Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Yes exactly, to me that's the real FUD, that you can only keep your system safe by patching your machines. It's simply not true, because at any given time their are plenty of zero days present in browsers and operating systems like Windows and macOS, but you should be able to tackle this with security tools, think of AV and behavior blockers. I didn't patch Win XP for 10 years because I got fed up with all kind of issues that they caused, and you guessed it, not a single problem.

 

Well, you do have a point, you never know when mass exploitation of browsers becomes a thing again. But the reason why hackers reserve browser exploits mostly for targeted attacks is because browsers are a bit harder to exploit than in the past. But the amount of zero day ''remote code excution'' bugs found in Chrome/Chromium this year alone is troubling. And companies like Google and Apple even have to admit that they are exploited in the wild, so it's not just in theory.

 

Exactly!! I did the same with XP and also much the same since i've had 8.1 and the machines stabilized. It's an irrefutable indictment on MS as a whole with Windows patches IMHO. It obviously never occurred to them that issuing massive amounts of file overwrite so-called patches are ridiculously overwhelming and it's like throwing chewing gum at the wall and wait to see what sticks. If they were a true high tech industry they would coherently resorted and patterned ALL those months, weeks, and yes years of patches into a single combination ever so many months together for a periodic combined release instead of exposing user's good machines to unnecessary peril by hob knobbing it.

It's no wonder perhaps that Windows Security's in-built AV is even more consistent to that end but then again an O/S and it's massive amount of files and functions might be patched a hundred times in a single year or more, but that also gums and fills the system inconsistently.

After a period of time of numerous releases of patches they would better serve their invention and user's to combine all those previous patches deemed safe and efficient into one single what, Rollup? of sorts instead of gambling. Of course MS will point to "if a update fails or is cause for inadequacy you can always uninstall the particular trouble-maker patch" and be no worse off.

But MS most certainly already nearly a quarter way into this 21st century should better organized that procedure by now instead of releasing patches, some if not most out of desperation in hopes it fixes issues be they security or normal function. In other words they seem to be playing skippity do dah day.

 

If they're not going to happen "in [the] foreseable future", then web browsers with "strong sandboxes" and "ways to improve them even more and release security fixes quickly" aren't necessary. But if the latter is needed, then it's probably because they expect such malware to appear earlier than expected.

 

Such malware has existed for years. As I've said, fortunately it's very rare to get infected just from visiting a compromised website. I see no reason why it's going to suddenly become more common, considering that for many years it's been very hard to get infected without manually opening infected files.

One of the reasons why it's not common is due to quick security fixes.

 

I believe, about this, that a well built rootkit - nobody talks anymore about rootkits - could be a serious threat, but I believe that an highly configured HIPS could stop it.

 

You are overthinking it. Professional security engineers do it because this is their job. Major web browsers employ security engineers because security of a browser is a "selling" point.

 

The ones that I'm reading about don't involve "manually opening infected files." That's why we ironically have this topic thread.

 

Can you prove your point, i.e., show increasing revenues for browser developers because they developed security features simply to sell the product?

 

Such threats do exist. But my point is that it's extremely rare to get infected that way. Rare enough, that I'm happy to browse websites with only an adblocker and antivirus for protection, because I know that it's highly unlikely that my computer will get infected. I don't care too much about things that are unlikely to happen. If you are worried about getting infected just by visiting websites, then take extra steps to protect your computer, if doing so makes you feel safer. Just note that you don't need to do that to be very well protected against malware.

 

Holy crap, so perhaps Win Defender is crap after all?

I just saw that Cruelsister has once again tested Magniber with Win Def on highest security settings and strangely enough on VirusTotal many AV's (including WD) do spot it, but on her system Magniber is able to encrypt all files. I'm not sure if Controlled Folder protected part of the files from encryption. So how come WD can't block this, even with cloud protection?

 

No comments on Cruelsister's latest video from a few days ago? I'm a bit surprised.

Hopefully she can respond to this thread herself. I would like to have an explanation why Win Defender hasn't been able to block Magniber in the last few months, at least on her system. What's so special about it, is it using some kind of AV evasion technique?

 

I'll share here what I shared in malwaretips. This is what I learned from a friend not so long ago when I asked about Microsoft Defender's issue with MSI files.

So yes, that's how it is and may not change unless Microsoft sees a lot of MSI malware hurting their Enterprise customers.
If you're a Microsoft Defender user and suspicious of any MSI file, then scan it prior to running to make sure it's safe.

 

Actually nothing special at all, which made things rather curious. From a batch of essentially identical magniber msi files 3 (including the one highlighted in the video) bypassed the local database, the cloud database, UAC, and CFA. I chose the accompanying song for a reason as this is Hard To Explain.

Which was done to no avail.

 

That's odd because I tested the same sample, and it's detected on a right-click scan. It was also detected when I tested this one in the past. Also, I don't see a right-click scan on your last video. Maybe you forgot this time.

 

Very weird, so the issue is with MSI files?

Weird, why should it only be spotted by rightclick scan? I mean realtime protection, bot locally and cloud based, should also be able to spot it right?

Thanks for the info and yes, this is weird as hell. And that's why I always keep saying to never rely only on your AV, but always use extra protection tools. I suppose a tool like AppCheck will block this right? And I actually liked the song!

 

Yeah, this particular issue of MD is with MSI files.

 

But why does it detect this malware when you right-click scan? Shouldn't realtime protection pick this up too, or am I misunderstanding?

 

I've seen this with products before. If I were to assume then I would assume that the realtime scanner probably uses whatever definitions are in memory and a manual scan applies a broader set that may be stored on disk or retrieved from the cloud.

 

Which would mean that such an AV is pretty much a joke, in my view.

 

They have to balance resource usage. If it slows someone's PC down enough then they won't run it at all.

 

Anyone know how to set Defender in Windows 10 back to default settings? My dad decided to play around and now he cannot get access to some folders. For example...when he wants to scan a photo, the program says it does not have permission to open the folder. There are other things going on too. But when I installed a different AV, such as Bitdefender Free, the problems go away. He wants to just keep using Defender though.

 

You can try this:
https://www.technewstoday.com/reset-windows-security/

 

Thanks, I'll give that a try.

 

Check the image about a conversation regarding this that I shared above. This behavior could happen with MD for MSI files. Files like exe, various scripts are not affected AFAIK. It's a flaw for sure, but that's how it is at the moment.