Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Haters gonna hate.

 

Or, delusional people gonna stay blind...

 

I'm somewhere in the middle. Doubters gonna supplement.

 

One should consider the thread title in light of the point that the thread started in 2016.

 

The differences in protection amongst the major AVs is not significant statistically, so the assertion that AV A is efficacious and another person saying the opposite- is irrelevant.

The days of major differences in AV "protection" is long past. I use unhardend Defender and default OSArmor and I add a daily image backup (just in the highly unlikley event my system gets malware).

In decades of PC use, I have never-ever had any kind of malware. The paranoia in this forum is really a huge waste of time.

 

very well said. All AVs provide decent protection nowadays. What makes me choose one over the other is simply how light it is on the system and that it should have no bloatware.

 

Really. Some of the users of this forum need to stop staring at their screens so much and get out into the fresh air and sunshine.
Acadia

 

Out there in the fresh air they stare at their smartphone.

 

It was troll bait to begin with.

 

LOL!
Acadia

 

In a this kind of Forum paranoia for the security has a different meaning. For many users here security, and realize the highest security level possible are simply an hobby and a fun, and a way to learn something new. So, I don't understand the last posts.

 

I don't think it's paranoia, for me it's more about the technical aspect. It's quite easy to to keep systems malware free, especially when it comes to home user PC's. Simply, make sure you never download malware and you're good.

However, when I do ever encounter malware, I want to make sure that my security tools work as advertised, so I'm quite disappointed when I read certain reports. Keep in mind, perhaps you never had malware on your system because you simply never encountered malware, not because AV's did quite a good job, know what I mean?

Well, the question is how decent this protection is against targeted attacks on companies. Often these hackers seem to be able to simply disable AV's or bypass them with certain tricks. I guess that's why in most malware tests a decent amount of malware samples are missed by AV's.

 

On "the other forum" Defender is once again shown to be seriously lacking when it comes to noteworthy malware--now the Redline Infostealer, a genuinely nasty thing that other major third parties and Wise Vector too (!) were identifying and/or stopping the behavior.

Not to whale on Defender but prudence is gold. Anyone can make a mistake, any time.

Thanks to the tester for posting. Much appreciated. We need something like this every so often for a reality check.

https://malwaretips.com/threads/antivirus-vs-redline-stealer-malware-competition.119481/

 

For better context, the reason this ended up being tested started because of an unfortunate infection a user got
https://malwaretips.com/threads/how-i-got-infected-last-time-thread.57614/post-1015706

 

Yes but that's the thing, sooner or later all AV's will fail to protect against certain malware samples, but strange that this stuff was missed by Win Defender. It makes you wonder just how good their cloud protection truly is. And again, this hasn't got anything to do with paranoia. Most people shouldn't get infected with this stuff if they practice safe computing habits, but you should be able to trust your AV from being able to block this stuff.

 

Wait a minute, so this malware was loaded via some YouTube link, but was it 600MB big? Why would anyone download such a large file unless it was some kind of videogame? Most apps aren't that large.

 

The point of this specific malware is to make cloud scan/protection pratically impossible, its almost 700 mb size full of junk data, so it cant be uploaded.

I dont see this is a demerit of Microsoft Defender cloud, actually this is a recognition from malware writers of how powerful cloud detection is now, so they need to be creative to bypass it.

 

I wonder what type of app or file it exactly was. If it's so big, this should already be a clue that something isn't right. However, other AV's were able to block this malware from running, so this is no excuse for Win Defender. Also, even if it can't spot the malware and doesn't block it from running, you would hope that some type of behavior blocking will step in, but this is where WD is probably weak.

 

It is a file full of junk data, just zeros and ones without any meaning, you can see that with a hex editor.

You replied: "It makes you wonder just how good their cloud protection truly is", well that file is specifically made to bypass cloud protection, because otherwise if it was "normal" size it would be detected, so with that in mind it is safe to say that it is pretty good, but not perfect.

Yeah, some antivirus detected it, but the results werent that good, it seems only ESET can detect this pre-execution with reliability, post execution and the big guys (Kaspersky, Bitdefender, etc) can and will recognize the malware.

 

OK, so cloud protection will perform badly against files that are large in size. However, the Redline malware stealer itself is probably not that big, and you would hope that AV's are able to spot it post execution. So the question remains why WD couldn't, while others could.

But again, if this app wasn't a videogame or OS, experienced users should already know there's something not right. I did read about attacks where Win 10 ISO files and fake Win 11 updaters were used to infect users. With the latter it's kind of strange that the ZIP file was only 1.5MB big and after unzipping it was over 700MB.

https://www.bleepingcomputer.com/ne...reached-via-trojanized-windows-10-installers/
https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade/

 

The bottom line is no matter which security product a person utilizes is to just be extra careful as to the sites you visit as well as the 'links' that you decide to click on. As an experiment & because I like to experiment sometimes I decided to download & install this: https://www.avast.com/en-us/avast-one#pc I quickly decided that I hated it and quickly uninstalled it using (at least so far) my favorite uninstaller: https://www.bcuninstaller.com . Previously I was using wise uninstaller that functioned pretty well but I like bcuninstaller even better.
David

 

Yes, this is a no brainer. However, if you ever do get tricked, other third party tools would most likely be able to protect against data stealing malware like RedLine, by blocking network activity, execution of system processes and file and memory access. So I will also keep using them, besides my AV.

 

Classic movies, favourite TV shows, concert videos, etc.

Common fare for YouTube submissions.

 

Because the regular uninstall function on the computer doesn't work that well?

 

When I try a new security software if I don't want keep it I prefer to restore a disk image than unistall it: security softwares install themselves at deep level in the system, so I don't trust the simple unistall.