Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Discussion in 'other anti-virus software' started by Secondmineboy, Jan 30, 2016.

  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes another good point, how can AV's perform so bad without cloud connection? This means that the locally based engine, including "behavior blocker" is crap! That's why I'm using tools like SpyShelter, OSArmor and AppCheck. I often read that malware tries to disable Win Defender via PowerShell, this makes me wonder just how good the "tamper protection" is.
     
  2. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,787
    I just feel without being online, you are very unlikely to encounter a virus anyway. And that I am online 99.7% anyway.
     
  3. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
    Makes me wonder if it’s possible for someone to design malware that only becomes active after the computer is disconnected from the internet.
     
  4. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,623
    Location:
    USA
    Absolutely. A non malicious trigger that waits for an internet disconnect or a time of day that the author thinks you may be asleep. Could it sit undetected until then? Maybe. But there are many possibilities.
     
  5. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,387
    Totally not worth the effort and the malicious actor needs to bypass the online system security in first place anyway.
     
    Last edited: Jul 3, 2021
  6. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,387
    Actually that is not the reason, you are using those tools because you have "security" as a hobby, you dont need them at all, most members of this forum dont need any security solution except for "geek reasons".

    Said that, Microsoft Defender is good enough for everyone that dont have any issues (like system slowdown) with it,computer users need more security education than security tools.
     
  7. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,387
    It is possible to postpone the "main" malicious behavior by placing this condition of waiting for the internet connection to be turned off, but this type of threat is more theoretical than practical.

    First, the process of postponing the infection itself can already be seen as a suspicious activity by contemporary antivirus behavior blockers and the programming to check if there is an active connection is another point that can be considered suspicious.

    That said, let's get to the practical issue of this type of infection, the longer the main malicious procedure is postponed due to the need to be offline, the more likely the antivirus will receive updates to detect the malicious file or behavior later (and the cloud/reputation thing too).

    Anyway, it's a threat that could cause problems in certain environments, but in 99% of cases it's as silly a concern as worrying about a supernova exploding or a meteor directly hitting our heads.
     
  8. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
  9. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,623
    Location:
    USA
    The question asked was is it possible. It is. I in no way claimed it was practical. And no, checking for an internet connection is not suspicious. A lot of software does it for update and/or licensing checks. I have personally worked on legitimate software that does that very thing.
     
  10. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,387
    Isolated checking for an internet connection is not suspicious, but an application with no visibile GUI, unsigned, with low reputation/users count in the cloud just checking for it in the background will have a strike on most behavior blockers; context is very important of how behavior blocker works.

    Off Reply-General Post

    There is a reason why LOLbins attacks are the main focus of most malicious actors nowadays, the old-school malware is a joke for modern-cloud assisted antivirus solution and browsers with reputation check, anyway the chances of being attacked by one is very low and needs human error to works.

    Save for very specific zero day vulnerabilities, human error is always the problem, not the antivirus solution.
     
    Last edited: Jul 4, 2021
  11. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
    I greatly appreciate everyone’s answers here. Thanks a lot.
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I know what you mean, but I'm afraid you're missing the point. What I'm saying is that it's foolish to rely strictly on your AV. It will most likely not protect you against advanced malware, especially when AV's don't have access to the cloud.

    Let's take the CCleaner attack for example. In general, most AV's won't see the backdoor and will let it run. Most people will give CCleaner outbound access and it will now try to download a trojan or ransomware in the background. Perhaps the backdoor can disable WIFI or ethernet to block cloud access which makes it difficult to detect the malware via behavior blocking.

    So what might actually protect you against this? You already guessed it, tools like OSArmor, AppCheck, SpyShelter, HitmanPro.Alert and not to forget TinyWall. They might be able to interfere with this attack in certain stages. However, the key is that they should not be configured in "auto-trust" mode.

    In general, AV's will allow malware to run if they don't identify it as malicious, but true behavior blockers will be able to block outbound connections, code injection, keyboard and screen recording, folder access, interprocess communication, rapid file modification and more. So that's why I'm using these tools, not just because I'm a geek, but because it makes sense.
     
  13. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,286
    Location:
    Las Vegas
    I don't use any of them- just Windows stock firewall and WD. I have argued on this forum for 14 years that the only secure way to insure the integrity of your files and system is to backup everyday to an image. I have only needed to restore from my image once and that was because one of the major AV programs trashed my Win10 OS. I highly recommend image backups daily.
     
  14. monkeylove

    monkeylove Registered Member

    Joined:
    Dec 10, 2013
    Posts:
    226
    The catch is that backups don't protect users from stolen information. That's why it's better to have strong protection plus backups, and more.
     
  15. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,614
    Location:
    Milan and Seoul
    Case in point, this morning I created an incremental backup as I usually do almost everyday. At around 9pm, not long ago, I noticed any video I played had no audio. I don't know what happened, rather than investigate the problem as I would have done years ago I restored the last image made in the morning as my first option and it worked beautifully. If that hadn't worked, I would have gone back in time until one of the images would rectify the problem. Restore time? less than 3 minutes, our time is too precious to troubleshoot computer problems, unless one sees it as a hobby...
     
    Last edited: Jul 11, 2021
  16. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    2,233
    Location:
    Brooklyn, NY
    Yes, I don't rely on a single method etiher. Defender plus OSA and I keep my stuff offline. It's very obvious here that the enclosure is plugged in, so it's easy to remember to unplug it immediately when done. :)
     
  17. Bertazzoni

    Bertazzoni Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    652
    Location:
    Milan, Italia
    In the alternative, a user may simply add RunBySmartscreen, FirewallHardening, which are included in the ConfigureDefender Zip file, alongside Simple Windows Hardening.
     
  18. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,286
    Location:
    Las Vegas
    I have heard this argument before but I am highly skeptical that stolen data is a major problem for a PC user unless they are totally incompetent.

    I do agree it is an issue for the inept IT departments of hundreds of commercial and governmental entities as history has shown.
     
  19. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Thanks. I shall keep that in mind. Good to know that we can safely impliment both along with Simple-
     
  20. monkeylove

    monkeylove Registered Member

    Joined:
    Dec 10, 2013
    Posts:
    226
    From what I gathered, it's not just an argument but that around half of ransomware attacks might now involve theft before encryption. Perhaps by incompetence you mean failure to encrypt as part of protection, but that only proves my point further: backups are not enough.

    And then there are now firmware attacks. I don't think backups will be enough to counter that as well.
     
  21. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
    Seems to be called extortionware
    https://blog.emsisoft.com/en/38394/what-is-extortionware/
     
  22. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    1,037
    Hi @ Wilders

    Windows Defender appears to have improved significantly over the years and features well in lab reviews. That said, not as good as some of the well known names free offerings.

    My questions are, how much protection improvement is achieved when WD is paired up with Configure Defender on HIGH setting?

    Has any lab tested this?

    Thank you


    Terry
     
  23. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,614
    Location:
    Milan and Seoul
    That is highly debatable, I think MS Defender is as good as most paid well known names even at default settings. Of course if you think 'you get what you pay for' is the defining mantra for security programs, then there is no debate.
     
  24. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    2,233
    Location:
    Brooklyn, NY
    Microsoft has more to prove to consumers because of its trillion-dollar status and its ubiquitousness. Its real and perceived failures related to its operating systems carry over naturally to its antivirus.

    I believe that non-ATP Defender (Home "free" :rolleyes: version) augmented with Hard_Configurator or NVT OSArmor is more akin to a paid third party suite. I wasn't able to come up with a formal test of Defender plus H_C over at Malwaretips nor on the net. I would definitely welcome one such test if it's located.

    The author of H_C does a lot of his own testing and posts his findings now and then over there. An example--one of many:

    https://malwaretips.com/threads/how...containing-a-threat.107234/page-3#post-935562

    Personally, I would not run Home-version Defender solo at defaults because I have too healthy a fear of zero days. For me, a small third party supplement is a must, like a daily vitamin. Doesn't make me a traitor, just a little cautious.
     
  25. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,623
    Location:
    USA
    Agreed. I had actually thought about posting something similar to the first part myself. I'm not sure I get how folks can be so supportive of Defender when it is made by the same company that makes they OS they all complain about. No intention of offending anyone, and yes, it has improved, and the price is right, but getting the cure from the same people that provide the need for one seem counterintuitive. I'd rather have something made by someone else. It's always good to put another set of eyes on something. Checking your own work leaves you to miss what you missed the first time.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.