Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Discussion in 'other anti-virus software' started by Secondmineboy, Jan 30, 2016.

  1. Bertazzoni

    Bertazzoni Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    652
    Location:
    Milan, Italia
    :argh::argh::argh: Indeed!
     
  2. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,286
    Location:
    Las Vegas
    People here are obsessed with finding flawless performance when none has existed and I doubt ever will. I don't care and never have. Everything we do is a probability function. Some things you do are more likely to get you infected than others.

    I use Defender, OSArmor (medium protection) but my ultimate protection is a system image I make daily. I have never-ever been infected and I have been using computers since the early Apple days.
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Wel, I will always use ''additional security tools'', but most people don't. And I understand what you're saying, there will most likely never be bulletproof protection, but that's not what I'm asking for.

    I'm asking for better software design, both when it comes to security tools and the operating systems they run on. I've read that software engineers make at least $100.000 a year with companies like Microsoft and Apple, and then they come up with this easy bypassable crap? Surely they can do better.

    BTW, about PatchGuard. I've read about ways to bypass it, MS could allow AV/EDR's access to the Windows kernel with these same bypass techniques, in order to make it harder to bypass user hooks. This is the type of innovation that I'm missing.

    https://www.zdnet.com/article/new-bypass-disclosed-in-microsoft-patchguard-kpp/
     
  4. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    This could be debated to the extreme in both directions. If you can't trust these products there is no reason to use them in the first place. There has to be at least a minimal amount of trust else we are giving the vendors an excuse to not even try. We don't get better products unless we demand better products.
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes, exactly my point. They really need to raise the bar. Like what they did with browser sandboxes, it made exploiting them way harder. And they are now trying to make 2FA much safer with hardware keys and Passkeys. I welcome this innovation.

    AV's should also be doing a better job protecting against more advanced attacks. Of course they need help from better designed operating systems like Windows and macOS. But I guess some people have higher quality standards than others, sadly enough.
     
  6. Jan Willy

    Jan Willy Registered Member

    Joined:
    Jan 29, 2021
    Posts:
    226
    Location:
    Netherlands
    As long as Windows OS and MS apps such as MS Defender have more as 1,5 billion users all over the world, they will be by far the most relevant target of hackers etc. Many attacks will be repelled and some (?) will succeed. Not to speak from the risks we even aren't aware. We can't expect that MS day in day out will protect us home users 100%. There will always be holes in the defence (as proven by cruelsister). Choosing an additional layer of security should be self-evident.
     
    Last edited: Jan 11, 2023
  7. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    The people that need it the most will be the least likely to do so.
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I get this, but what we should expect from MS is to stop making dumb design mistakes. Not only to protect home users, but also the thousands of companies that rely on them. They could have closed this loophole by simply improving WD's ''tamper protection'' years ago. Same goes for the ''vulnerable driver'' hole that was present in Windows for years, see link.

    https://www.spiceworks.com/it-secur...microsoft-windows-byovd-attack-vulnerability/

    Thanks, and do you happen to have a sample of this malware? I wonder how AV's and Win Def in particular would react to such an attack, assuming that the user gives admin access, because it does first try to bypass UAC.

    https://www.wilderssecurity.com/thr...home-users-with-fake-software-updates.448297/
     
  9. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    These were totally specific to WD (and with this exclusion technique ANY malware can be substituted). Other AV's shouldn't have an issue. As to UAC- this has always been bypassed by adept coders with barely an inconvenience.
     
  10. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    Especially when not set to maximum, which is not the default.
     
  11. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    2,233
    Location:
    Brooklyn, NY
    Does anyone recommend setting UAC to maximum if you're the sole user of the machine? I always found it annoying and unnecessary.
     
  12. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    It is annoying but I have seen too many examples of malware exploiting things like Notepad to launch as admin without any kind of prompt whatsoever. Microsoft programs on Windows get a free pass and when they are exploited to launch a child process it can be a dangerous thing. Not that setting it to maximum will make you invincible, but it will slow some things down.
     
  13. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,869
    disabling UAC does not disable other reminders. going beyond this level includes some more risks you dont want.
     
  14. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    Yes, never disable it. Doing so would make an admin account very dangerous and a standard account unusable. Assuming it still works as it did in the past.
     
  15. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    2,233
    Location:
    Brooklyn, NY
    No, I would never disable UAC completely. Here, it's set at the default (notify only when apps make changes plus dim desktop). Just wanted to refresh my memory about this particular setting. .
     
  16. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    Yes, the default lets anything signed by Microsoft bypass UAC. Setting to Maximum removes that exclusion. Should be the only difference between those 2 settings.
     
  17. monkeylove

    monkeylove Registered Member

    Joined:
    Dec 10, 2013
    Posts:
    226
    It's not so much a matter of flawless performance as considering AVs that offer the best balance in terms of protection, usability, and performance impact.

    Also, to recap, backups don't reverse data theft.
     
  18. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    No, but we can use backups to recover from today's Defender fail of deleting all of the shortcuts on the system.
     
  19. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,935
    Location:
    UK
    https://www.bleepingcomputer.com/ne...ender-asr-rule-deletes-windows-app-shortcuts/

    Instructions on workarounds in the article.
     
  20. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,343
    Location:
    Italy
    Yes even me Microsoft Defender removed all shortcuts in bar and start.:confused::confused::confused::confused:

    • CCleaner
    • Firefox
    • Edge (no icon)
    • Thunderbird
    • Paint.net
    Are all blocked.
     
    Last edited: Jan 13, 2023
  21. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    On my PC I restored a backup, pulled the network cable, rebooted, disabled Defender and installed a 3rd party product. I assume they will pull the bad update, not sure how they will fix anyone's missing shortcuts not knowing what they were.
     
  22. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,343
    Location:
    Italy
    They should pay us damages.:isay:
    It bothers me not a little to waste my valuable time (when it is possible) to fix mistakes of incompetent people.

    P.S.

    Definitely in 2025 I will switch to Linux.
     
  23. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    It won't happen. So far I lost and hour and a half to a single PC and don't know how widespread this problem is for me. I'm certainly not turning any on that are off at the moment.
     
  24. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    2,233
    Location:
    Brooklyn, NY
    Was anyone able to apply the workaround in the Bleeping article in post #4244 yet?
     
  25. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,343
    Location:
    Italy
    I disabled the ASR rule in M. Defender that caused the problem.
    I have restored from memory,I hope, almost everything.
    But I can't restore the Edge icon in Start and the file path.......
    Also because I've never posed this "problem".

    1.jpg
    2.jpg
     
    Last edited: Jan 13, 2023
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.