Comodo with Windows Defender?

I am putting Comodo (sandbox and HIPS only, no AV part, no cloud) on my windows 10 machine.

To keep it snappy I disabled Windows defender via group policy. I don't like signature based real time defence and scheduled/ on-demand scans etc.

Just wondering if it is a good idea or Defender can offer something beyond the scope of Comodo. Esp it might have done network protection features not present in my setup. MS is sure working hard on Defender and improving it day by day.

What do you guys think?

Thanks

 

Hey Aigel,
I think that would work great. The Hips and containment should be more than enough. Even if defender misses something sandbox will contain it. you could add an on demand scanner to make sure things didn't slip through.

 

Defender is disabled.

 

First, there is nothing wrong with using a signature or definition file defense. All the top rated anti-malware solutions do it. Second, like many other solutions Windows Defender uses several other methods, including behavior analysis.

And as you correctly noted, "MS is sure working hard on Defender and improving it day by day." It is important to remember that Microsoft is the ONLY developer of antimalware software that does not need malware to thrive in order to stay in business. If malware was totally eradicated from the world, the other companies would go out of business. Microsoft needs malware to go away because they are always being blamed for the actions of the bad guys anyway. The rest of the security industry needs malware to thrive so they have purpose to stay in business. Something to think about.

As for your question, sure it is a good idea to use WD with your current solution. Unlike years ago, conflicts (two dogs guarding the same bone) are very rare. So the only other problem is resource utilization. But again, that was mostly a problem in the past. Today's security solutions and Windows itself are much better at managing resources, and today's computers are much more powerful and tend to have a lot more resources (gobs of RAM and lots of CPU horsepower) to work with.

Either way, I say why don't you try both and report back and tell us how it went? Then we all learn something based on fact instead of speculation.

 

My issues are not conflicts or resources. I really don't trust blacklists as these scanners are useless against new threats. I am wondering if WD is going to offer any protection against zero days or not?

 

I am afraid you don't have an understanding of the breadth of threats out there. You also don't seem to be aware of WD's current capabilities. This is too bad because Microsoft has made all this information readily available as our friend Bing Google will easily tell.

Sadly, you seem to be suggesting there is only one type threat to worry about, that is new, "zero day" threats. That is totally not true. Blacklists (definition/signature files) work great defending against the millions and millions of known threats that are already and still in circulation and are still real threats. Definition/signature files are not intended to be effective against new threats or zero day exploits. That does not, by any means, make them useless.

For new threats, threats, WD uses always-on, real-time protection, "behavior" analysis and heuristics to identify and stop, if necessary, suspicious and malicious activities before they can do any damage. And WD is pretty good at it too.

 

To be honest, never got a significant malware infection. The actual risk is bloated by the media. My surfing habits are very very limited and safe.

 

No its not. The risks are indeed extreme and severe. What is bloated by the media is anything and everything that puts Microsoft, and in this case, Windows Defender in a bad light. Contrary to what many in the IT Press, many bloggers, and the Microsoft bashers, Windows Defender is a very effective anti-malware solution!

While true WD does not always score great in laboratory tests, the reasons why, and what that really means is never given.

The reason why is simple. As Microsoft has stated many times, they don't design Windows Defender with the priority to score well on those tests. Why? Because they don't need to. Those tests are synthetic. Despite what the testers claim, they are not real-world. They are simulations, artificial scenarios.

Remember, Microsoft is it ONLY producer of an antimalware program for normal consumers (you and me) that does NOT have any financial incentive for malware to succeed! All the other providers need malware to thrive! If malware went away, those companies would go out of business! And how do those companies market themselves as better than WD or their competition? By claiming they do well on those synthetic tests.

Microsoft, on the other hand, needs and truly wants malware to go away because they know they will (as they have since XP came out) get blamed for the malware problem anyway - even though it is the badguys perpetrating the offenses, the antimalware industry (Norton, McAfee, BitDefender, Comodo, Avira, Kaspersky, etc) who failed to prevent the spread and proliferation of malware, and lastly, the careless user who failed to keep their systems updated and secured.

So Microsoft is constantly monitoring and evaluating the real world threats out there today and they are constantly tweaking WD to address today's known (and unknown) threats. And it works! IF WD was as ineffective as the synthetic lab tests report, as the bashers, as many in the IT press and blogosphere would like us to believe, there would be 100s of millions of infected Windows 7, 8, and 10 computers out there. And that is just not happening.

Why? Because Windows Defender is effective as long as (1) Windows is kept updated (and Windows Update ensures that - if users don't think they are smarter than MS and don't dink with the default settings) and (2) users are not "click-happy" on unsolicited downloads, links, attachments, and popups.

So as you can see by that last sentence, it is up to the user (always the weakest link in security) to keep their computers current and secure. And if the users would just leave Windows default settings alone and avoid being "click-happy" Microsoft will do the rest.

Are there other anti-malware solutions out there that are better than Windows Defender? Of course! But that does not mean they will keep us more safe! The fact is we don't need to drive around in an Abrams tank to be safe. We just need a recent generation car that is properly maintained and up to current standards, and most importantly, we (as in the users/drivers) need to drive defensively.

 

What do you mean by "against" WD?

I have used on my own personal systems many different products over the years from McAfee, Norton, ZoneAlarm, AVG, AVIRA, SuperAntiSpyware, Malwarebytes and more. And as part of my job, worked with and used many other products work systems, and on client systems.

When W7 came out and I migrated my own systems to that, I decided to try Microsoft Security Essentials (with Windows Firewall) - mainly because that was what many of my clients were using. I, like many, discovered I was NOT getting infected - contrary to many warnings.

I decided then it must be the old "Microsoft is evil" thing again. Just like the false warnings that said if we used IE6, we will get infected and we must use FF instead. Not true. Or that Microsoft is spying on us. That, of course, was a bunch of BS too.

So when W8/W10 came out, it was a no brainer for me to give WD a go. And surprise, surprise! None of my systems, nor any of the client systems I am responsible for have been compromised either. And for the record, several of my computers are used by other users (including invincible, it won't happen to me, teenaged grandkids) who are less or not security aware or disciplined like me. In fact, most of my clients want and expect their computers to just work, like any other "appliance" in the house, like their microwave ovens or TV sets. And they are not getting infected either.

How do I know? Because I always recommend the use of a secondary scanner (regardless the primary solution) just to make sure the primary (or the user) did not let something slip by. That typically is MBAM/Malwarebytes. And except for an occasional "wanted" PUP, nothing has.

Once again, I am not saying WD is the best thing since sliced bread. Frankly, I don't care what solution is used AS LONG AS a decent solution is used, and it, along with Windows are kept current. And lastly, users must not be "click-happy".

What I do care about is when programs, companies, or products are misrepresented by the ill-informed, biased, or unprofessionals in the IT Press who are only seeking attention with sensationalized and exaggerated headlines over their names.

So while I may sound like a shill for Microsoft, I assure you I am not (as my MVP handlers will attest!). No doubt there are many true things to bash Microsoft about - especially some of their mismanaged and ill-conceived marketing schemes and executive decisions. But contrary to what many wish to believe, the developers at Microsoft are on the ball and know what they are doing.

I am just saying bash where bashing is due. Or I will defend the accused with vigor, as I will any product that is falsely accused.

 

The comparison should be in the context of what type of computer user you are and what OS ver. you are using.

Comparing MSE running on Win 7 vs. WD running on Win 10 1709 is pretty much a "day vs. night" one. Or better said, no comparison; WD on Win 10 1709 wins hands down.

As far as users go, the average user really is clueless about computer security. He in fact views it as more of hindrance than a necessity and has no qualms about neutering part of it if it gets in the way of one of his favorite apps. Patching - he doesn't really know what that is and if he does, he doesn't do it with any urgency or frequency.

Finally, Microsoft really knows "diddly squat" about security. It is not their business and as such they have not developed anywhere near the expertise the major security vendors have over the years. The comparison is if Microsoft security fails, so what. If a security vendor product fails to deliver, they go out of business. Then there is Microsoft's approach to security which is first any foremost based on existing OS permission and access rights, all of which have been bypassed multiple times. Add to that the detailed technical knowledge and more importantly the time required to properly configure those features. Case in point is the they finally have somewhat succeeded in integrating the various WD security features in Win 10 WD security center and in reality, they still have a long way to go in that regard. Simply put, Microsoft's approach is the least costly method to them.

 

i agree, on win7, almost no one will think to use MSE, you have plenty of better solutions. Since Win8, MS forced it into the OS and fortunately for them it was not so bad.
However, since it is a Windows built-in mechanism, all red teams (and hackers after them) jumped on it to bypass it, and they succeeded way more than expected.

 

Do you mean, have I run my own "simulated" tests in "artificial scenarios"? Have I subjected my computers to threats they will never see in the real world? No. Why should I? My computers are constantly being run in "real-world" scenarios all the time. And they are not getting infected.

There are plenty of laboratory tests being conducted out there.

I would not say "day vs night" since WD was spawned from MSE and continues to have much in common. But of course WD on W10 wins hands down. It should and just enhances and validates my point.

Yeah right. That's just total nonsense.

Exactly! And yet those millions and millions of "clueless" users continue to remain safe and secure. How? Because Microsoft does indeed know very much about security and have developed a very robust anti-malware solution in W10 to keep those "clueless" users safe - AS LONG AS they leave the default settings alone!

NO! Now you are talking about a different group of people. Now you are talking about those who think they are smarter than the folks at Redmond. You are talking about the folks who think they are smarter than the bad guys. Most computer users are neither.

You can follow the link in my sig to see if I might know a thing or two about computer and network security. And I assure I am not smarter than the folks at Redmond - well, I may be smarter than some of their execs and some in their marketing departments - but that's another topic. I am not smarter than their top developers and security experts. And I can assure you there are many bad guys out there much smarter than me and you.

No they didn't! Once again - if that and itman's nonsense were even remotely true, 10s of millions, 100s of millions of Windows users would be infected. And it is just NOT happening.

What is happening is businesses and organizations - those with "professional" IT and security people on staff - that is where malware is doing the most damage. In terms of global reach to home and SOHO users, malware has actually declined and that is due in great part to XP going away and the much more secure W10 surpassing 500 millions users.

 

I never said "never"! I just said it is not happening in the numbers implied. The implication is that WD is ineffective because Microsoft doesn't know squat. That is not true. If it were true, where are the millions and millions of infected users out there? 100s in your Emsisoft forum hardly indicates WD is not working.

Does the Honda mechanic who sees nothing but broken down Hondas all day right to suggest Hondas are lousy cars? Do people need a Lexus to be safe?

Come on. Now that's just being silly. Are you really suggesting users of Emsisoft and the others "never" get infected? Of course they do. Why? Because the user is always the weakest link in security. It does not matter which program the user uses if the user opens the door and lets the bad guy in. And that is what happens most the time.

Of course I do! But to that, how does the average Emsisoft, Kaskpersy, Norton, McAfee, etc. user know for sure their product is keeping them safe?

As I said above,

 

Not nonsense, proven by facts, just google it.

https://arstechnica.com/information...indows-defender-nscript-remote-vulnerability/

luckily for users it was not cyber-criminals finding it, and the flaw was patched real quick (for once) by MS... so much for WD "awesome" protection...

Now i don't say other security vendors or OSes are flawless but they are not so vulnerable or targeted as MS. Red Teams exposed MS vulnerabilities plenty of times, not a month without findings.
Then those findings led to the implementation of the latest added security in Win10 aka Exploit Guard and Controlled Folders, do you think they will add them if WD + Smartscreen was enough...i don't think so...and yet they are already flawed.

Also i mentioned Red Teams/Pentesters; not basic users; but at the end, what Red Teams discover often end in the hands of cyber-criminals which spread their malware with the discovered vulnerability (aka EternalBlue/Doublepulsar/wannacry and other DDE attacks).

In a sense you are right, Average Joe with WD is quite safe if he doesn't go to the wrong place at the wrong moment, which becomes quite difficult to distinguish those days...

Now you can choose to live in a dream world believing you are totally safe or you can decide to dig in the rabbit hole and see what lies under...

 

Apples and oranges to your original claim. A discovered vulnerability does not mean it was exploited, or hacked as you said first.

Were there any, even one report of a user's system being infected due to this vulnerability?

And did you even read your link?

So much for Microsoft not knowing "diddly squat". It was patched in just 3 days - over a weekend no less.

So where's your "perfect" solution? It sure is not Emsisoft!

local privilege escalation vulnerability in Emsisoft Anti-Malware

Trend Micro, Emsisoft, Kaspersky Lab, Malwarebytes, Ikarus, and Zone Alarm Antivirus Engine Design Flaw Helps Malware Sink Its Teeth Into Your System

Severe security flaws have been discovered in Kaspersky's Anti-Virus File Server software
Serious Vulnerability In Kaspersky's TLS Interception Tool ... and other vulnerabilities

Disastrous Symantec and Norton Vulnerabilities That Are 'As Bad As It Gets'

another security issue in Comodo Internet Security's software. This is the second significant security flaw he discovered this month.

I can go on and on but the point is made. NO solution is perfect.

See, this is an example of how biased Microsoft bashers work. Just as I never said never before, I never said I or anyone was totally safe. In fact, I said more than once, "I always recommend the use of a secondary scanner (regardless the primary solution) just to make sure the primary (or the user) did not let something slip by." But people like you, so stuck in your tunnel, only see what you want to see and believe.

 

did you read what i wrote? It was patched because reported, now if the vulnerability wasn't discovered by honest researchers but by criminals, would you think it will be reported? i don't think so...
So you can raise the banner of "no one was infected", because no one reported". That is just denial, you don't know if people were infected or not, how can they tell they were?
Like all malware incidents, only victims with decent skills can report, others just live with the malware (aka botnets, RATs, etc...) on their machines while doing their daily tasks...

You didn't read what i wrote...

You clearly didn't read what i wrote...

Whatever we are free to disagree, but unlike you i don't disrespect people by calling them "bashers" or "fanboys" because i disagree...

 

This is ridiculous. You really don't know what you are talking about - either that or you are so blind with bias and hatred towards Microsoft, you just refuse to accept reality.

People who have disabled Windows Update, who don't use any anti-malware, who don't ever update their anti-malware - in other words, those who have been totally negligent in their user responsibilities, they might never know they have been infected - until their systems slow to a crawl or their bank accounts have been emptied.

For everyone else - that is, the vast majority of users out there...malware released in the wild does not go undetected for very long. The security industry has honeypots all over the place - plus they have millions and millions of users participating in sharing information about malicious code so eventually, the anti-malware programs would detect those infected and identify and stop such malicious code before it can do any harm.

Plus, decent solutions, including Windows Defender, look for behavior to stop malicious or even suspect code BEFORE it can infect a system.

Windows Defender is not perfect. It is not the best one out there. I never said it was. I simply said it is more than adequate for most users as long as they keep Windows updated and they are not click-happy. And they use a secondary scanner just in case something slips by their primary or the user lets one in - the same steps users must do regardless their primary scanner of choice.

I don't care what solution anyone uses. I am not here to promote Windows Defender - unlike your obvious role. I just want helpers to do their due diligence and advise based on the facts, not their biases. If WD were as bad as you pretend it to be, there would be millions and millions of infected users. And that is not happening.

And for the record, MS vulnerabilities are not the same as WD vulnerabilities. And Microsoft is not the only provider who keeps adding new features. Is your Emsisoft the same program it was 5 years ago? 1 year ago? Of course not. It is constantly being updated with "fixes, enhancements, and stability improvements" as well as "new" features. So Microsoft, just like other providers, adds new features because the bad guys are getting smarter and smarter too.

Now I'm done here.

 

Then where is your convincing evidence? Show us your "perfect" solution. Show us where users of WD will become infected (or - to be realistic - just likely to become infected) if they don't change to something else.

Where are the millions and millions of infected WD users your position suggests there must be? Are they all as stupid and clueless as itman and guest suggest? And are these millions and millions of Windows Defender users totally infected and just don't know they are infected? Or just don't care?

The only arguments I've seen presented here are clearly based on biases, misconceptions, obfuscation and incorrect information.

For example, the claim MS knows "diddly squat" about security. Yeah right. Or that they "added security in Win10 aka Exploit Guard and Controlled Folders" because WD was so poorly protecting users. That's just wrong too. They added those new features (just as other providers added similar features) because new, more sophisticated ransomware is on the rise.

If guest's claim was true, why did Emsisoft recently change their product by adding "Anti-Ransomware"?

You yourself tried to obfuscate the issue by implying the Emsisoft forums are full of Windows Defender users claiming, "Help I'm infected" - as if no Emsisoft user ever makes such claims. Or by suggesting I said WD users "never" get compromised. Or that your own verification process proved WD is useless because your own personal arsenal of "not simulated" malware was thwarted by your anti-malware solution. Did you notice I did NOT anything about "simulated malware"? I specifically said the tests, like your own, are simulated, artificial scenarios.

So, yeah. You have not shown anything to suggest a properly updated Windows 10 computer running Windows Defender by a user who is not "click-happy" on every unsolicited download, attachment, popup or link is not adequately protected against today's real-world threats.

All I have seen from you (collectively) is "marketing hype"! "My RAM pickup can tow more than your Chevy pickup, therefore your Chevy is junk."

So yeah, I am done here.

 

They didn't add it recently . It's been a part of behaviour blocker for long time. With 2017.5 release it was only specifically presented in UI. You can't even disable it independently.

 

My mistake. Sorry, I did not word that properly. I did not mean to imply it was a brand new feature. It is not. But it is not the same "old" feature either. It has gone through several enhancements since first introduced and was recently put "into a separate protection layer". My point being, all anti-malware solutions are constantly changing and evolving to keep up with today's threats. Emsisoft is no different.

The implication made earlier was that WD did not have any ransomware protection prior to recently adding Exploit guard and Controlled folders. That is just not true. The new features enhanced the existing protection. And there certainly will more enhancements down the road as the threat scenarios evolve and Microsoft (as well as Emsisoft and the others) move to address them.

Even the best anti-malware providers can only guess and speculate what the bad guys will come up with next. Those who guess right will be first with a defense. The rest will soon follow. If no one guesses right (as is often the case), everyone will be playing catch up.

 

Some things must be clarified, as you may not be behind the curtain, you may not know it.
There is no "guess" or "catch up", when an attack his discovered, it is always shared with the whole infosec community.
Red Teams/pentesters always shared what they found, it is how software vendors can fix flaws.
It is up to the security company to develop countermeasures, which is based on their product purpose, market position and financial resources.
Richer a company is, faster the appropriate defense is developed (and only if needed), unless the said defense was part of the product since ages.
You can't expect from a company developing just a scanner to protect against a network-based threat. (like the SMB v1.0 vulnerability).

Microsoft started with their anti-spyware on WIn7 called Windows Defender (almost useless), then they created MSE (the AV) which in Win8, became the Windows Defender we all know now; with win10 they centralize all the built-in security features of Win8 (Windows FW, Smartscreen, etc...) in one place (Windows Defender Security Center).
Then in the Falls update they integrated what was called EMET into WDSC and added the Controlled Folder feature to specifically prevent ransomware attacks.
Before the only way to prevent them (on home versions) was via signature or via UAC and Smartscreen, there were no other means, and those weren't specifically designed to prevent Ransomware which are the most prevalent threat now.

For example Emsisoft was pioneer about Behavior Blockers, we made Mamutu and then implemented it on our existing anti-malware scanner (A-Squared at that time) to create Emsisoft Anti-Malware.
we didn't catched up, we were innovating (we even had a standalone FW+HIPS) then after many products realizing the 0-days menace, developed their own too.
Not to say we even allow users to use both WD (to access Controlled Folders feature) and Emsisoft AM at same time, i don't heard others vendors doing so yet.

The next most serious threat will be fileless malware, the whole industry is aware of it since years and they are working on it. But since it is a very specific attack, developing appropriate defenses against it will take time.
Prevalence dominate the industry reaction time, look at ransomware, at beginning it was only a few infections here and there, but when it grown exponentially then the industry started to develop defenses/specific products to prevent them, some faster than others.