Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Discussion in 'other anti-virus software' started by Secondmineboy, Jan 30, 2016.

  1. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,983
  2. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
  3. Bertazzoni

    Bertazzoni Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    652
    Location:
    Milan, Italia
    Woody's article reads like just another one of his click-bait rants. ASR rules have been tested and shown to provide additional protection. Do they work perfectly? No. But his sweeping generalizations and conclusion are way off base, and his screed certainly contains no evidence to support them. This guy makes his living bashing Windows. He should move to Linux and shut up.
     
  4. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    And articles like that are the reason why nobody should take security advice from people that doesn't understand how anything in the OS works or what the baseline for each branch actually are. :rolleyes:

    The baseline are recommendations for every enterprise to build upon.
    The safe starting point.

    All other security settings and features needs testing in your exact environment before deployment.

    Exploit Protection settings are out of the baseline, since they need to be tested for any impact on the applications used in that exact environment BEFORE being enabled.
     
  5. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,983
  6. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    Let's try again.

    Mitigations are a cornerstone of every OS' security. Not just Windows, but every OS.

    Each new branch brings new mitigations and in every talented team of developers there will be people carefully studying what benefits each mitigation could bring and what could break.

    Browsers are a good example.
    Some processes will improve their security posture by having some mitigations enabled, but would malfunction with other mitigations enabled. Other processes will need other combinations.

    That's part of what these teams do - evaluate, evaluate, evaluate.

    The baseline are now no longer including Exploit Protection, since some mitigations like EAF was causing problems if just blindly enforced.

    And that's it.

    When they are not in the baseline, then that means that if you strengthen parts of your running processes that didn't have certain mitigations enabled back when it was developed - then YOU are responsible for testing if what you have enabled are causing any breakages across your environment.

    Microsoft are NOT sending out a memo to all developers around the world saying: "Oh, by the way - starting Monday there will be no mitigations available in the OS. Instead we will include a note with the OS, telling all processes to behave or else a journalist who are fond of drama will drop by and spank any misbehaving processes".
     
  7. SouthPark

    SouthPark Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    735
    Location:
    South Park, CO
  8. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    The journalist simply misunderstood.
    Forget the word "remove".

    As said above - the baselines are the starting point for every enterprise to build upon.
    The safe settings that can be rolled out without breaking anything.
    Each organization then need to evaluate their risk profile and enable additional security features in the OS - and - test if additional settings/features could have any unexpected impact on each unique environment.

    The settings are simply moved from the "enable with your eyes closed"-category to the "test with your unique setup before doing a broad enabling"-category.

    The baselines are one official well-known starting point.
    https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-baselines#

    The security configuration framework are a newer official setup guide, that perhaps better shows how an organization are meant to implement a baseline - and then work from there, enabling additional security features after thoroughly testing for unexpected side effects in your unique setup.
    https://www.microsoft.com/security/...-a-prioritized-guide-to-hardening-windows-10/
     
  9. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    some time ago I've read that Machine Learning is being deployed on enterprise versions since redstone 3 (2017) and that later it will passed onto home versions as well, do you know if both home and enterprise users have access to the 'same' cloud and Machine Learning
    or the home version has limited ML? is ML only for APT which is for enterprise or smartscreen is enough to have ML?

    do you need to enable spynet to enable ML?
     
  10. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    Insights from one year of tracking a polymorphic threat.
    https://www.microsoft.com/security/...om-one-year-of-tracking-a-polymorphic-threat/
     
  11. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    A new Transparency report are now available : Examining industry test results, November 2019.

    The report can be downloaded here (PDF) :
    Code:
    https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4kagp
    Details on recent tests from :
    • AV-TEST.
    • SE Labs.
    • AV-Comparatives.
     
  12. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities.
    https://www.microsoft.com/security/...-almost-exclusively-for-malicious-activities/
     
  13. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    2,286
    Location:
    Canada
    Granted WD has improved allot from MSE. (What was the name of the fledgling AV, before M$ acquired), but WD has a ways to go!
    upload_2019-12-12_21-33-10.png

    ** FP's IMO really bad, hunting it down, testing, wondering; I like or have used or considered Panda, M$, Trend, & 10c. Avoid due to FP's.

    I'll bet AV-c's results are consistent, with other (shall we say not biased) testers
     
  14. SouthPark

    SouthPark Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    735
    Location:
    South Park, CO
    That was Giant Antispyware, which M$ bought and renamed Windows Defender antispyware for XP before they added the antivirus component.

    I like WD on 10. The only FP's I've had have been from Smart Screen, but I leave it on anyway.
     
  15. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,787
    I never get FPs from WD. Except the first day a new version of qBittorent is released.
     
  16. JasonUK

    JasonUK Registered Member

    Joined:
    Nov 24, 2017
    Posts:
    112
    Location:
    UK
    WD is so silent you wonder if it's working at all sometimes.
     
  17. jima

    jima Registered Member

    Joined:
    Jul 28, 2004
    Posts:
    141
    I concur, I have been using win defender for months after having used Avast for over 15 yrs. On my setup web pages open faster, boot-up times are shorter, and not one false positive. (I am a heavy surfer). As JasonUK said you tend to forget it is there. I would say to anyone who is on the fence because of all these reports, maybe you should give it a try for awhile and see how it works for you.
     
  18. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    2,233
    Location:
    Brooklyn, NY
    No fp to speak of here either and I've been using Defender (tweaked) since Windows 10 first came out. Then again, I'm very low-risk. No PUPs, no malware. My supplement, OSArmor, throws any/all fp but I wouldn't remove it unless it became defective.

    The main complaint I read about the most is performance hit. Here, that's a non-issue as my drive is 90+% free space. One thing: Maybe they improve the scanning in the future, it's still a little messed up (eg: the amt of time to scan is all over the place.
     
  19. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    2,286
    Location:
    Canada
    I'm happy to hear, no FP's, & will give it a try, & let WD satisfy 'Widows Security Center" & allow MBAM 4.x to be resident
     
  20. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    I've seem many false positives. That said I work for a software company so it is more likely in that case.
     
  21. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    Have the performance issues been fixed yet? It has been awhile since I have used nothing but WD.
     
  22. ance

    ance formerly: fmon

    Joined:
    May 5, 2013
    Posts:
    1,360
    No performance issues, no false positives ... sometimes I'm really missing the annoying pop-ups and ad screens from other free antivirus. :D
     
  23. jima

    jima Registered Member

    Joined:
    Jul 28, 2004
    Posts:
    141
    For me performance is noticeably crisper than when I had Avast installed
     
  24. Bertazzoni

    Bertazzoni Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    652
    Location:
    Milan, Italia
    Try it, you might actually be surprised! ;):thumb:
     
  25. Pat MacKnife

    Pat MacKnife Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    620
    Location:
    Belgium
    My only issue is to open the Download folder, that takes at least 10 seconds to display the icons ....
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.