it really depends, what kind of samples you have used.
    WD was introduced, because majority of people just did not bother to install any AV, so it is there to provide a basic protection.

    http://www.microsoft.com/security/pc-security/malware-families.aspx

    Indeed, I find it odd. People ussually respond, my PC is clean, WD never found anything, well duh. :isay:
     
    Last edited: Apr 6, 2015
  5. Disclaimer: when all forum members seem to agree, I like to put on my red nose and disagree for arguments sake and discussion fun (so you might well read in other posts that I would never use/advise MSE)

    Faulted real world tests
    All anti-virus testing companies brag about real world tests. All those so called real world tests are statically faulted. To predict something about the real world protection, you should be able to tell something about the real world prevalence. Since the testing companies know nothing how often a specific malware exists in the wild, they simply lack the (big) data for it.

    Let me give an example:
    When an AV is tested against 150 zero day infections and say 15000 prevalent samples and it scores only 60% on both. Does it provide better protection than a antivirus which scores 95% in both? The answer that depends: when the 5% the second AV misses occurs in the wild 5 million times and the 40% the first AV misses occurs in the wild 50.000 times. Fair chance the lousy AV with a score of only 60% in a non-weighted prevalence test, provides better protection in real world conditions.

    Big data champions
    Candidates with enough data trafficking through their touch points (order by numbers and usage spread in the world):
    1. AV Companies with search engines with millions of users like Microsoft & Google & Baidu
    2. Large business network/DNS protection companies with AV like Norton and Sophos (also alliance with search engine Yandex)
    3. Large AV companies like Bitdefender and Avast (and Kapersky teaming up with Yandex).

    Because those companies have the highest chance of noticing something irreguar going through their touch points, they have statistically the highest chance of finding new variants and zero-day infections.

    MSE is not designed to be a touch point vehicle for Microsoct Malicious Software Removal Tool, so it will provide lousy protection at samples found in the wild within th elast four weeks: just compare AV-test of MSE (< zero day and < 4 week is above 75%) and set this against zoo-test AV-comparatives (file detection protection of MSE is above 90%).

    Best free solutions:
    Avast free has the highest number of touch points of the full package free AV's: when they get their act together, they have a numbers game advantage over the rest of the free solutions (Bitdefender free does not even has ASLR enabled and is just the AV-engine, so lacks all features of a modern AV, I would choose Panda over BD when wanting a free cloud solution). MSE needs a mate like MalwareBytes Anti-malware to cover the designed hole in their defense schem (< 4 week old malware is MBAM's focus), so MSE disqualifies itself as a free solution.

    Best paid solutions:
    Bitdefender, Sophos, Norton, Kapersky, Avast have numbers game advantage over the rest (HitmanPro in the router using Bitdefender and Kapersky might also be a viable and cost effective alternative)


    Please disagree and feel free to bash the above :D

    Regards Kees
     
    Last edited by a moderator: Apr 6, 2015
  6. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    I suppose it all depends on how the majority of people are defined. I find it hard to believe that most people don't run an AV. Especially as most ISP's offer an AV as part of their packages these days and even when they don't there are freeware alternatives. I'm not saying you're wrong with this asseveration, I just find it difficult to understand how anyone, let alone the majority, would surf without any kind of anti virus protection whatsoever.
     
  7. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,418
    Location:
    Slovakia
    That is actually the part of the problem, they offer paid AVs or trial versions, that people do not want to pay for. So they uninstall it and end up with nothing. You also assume, that people know about free AVs, well they do not, nor they believe in their quality, they are quite surprised to find out. What is the worst, they actually fall for fake AVs and similar products, when presented with typical ADs saying, that their PC is infected, so they end up replacing a working AV with a junk.
    I do not, even my friend does not and he knows nothing about security, and he has no problems with malware. AVs just slows down PCs and cause many problems.
     
  8. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    What I see quite often, is that people are using a paid antivirus with an expired subscription, so they are not receiving and definition or product updates, leaving them very vulnerable.
     
  9. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    Well, I can only really speak for my own ISP, which offers McAfee free to most customers, it is not a trial version. Although it is not included in the most basic ISP package. I don't use McAfee myself now though as I have recently changed to Panda after using MSE for a few years. I got McAfee free for a while but it was too heavy for my old underpowered notebook.

    It wasn't a particularly bad AV IIRC though, compared to the previous one, also provided by my ISP for me. I tend to agree with you that a great many people are totally unaware of the availability of good freeware AV'S. The same people will download a freeware browser like Chrome with no qualms yet baulk at the idea of the efficacy of freeware antivirus programs.

    My real problem with Microsoft over the MSE/Defender issue is that after releasing a very good freeware product they have failed to maintain its potency. Whether this is due to anti-competitive legislation or otherwise, I don't know.

    This is why my laptops run Linux and my desktop Win 7 box has a bit of speed and power. I learned my lesson lol. ;)
     
  10. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    Ignorance and/or complacency. People don't know how to get to that free AV from their service provider. Or how to install it when they do. I deal with customers all of the time that download a file from a website and think that it is installed because they downloaded it. Don't overestimate the "average" computer user.
     
  11. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    Yes, I fear you are correct about this. I often forget that I've learned a little bit over the past several years and that I now tend to take that knowledge relatively for granted. Much of what I've learnt has actually been on this forum. Although my knowledge of computers is still pretty basic, I think I have a fairly decent grasp of basic security precautions (on Windows at least). I keep forgetting about some of my relatives and how often I have to look at their computers for them.
     
  12. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220

    Coming from our MSP, I can tell you MSE/Defender is no better than useless. I've been saying this for the last year, and it's based on real live telemetry. Hopefully this kool aid won't be used anymore.
     
  13. taleblou

    taleblou Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    1,349
    well I have been using it on one of my systems (MSE for windows 8.1) and together with windows 8.1 protection it has blocked every malware i through at it. Some it picked up right away and some were picked up later as the popup windows showed. I give you an example. In one of my tests I scan some 313 malwares of less then 24 hours old with windows 8.1 defender(MSE) and it detected 97 of the malwares and removed. then I left it and saw that it was keep picking up other malwares and the numbers in the malware pack folder was dropping. So I left it for an hour and when checked backed the number of detected malwares from the initial scan detection of 97 had gone 150 detection. So I did not wait more to see how much more it will detect and stopped the test there.

    So I thing it has cloud detection maybe? Since it was picking up malwares samples after its on-demand scanner could not detect anymore. That is why on MSE (atleast the windows 8.1 version) seems to be different then the MSE for other versions.

    Now with these testing companies, I wonder if they leave their pcs over night to see how much is being detected by MSE or they cut internet and test?

    You can test this for your-self too.
     
  14. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    So MSE works, but through some mythical process we need to 'wait' and see happen?
     
  15. wshrugged

    wshrugged Registered Member

    Joined:
    Jun 12, 2009
    Posts:
    266
    It's the same across the product line. MAPS.

    http://blogs.technet.com/b/mmpc/archive/2014/09/22/microsoft-cloud-protection.aspx
     
  16. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    I actually have Spynet and Spynet2 blocked in/out on my network, and Windows Defender force-removed via "Defender Uninstaller" from Raymond.cc
     
  17. ufakai75

    ufakai75 Registered Member

    Joined:
    Dec 28, 2014
    Posts:
    183
    Would you include Bitdefender free in your recommendations?
     
  18. ufakai75

    ufakai75 Registered Member

    Joined:
    Dec 28, 2014
    Posts:
    183
    MY BAD, DIDN'T SEE THAT YOU DID.
     
  19. Frank the Perv

    Frank the Perv Banned

    Joined:
    Dec 16, 2005
    Posts:
    882
    Location:
    Virginia, USA
    Yes.

    Although.... @Windows_Security (who does know what he is talking about) has a point.


    Concur with Kees, there is little debate (that I'm aware of) that ASLR / DEP protected security software is better self-protected >> thus better.

    http://securitywatch.pcmag.com/secu...us-products-are-best-at-protecting-themselves


    But.... to borrow a sentence from Kees, To predict something about the real world protection, you should be able to tell something about the real world prevalence.

    I'm not yet convinced that the type of attacks that occur with AVs that do not have 100% implementation of DEP and/or ASLR are significant.

    I buy in that DEP/ASLR implementation is good. I'm just not clear on how much it matters in the context of other AV attributes.

    So for instance, If one AV has 100% DEP/ASLR, but just basic protection and scanning. While another has 70% DEP/ASLR but also has (just using Bit stuff as an example) B-Have, Intrusion Detection System, Anti-rootkit... Assuming the engines are similar, I'd choose the latter.

    On the other hand, if the AV has DEP/ASLR numbers like dirty Qihoo or Kingsoft -- that is a no-go.
    https://www.wilderssecurity.com/threads/g-data-2015-official-thread.372358/page-4#post-2477660

    http://www.pcmag.com/article2/0,2817,2388652,00.asp


    That is all.

    -The Frankster
     
  20. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    1,292
    Location:
    USA, MICHIGAN
    I thought it was horrible back in my XP days it let lots of crap through, it's worse today who would ever run this is misinformed on it's capability's and are just trying to justify it's presents on there PC by defending it. :rolleyes:
     
  21. 142395

    142395 Guest

    Well, your argument have points. Surely, "real-world" test don't take prevalence into account and they simply use all malicious links they found except for links serving to the same malware. Also if you take this as random sampling, still the number of samples is not enough due to lack of resources, even AV-C's around 1,000 samples in a month will be a drop of a bucket in maybe more than 100,000 malicious URLs in the wild. This is why I prefer call it "dynamic test" to "real-world".

    However, it doesn't render these tests are useless. Although your example is "possible", it's "unlikely" in probability, assuming those samples are not much biased. Still bias or random error can happen, but if tests after tests show exactly same tendency, the probability that truth is different is close to 0. And yeah, MSE is surely the case, it consistently keep showing very poor results in all tests they participated w/out exception recently.

    Also note, in file detection test they surely take prevalence into account. I wrote a quick overview about sampling, IBK admitted it's close to fact. I also appreciate Microsoft prevalence based tests, surely it appears there's apparent conflicts btwn 2 prevalence data but this is partly because AV-C don't use the same sample and probably don't use simple wighting, so it just shows other possibility and I don't consider it as full counter argument against AV-C's methodology regardless of if Microsoft's data is accurate or not.

    Big data based on the numbers and usage only makes sense when the vendor employ strong cloud reputation and have effective automatic analysis system. This is true to Symantec and Avast, But Microsoft, Google, and Baidu's cloud system seems not much sophisticated when it comes to malware (but for phishing I admit at least MS & Google are strong). You also have to consider other factor, 1) regional difference: AVs obvioudly have regional strengths and weaknesses. 2) alliances and sample sharing: It is known that some vendor share samples but usually only insiders know what vendor shares with whom, also there're alliance and/or frame work such as CTA, while big vendor also receive samples from not only their customer and researcher but also law enforcement agency or other agency. 3) each products' strengths and its advantage to test methodology: I think it having been ignored in Wilders. If a product heavily rely on URL reputation, it will score high on AV-C dynamic test but will get worse result in AVT and even worse result in MRG. AV-C is URL only, AVT uses email threat, and MRG also uses threats from USB too. Or if a product rely heavily on IPS, it will get high score if exploit occupy fair amount in samples, otherwise not. These are not in my imagination, I can name such products but leave it to your guess.

    Note: AV-C's file detection test is no more zoo test, it's prevalence-based test.

    Actually if you take proper measure for all major attack vector, MSE is good enough. The point is rather you shouldn't solely rely on AV to keep your security. Detection rate is not much important, I have seen example like this many times in not reputable AVs like MSE and ClamAV.

    Anyway, surely good food for discussion!

    ~ Removed VirusTotal Results as per Policy ~
     
    Last edited by a moderator: Apr 7, 2015
  22. 142395

    142395 Guest

    Yup, if the difference in DEP/ASLR adoption rate is slight and a product whose adoption is bit lower excels much in other aspects, I will buy it like you, and yeah if a product has terribly low adoption rate I won't go.
    But remember DEP/ASLR is not absolute obstacle against exploit and those skilled hacker who try to exploit security software most probably bypass those mitigation. It's all matter of how those AV vendor take security seriously. As you know, attack against security product is rare, tho surely happened and always can happen, but if a product is more robust then the possibility goes down. I don't like to use a security product whose developer don't take security seriously, do you?
     
  23. @142395 that probably explains why MSE scores higher of static file test

    @Frank the Perv agree about DEP/ASLR, but I think Panda Free has a lot of features of Panda Paid, while Bitdefender free only has the AV engine (correct me when wrong), so I would advise Panda over Bitdefender free when opting for a cloud AV.
     
  24. Frank the Perv

    Frank the Perv Banned

    Joined:
    Dec 16, 2005
    Posts:
    882
    Location:
    Virginia, USA


    It appears that Bit Free includes:
    • Real-time Shield
      The real time shield is designed to protect your entire system from infected files coming from the outside, before they have a chance to spread inside your PC.

    • Active Virus Control
      Proactive technology that quickly and accurately detects potential threats, even in cases of new viruses for which there is no default protection released yet.

    • Intrusion Detection System
      Ensures that applications trying to access the Internet or the network are not masked malware. Intrusion Detection is automatically alerted when such apps behave in a suspect manner, and blocks them when they go over the limit.

    • B-Have
      Proactively detects unknown threats that other products miss, by analyzing how apps behave in a safe environment. If no malicious actions are detected, B-Have starts the program normally. Otherwise, it will automatically quarantine or delete it.

    • HTTP Scanning
      Protects you from scams such as credit card phishing attempts, Bitdefender Antivirus Free Edition scans all the links you access from your browser and blocks them when they prove to be unsafe.

    • Anti-rootkit
      Rootkits are a type of stealth software, often malicious, that can help hackers get control of your computer. Bitdefender Antivirus Free Edition uses special technology that detects and blocks such malicious software.
    http://www.bitdefender.com/solutions/free.html

    But I'd recommend Panda Free over Bit Free also.


    -Frank
     
  25. ufakai75

    ufakai75 Registered Member

    Joined:
    Dec 28, 2014
    Posts:
    183
    Having MAMB EXPLOIT FREE, MAMB PREMIUM...Which AV would go best with these, BD FREE or PANDA FREE?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.