Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Is it available for Windows 10 Pro only or also for Windows 10 Home?

 

All versions,

 

Tried it and it kept bugging out. Icons were flashing constantly on my desktop, taskbar would freeze and general performance took a noticeable hit. Maybe in a couple of years I'll try it again, but so far I am not impressed.

 

Obviously, and i can even tell than few samples would be left for the other AVs to detect (unless they react faster than SS) . Fair? depend each person point of view ; realistic? yes.

As i said countless times, it is not about WD scoring high or not, it is about "should the test be called real world or not?" If yes , use SS; if not , don't use it. Simple to understand.
Problem is that labs use "real world" as a clickbait, if they called their test "lab situation test" , few would care of the said test.

To me , Real World means using a system and a setup that would be used by most common users, aka with default settings for both the OS and the AVs tested.
We all know that AVs doesn't disable SS and they are not hampered by SS at all, so why the labs would disable it? for what reason? if SS is toxic for AVs , those AVs would disable SS as they do for WD, right? but they don't, so there is no valid reason at all to disable it.

We know MRG considered in the past to test Windows built-in security alone, now they consider it again, and i hope they will do it. And if it score badly, so be it ; if it score high , we will be glad for all noobs lacking the skill to deploy, set and maintain a 3rd party AV.

Win10 is not Win7+MSE. It is deeper than that.

 

I believe "Real World" refers to how people might come in contact with malware. It's not about system configuration. In the real world, Win SmartScreen and the Safe Browsing filter available in Firefox and Chrome will protect most people from downloading malware. So when you apply this logic, you might say, let's stop testing AV's, because in the real world, AV's are probably not needed LOL.

But all joking aside, I'm all for enabling Win SmartScreen (Win SS) as long as it doesn't interfere with AV's trying to detect malware. But you guys do realize that it won't improve the detection rate of AV's, right? So it won't change the results, and the test isn't flawed, that's what the debate is about.

 

Of course, if Win SS helps to protect the system by complementing AV's, then why not! So in theory you can get a 100% detection rate with any AV combined with Win SS. So in that case, you might say that third party AV is indeed not needed unless you are looking for extra features that WD doesn't offer. Are you guys happy now? The question is how many of the 86 samples that WD missed and how many of 386 samples would have been blocked by Win SS, so without the need of any AV.

 

Of course they are focused on the chart, because it was an AV test, nothing more and nothing less. Another thing that's worth to mention is that the default setting of Win SS is to alert the user, so the user still has a chance to dismiss the warning and to run the malware anyway. So there is no way of knowing how each individual user would react. I have seen websites that are quite convincing, trying to make people think their system is infected and that users must download a specialized system cleaning tool, that in reality is of course malware.

On Win 8 it's also crap, a friend complained about a slow laptop that she just bought, and turned out it was WD slowing the system down with real-time scanning.

 

But then it won't be a comparison

 

That's based on the incorrect assumption that SmartScreen will block all malware. But, you are right in saying it's a real world scenario.

You are missing the point. If malware is blocked by SmartScreen, it does not matter if your antivirus can detect it or not, as it's already been blocked. It really does not matter at all if a particular antivirus can detect it or not if SmartScreen has already detected it. It only matters if you have disabled SmartScreen. But, as I've said previously, this is not a typical real world scenario.

I can see there (perhaps) being some point in doing two sets of tests. Doing a test with SmartScreen enabled and then testing again with it disabled. But of course, the real world scenario is to have SmartScreen enabled and even you have admitted this.

 

Real world is abut everything a basic user would encounter. so his system and AV at default , and usual attack vectors of malwares (not PoC).
And honestly we all know that test are extrapolations, who will encounter 400 malwares in his life, even me since i started security i barely met more than 2-3 malware when i surfed.

ok let me ask me simply : Since WD is only for local files, how could it detect malicious URLs in a test without SS?

Finally. indeed it complement AVs and especially WD which has no special features as others because it was supposed to works with SS.
If from the start , WD had a web filter scanning URLs and files from the web, SS won't even exist and so this debate
Now in CU all of them are components are integrated under the same UI, so they are a now components of Windows Defender Security Center.

it is why we asked for SS (and the rest of windows security features) to be tested accordingly.

Oh you don't read the tests thoroughly enough mate, the chart's bars have a dedicated color for prompts. (green means blocked, orange means prompted, red means missed)
Additionally SS in win10 CU can be set to "block" only, but it isn't default setting.

MRG is considering this.

 

depend what you want to compare: detection only or overall protection.

 

Of course this has caused controversy because up until Creators Update, Microsoft had considered malware protection to be complementary to the OS, but now they are making it an structural part of the OS itself. Any Windows Defender test SHOULD employ default settings, including SmartScreen. Otherwise the test is flawed or biased, and thus, lacks credibility.

 

[facepalm]

 

This isn't a difficult thing to understand.

3rd-party AVs usually have several components at play to improve their protection. Imagine if one of those AVs had one of their key components disabled and then tested against other AVs in a "real world" test.

Substitute that scenario with the fact that WD + SS is a combo meant to protect Windows in the "real world" in it's default out-of-the-box settings.

To avoid all of this mess, why not just compare what MS has to offer it's customers out-of-the-box with what AV companies have to offer on their own if that protection was disabled.

Done.

 

In this case 3rd party AVs would be tested in non-realistic scenarios (since 3rd party AVs don't disable those protections by default). It will be the same "problem" that is now presented for WD testing.
It all depends if we want information about specific OS setup or more narrow security of specific AV.

 

Exact.

Since CU, WD can't be tested as a standalone feature anymore, you have to test WDSC, test labs have to adapt their methodology because Win10 is not Win7+MSE.
Don't forget that Win10 and WDSC will have some of EMET exploit mitigations in the next release.

Win10 CU and WDSC is the end of the Win7+MSE concept.

 

A new test:

Default and updated Win10 vs the rest.

 

that is what MRG may do.

 

Exactly, we can't assume that it will block all malware and it even gives an option to run malware with only one click (default settings), so AV detection is still a big deal. Because the more the AV misses, the more should be blocked by Win SmartScreen. Let's say Avast misses 50 from 400 samples, and WD misses 100, then who would you rather use? Again, there is no guarantee that Win SmartScreen will block all of the missed samples.

Of course you might say, it doesn't matter as long as Win SmartScreen is blocking the missed samples, but that's the thing, we don't know if it's actually capable of blocking 100% of all malware. And if it's capable of doing this, no matter how malware is delivered (user download or exploit), then we don't need any AV at all and we can end this discussion.

 

BTW, here is an interesting review. And don't worry guys, WD scores quite good:

http://www.trustedreviews.com/best-free-antivirus_round-up

 

I said that SmartScreen should be enabled for testing. I didn't say to use it as an alternative to an antivirus. Of course it should be used alongside WD or a third party antivirus. I don't use WD on my main computer as it causes slowdowns. If it was lighter, I would probably use it, as I believe it provides more than adequate protection.

 

As any products.

not malware, those are blocked, unknown files generate a prompt (big difference) and unknown files are not all malicious. The link shows you what it does and what it doesn't.
https://demo.smartscreen.msft.net/

I guess that is the ultimate goal of MS. Once WDSC will be refined (WD+SS+EMET), Average Joe may not need any 3rd Party vendors except for a particular feature.

 

That's exactly my point, Win SmartScreen is basically an extra security layer that can be used to complement all AV's, not just WD. So yes, it would be interesting to know how much malware it's capable to block, but that still doesn't meant that if you test AV's with Win SS disabled, it's a useless and biased test.

I mean, why didn't anyone stick up for Malwarebytes? Let me guess, because it isn't basic? What if the developers told you: who cares if we performed badly, in the real world Win SmartScreen would have blocked the samples that we missed.

Or better yet, even I could develop some very basic and crappy AV with a detection rate of 10%, and if people complain, I would tell them to quit whining, because Win SS might be able to block the 90% of malware samples that were missed. So don't you dare calling it crappy, because it's supposed to be assisted by Win SmartScreen!

 

Exactly, it might or might not be malware. According to MRG's criteria it should be clearly stated it's malware and it should be auto-blocked. So I guess this should be marked as a fail if you get to see this Win SS alert, because it even gives an option to run the unknown app anyway.

 

We are not in this type of discussion anymore, Win10 isn't Win7+MSE. WD and SS are now components of Win10's WDSC , If people doesn't like it and favor a 3rd party solution they can disable each of them. So your argument is invalid.
WDSC is the security platform of Win10, so people better start to admit it and move on.

You assume several wrong things:

- Any test is based about if the product (whatever it is) is able to recognize malware or not. The product itself isn't aware that all samples are malware, if it was the case , it would block all of them.
Malware are auto-blocked if recognized , having a prompt for files unknown by the product is a normal behavior. Letting it pass without prompts is a fail .
- Only idiots clicks "allow" when you are alerted than a file is suspicious, anyone with common sense would click "block". So the test labs are correct to differentiate "auto-block" from "prompted" since a basic user may either click allow or block based on his "awreness of security".
Take my case, should the product be considered as 100% efficient because i click "block" to every suspicious prompts? not at all, nor it should be considered as flawed because an idiot always click "allow" to them.

You always assume that every users will click "allow" on a prompt which is wrong,
Based on your assumption, are HIPS totally crap because people will always have a prompt and click "allow"? i already know your answer.