Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

I turned on MS Firewall and have a Malware DNS that will help.

 

a good setup, maybe add defender UI and voodoo cyberlock to the mix.

 

What I meant is that Windows clearly wasn't designed with security in mind. Many of the advanced techniques that are used by malware are NOT used by 99% of all legitimate tools. I mean why so many ways to inject code?

Windows could easily be designed to be more secure out of the box, like I said, you could lockdown apps from the ability to perform code injection and file encryption, by for example running those apps in a sandbox. But this would be bad for the billion dollar cybersecurity industry.

https://www.elastic.co/blog/ten-pro...-technical-survey-common-and-trending-process

 

I assumed that to be the case but the reason for that is that it wasn't necessary in the early days. Nobody could access your PC from half way around the world. Unfortunately as it became a victim of its own success the only way to really fix it would be to trash it and start over. Instead the path forward was to update the basic functionality for compatibility reasons. There is very likely still Windows 95 code in the current version.

I have overseen software projects where it took 3 years just to rewrite a single application in an updated programming language so I can understand how we got here. I knew a lot of people that bought a Mac in the Vista days. Most of them switched back when they found out it wouldn't run the software they were used to. A new more secure Windows replacement would likely suffer the same fate. There is no easy fix for this and I have been saying for 20 years we will likely never see a solution. The bad guys work harder and are more motivated. Their potential reward is greater and based on the nothing anyone is doing about them there seems to be no risk. Why would they not?

 

because windows is very open ended and you can do a lot of stuff with it. Linux is that way too, but there isn't any good security software for linux

 

@TairikuOkami

Thanks for your Microsoft Defender Disable.bat

 

Just in case it is helpful to anyone, if you are updating QuickBooks and it freezes at 32% you need to disable Defender for the update to finish. It would have saved me some time if there had been any kind of notification that there was an issue.

 

Exactly, especially malware can do a lot of stuff. Like I said, take away some of these options/features, and malware will have a way more difficult time doing stuff. But it's bad for the billion dollar cybersecurity industry.

Surely there must be a way to block most code injection techniques and to block malware from encrypting certain files. For example, now after this CrowdStrike disaster, they are finally going to look at ways how to make anti-malware tools run in userspace. The problem is that kernel access should also be locked down even more, to prevent malware from being able to abuse vulnerable drivers.

 

Here's some more proof that WD's behavior blocker is pretty bad, but what else is new? That's why I keep saying it's better to rely on specialized tools.

https://www.pcmag.com/news/microsoft-defender-not-enough-this-malware-gets-around-it

https://www.safetydetectives.com/news/msdefender-malware-vulnerability/

 

It's probably extremely difficult to determine when something is being encrypted legitimately and when it is malware. I don't think that encryption algorithms specify intent. Not meaning to sound sarcastic, but there really would be no way that I know of to tell the difference.

 

Yes it probably is, so perhaps they could implement a tool like NeuShield? This should give users the ability to at least recover files when stuff is encrypted. My point is, there are plenty of options to make Windows even more safe, and with this I mean, it should be built-in. And as mentioned before, app sandboxing should make it hard to perform code injection.

https://www.neushield.com/learn/mirror-shielding/

 

similar thoughts here. why using NFT games with cryptocurrency on a machine with sensible data?
crypto had another boost these days but at least i think this bubble will collapse for sure, like the crash in 1929 or 2007 with lehman.

and again, i dont consider defender as perfect, who's dealing with this or similar need additional security. but as written mbam is "special", but its basic security is lower than defender. and bitdefender is far away from perfect - it has/had again impact on firefox and edge on youtube like gdata had same last days.

at least i consider NeuShield as futile - prevention is more important than recovery. if neushield needs attention the whole concept has failed including backups/mirroring.

 

I'm not saying that Malwarebytes and Bitdefender are perfect, but I do believe their behavior blockers are more advanced than Win Defender's. WD relies too much on the cloud, while behavior blockers should be able to block stuff on the local endpoint, without needing the cloud. And about NeuShield, the point is that file encryption can't always be stopped.

 

Did you guys see the latest clip on PC Security Channel? Apparantly WD failed to detect 22 infostealers.

But what I don't understand is why he did not run them, because then we could have seen how good WD's behavior blocker exactly is. But he claims that it's too difficult to know if infostealers were able to steal info or not. In my view, WD either blocks it or not. And you could also monitor network connections to get a clue.

https://www.youtube.com/watch?v=rcfjjiv_mtU

 

This proves to me that DNS is better than AV, yet again. AV blocks a known malware, DNS blocks an unknown malware, it is as simple as that. Yet people seek AV comparative tests, while ignoring DNS.

 

I don't want to pay for DNS service, what can I do?

 

Do not. Cloudflare's malware DNS is pretty good, then again they are censoring. But there are plenty other DNS to choose from.

Code:

https://adguard-dns.io/kb/general/dns-providers
https://torrentfreak.com/google-cloudflare-cisco-will-poison-dns-to-stop-piracy-block-circumvention-240613

NextDNS is free, you just have to enable DNS caching in settings, which somewhat limits security/privacy, but Windows DNS service caches anyway, if you want to use DOH or DOT, it can not be disabled.

 

You could try Quad9, been using them a while and no issues...

https://www.quad9.net/

 

Can you explain to me how DNS blocks malware? Or do you mean it will block websites where you can download malware?

 

Most of the time people get infected by droppers, because they are small and can easily bypass AV, then they download the payload, merely blocking port 80 is still pretty effective way of preventing it.
In the past they simply used IPs, but these days IPs get blocked fast, so they also rely on DNS, especially ransomware, hackers want the money, so they need working domains, where people can send it.

But yes, the initial download of the dropper can also by prevented using DNS. As mentioned recently, top 10 domains distributing malware like xyz or top would be never visited by the user and just blocking TLDs lowers the risk by about 40% by doing nothing. Not to mention additional blocking malware domains, basically what AVs with network protection try to do. DNS provides an essential protection, especially against zero days and phishing by blocking NRDs alone.

 

Just clearing this up, I think you meant to say "downloaders" instead of "droppers", right?

 

No, I believe he meant droppers. Downloaders are more easily detected by AVs.

 

But according to the definitions, Tairiku describes a downloader.

 

OK I see, never thought about this subject. AFAIK, I'm still using my ISP's DNS server. Also, when you directly download malware, then DNS won't help I guess.

 

Some malware relies on DNS too, because download links can be blocked by AV within hours and it would render it useless, especially ransomware.

Code:

https://umbrella.cisco.com/blog/using-dns-layer-security-for-ransomware-attack-detection-prevention