Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

I'm sorry I'm not following you, I thought we actually agreed on the points that you made? About the malware comment, I was just trying to make a point that AV's can be bypassed if certain tricks are being used. So in this scenario, this jealous ex-boyfriend was a hacker trying to steal nudes from his ex-girlfriend. Again, a back up won't help like you already mentioned.

 

I was thinking of malware that was downloaded, undetected, then starts stealing data like passwords and business documents, then encrypts them.

 

Yes of course, it's always possible that people will download malware, but it's unlikely if they use only trusted download sites and are not trying to download cracks. But my point is that anyone can be targeted. For example, I'm active in stocktrading, and let's say some hacker sees me on LinkedIn, he can try to lure me into downloading some malicious app in order to get access to my bankaccount.

I have now seen the video, and it does make think about how good behavior blocking in WD truly is, I mean how the heck could it bypass WD, simply by making use of LOLBins? And what about the ''state of the art'' cloud protection in Win Defender? But as seen in other AV tests, lots of other business AV's also fail to block many samples, what a joke!

 

I've read that malware has also been found in trusted sites or sites connected to them, that other malware may be deployed without intervention from the user or deliberately downloading anything, may target embedded software, etc.

 

It's true. For example, in 2016 the official site of Linux Mint was hackered, and in 2017 Ccleaner site too.

 

No correct, I didn't say there is a zero chance. It's indeed always possible that malware is embedded in what seems to be legit software, and supply chain attacks are even more scary. That's exactly why I never rely only on AV, you can always be tricked someday. I also often first run downloaded software inside the sandbox with the help of Sandboxie, to see how it behaves. And I scan them with VirusTotal as a second opinion.

 

That's good practise but it wouldn't always help you to spot malware embedded in legit software. Malware can stay dormant and wait for a while before being activated.
Malware code embedded into CCleaner didn't do anything suspicious and was luckily discovered before it was activated. Using SBIE and VT did not help in that case.

 

No correct, this method is of course not foolproof. But I have often decided not to install certain apps when I saw questionable behavior inside the sandbox. Also, if SpyShelter stays quite when apps are running inside the sandbox, and all of a sudden alert when they run on the real system, that's also a sign that something is not right.

 

I also read that there may be malware where users don't have to be tricked or have to download anything.

 

There is, but it's very rare. Most infections are the result of manually opening infected files.

 

In which case backup images may be infected as well with dormant malware,
and restoring drives from these backups brings the malware back as well.

 

Using an HIPS could also help, it should detect the dormant malware when it begin to work. Also if I it seems a bit as close the stall when the cows escaped.

 

I believe to already know the answer, because I searched in internet, but there is the possibility to install in Seven the version of WD of Windows 10 ?

 

No, but along with 3rd party AV you could install Hard_Configurator, which has a W7 profile.

 

I suppose you talk about drive by attacks? Nowadays, they are mostly used in targeted attacks (both on Windows and macOS), and not on a mass scale like in the past. Of course the malware that's deliverid by these ''drive by'' exploit attacks should in theory also be blocked by AV's. I do remember that in the past Win Defender was pretty bad at blocking exploit attacks but it has been improved a lot.

 

Well funny, because here is actually a good example of why you should never let your guard down, this stuff was downloadable on well known sites like Softpedia. And what's striking is that in a certain stage of the attack it actually adds itself to the Win Defender exclusions list. I'm not sure how anti-malware tools would tackle this stuff, but it's best to discuss this in the other topic, see link.

https://www.wilderssecurity.com/thr...ystems-across-11-countries-since-2019.447107/

 

Great Point! @Rasheed187- It's a known FACT that area of WD is another classic MS Windows vulnerable- I'm not certain of it but from the looks of such easy pickings that MS slacks off from some security or otherwise wouldn't they throw the whole AV Industry out of business if they actually embedded the absolute stiffest security measures via not only cloud per say but did a AI Behavioral Monitor addition. Then again if so we might be looking at more downtime answering WD Prompts or at worse something goes awry and vital software files were gobbled up by Quarantine. Which there again is even more downtime to run down the lost good files and add to an exclusion.

 

Yes that's true. In such situation backups should be mounted and checked against infection before restoring. Best would be to find out when infection initially occurred and restore backup taken before that time.

 

Agree that it's safer and a better reasonable decision to check it thoroughly before overlaying the image as well as even more practical to select your point in time backup image before a problem was discovered and verified.

 

Discussing ultra-low probability possibilities is not useful. Yes, an undetected meteor might strike earth, but to spend time discussing low-probability hidden malware is a huge waste of time. Anything might be infected (in theory) - so what? I have used computers since 1971 and never-ever had malware strike. Malware paranoia is unfortunately rampant on this forum. If you are afraid of malware, don't connect to the internet.

I use non-enhanced Windows Defender and OSArmour. My ultimate security is really not any of those- but a daily image backup as I have stated dozens of times on this forum.

 

My post was just a continuation of discussion started before, about legit software being hacked during production and pointing out how uploading it to VT might not reveal this fact (example CCleaner). I didn't say anywhere that "the sky is falling".

 

No problem- it wasn't personal or directed at you- just a generic reply to a number of posts.

 

Well, not to start this discussion all over again, but I don't completely agree, because at the moment browser exploits are also quite rare both on Windows and macOS, which means they will mostly be used in targeted attacks, but we still try to tackle them, just in case.

And I believe your comment about ''back ups being your ultimate security'' started this whole discussion about that this doesn't protect against your data from being stolen. Perhaps for you personally this isn't a problem, but for many other users it might be disastrous.

 

A highly regarded member in a different forum once posted this about my security setup, which at the time a highly restricted Software Restriction Policy was at the heart of the setup:

He hit the nail on the head. I think it's pretty much the same for the majority of members in this and other security forums, where it's mostly out of sheer enjoyment and a kind of hobby that they put so much effort into their security setups. For a few only, I agree there is some motivation based on paranoia.

 

It's a local user paranoia that often contributes filling the coffers of AV industry brands and who knows which others.

I feel like medium/large businesses with a big customer base have more to lose than a local user, so it would behoove them to invest only with the best security PLUS reliable backup systems IMHO.

Most of us Wilder's members who been around long enough know malware isn't to be feared but seriously Challenged! and stuffed like a thanksgiving turkey. And we have many resources for just that. Also we have the best choices as well. Maybe not as comprehensive as Enterprise customers but doesn't take long to fashion a solid security setup every bit as good and maybe better than many businesses. Just takes determination then test your defenses with malware (on another duplicate machine) and gauge the results.

What gives us the advantage is the variety of techniques and alternative methods the common home user isn't privy to unless they make it a practice to learn their computers fairly in-depth and not just throw programs in there hoping for the best. Those type are one's who really need a reliable backup imaging program up front at the ready because sooner or later something always goes haywire and it's not always malware the culprit but carefree user habits.