Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

+1 , i always forgot about AMSI , van't manage to remember it lol.
We know well enough all the people parroting those self-proclaimed expert bashing Win10 by writing nonsense on their blog...
Blog experts? sure. Security experts ? surely not. Clueless? Definitely.

 

It's unfortunate that not all antivirus companies have bothered to implement AMSI in Windows 10. I would imagine that by now they should have.

 

Test Labs = advertisers for 3rd Party Vendors. after all where the labs get the funds...

 

So, Comodo is right in not taking part on these tests

 

@cruelsister
What about making one of your videos with WD (on Win10) vs. ransomwares?

 

Comodo would take part if they were ranking high...as they do with some less known labs ranking them nice.

 

Not sure, Comodo is on AV-test even if they don't rank it high. I have seen many posts on Comodo forum about AV-test results. They give Comodo 4/6 stars about Protection even if Comodo scores 100% in "Protection against 0-day malware attacks", only because of the lower detection rate
https://www.av-test.org/en/antiviru...comodo-internet-security-premium-10.0-170515/

 

http://news.softpedia.com/news/wind...f-meadgive-infection-on-some-pcs-515668.shtml

 

All of these tests are primarily for traditional AV's. So things like AppGuard, CF, and Sandboxie are really out of place. It's sort of like having Horse and Buggy races while the Lamborghini is left in the Parking Lot (and most of the testers have no idea how to drive the Lamborghini anyway).

 

+1

 

Just my opinion, but UAC and SmartScreen are useful only for paranoid users.
UAC is a big PITA, it will alert about ANY app, no matter if good or bad (on any other security suite this would be taken as high FP rate and low usability).
SmartScreen works mainly with IE or Edge, so if you use another browser you can keep it disable.
WD itself updates only once a day (fortunately they added a cloud analysis).

 

I certainly don't as they fail to accurately replicate real-world scenarios.

 

It would be great to see how windows defender performs against the in the wild js samples that download ransomware binary and infects the system and I Have already seen one where the machine got infected even with all the goodies they claim to have I think their "dynamic signature update" cloud was around since 2009 and even though the program fell out of the ally in upcoming years either MS didn't work enough on it or it just wasn't up to par.

This is the same kind of thing that happened when MSE first came out.I remember there were people claiming MSE will run other AV's out and it did for a while until malware writers figured out on how to bypass it and MS Never brought their "A" game until now where they are back claiming to use all the fancy "next-gen" things that i am sure most AV's were using for years and this machine learning thing is just more a part of the industry right now there is nothing new.

Statistically MS's AV will be easier to bypass even with smart screen and all other things because most users do go ahead and run the application and secondly because malware writers will find ways to get past them as most systems in coming years will have win10 and malware writers will adapt and find counter measures to evade them and unless MS this time finds a way to keep their defender good it will fall out again.

 

so you clearly lack of knowledge on how those features works.

- UAC: is and always was just an elevation blocker, not a security feature, it was made to disallow limited users to gain higher rights and mess up the system. However since many malwares needs elevation , UAC was wrongly assimilated as a security features.
if you don't do admin tasks or the malware doesn't need elevation, you won't get an alert.
The problem is that many softwares are so badly coded that they ask for elevation for no reason at all; this is bad programming habits from XP era.

- Smartscreen is system wide, not only on IE/Edge. It works on any area of the system and every browsers.

- WD update is one or two a day, you don't need more, i don't believe you will cross a 0-day every 5mn and smartscreen may kicks-in before WD.

Please do some researches before stating wrong facts.

the built-in security mechanism of Win10 was made to protect all users without putting too much hassles on them, it wasn't made to block prevalent infections not every 0-days or specific PoC/attack vectors.
If some security geek/paranoids want more, they just have to install other solutions.

 

So, you agree with me about this, UAC can be annoying (even if not for Microsoft's fault)

OK, maybe I misunderstood this article:
https://support.microsoft.com/en-us/help/17443/windows-internet-explorer-smartscreen-filter-faq
At home, I'm using Chromium portable and I have never had any SmartScreen warning (but I got warnings from my ad/malware blocker)
EDIT
I think SmartScreen is made of 3 parts:

1. Integrated in IE (url and download alerts)
2. Integrated in Edge (url and download alerts)
3. System wide (on-execution alerts)

Anyway, please correct me if I'm wrong

Probably the average user can stay safe without any secuity suite on his/her PC, but this doen't mean that he/she is not at risk

 

guest, do you recall if SmartScreen is set to "block" or "warn" as default? I'm not clear on this: is Defender tested as-is in order to mimic what the average user does with the settings (ie: nothing)? I know you're repeating yourself on this issue but it's a bit outlandish that only the bare-bones Defender is tested head-to-head with big guns like Bitdefender, etc. Given the revenue aspect, surely, there would have been objections by now, particularly by Microsoft. But there has been silence, right?

By the way, what's a Skyline? I used the BMW/Chevy sedan analogy many moons ago in this context, saying the same thing. Having done some random sample testing previously, based on all available info, this seems like dirty testing, plain and simple. At least, that's what it looks like, and like I said, I'm not clear on the MRG test methods.

 

To tell you honestly, "annoyance" is based on the person sensibility; for example, i'm on SUA and i set UAC at Max, but i have at most 2 UAC alerts a day and only while i'm doing specific admin tasks or use monitoring task that need elevation for deep analysis; so for me it is benign, because in the past i was used to use Comodo HIPS at paranoid mode , which generate far more alerts than UAC.
Now if for some people, having 2-3 UAC alerts a day is annoying, i won't flame them , eery people is different.

let do a test :
1- open Chromium, download 7-Zip on the desktop, try to run it , normally you shouldn't have any alert. Why? because SS has it in the whitelist.
2- now delete the downloaded 7-Zip.
3- redo sequence 1 , but now before executing 7-Zip, disconnect internet . normally SS will kicks-in, because it can't query its database.
so we can deduct SS is working in the background while you re connected to internet.

no one is totally safe, whatever software he uses. i can tell my system is almost unbreachable (see my sig) but only because i put a lot of effort to make it at it is.[/QUOTE]

 

The sooner that more users realize this, the better.

Not only that, but each iteration of Windows 10 major upgrades comes with even more built-in security mitigations. Microsoft is strengthening this beast now more than ever before.

 

Sorry, I have just made an EDIT to my post:

EDIT
I think SmartScreen is made of 3 parts:

1. Integrated in IE (url and download alerts)
2. Integrated in Edge (url and download alerts)
3. System wide (on-execution alerts)

Anyway, please correct me if I'm wrong

 

It is set to warn.

MS seems to not care about it, after all they don't make money from WD unlike others, especially Kaspersky that was very fast to point some "issues" to protect the reputation of their product.

so do i

Nissan Skyline GTR, considered one of the best Japanese car for tuning , can beat a Ferrari in speed eyes closed.

 

on Win7 , SS is only present on IE , so i guess still present even for IE in Win8/10 but i didn't check because IE is the first thing i remove after installing Windows

 

Aha, interesting. Thanks, imuade and guest.

 

You are welcome

 

Edge Security Flaw Allows Theft of Facebook and Twitter Credentials
https://www.bleepingcomputer.com/ne...ws-theft-of-facebook-and-twitter-credentials/