Do AV products give a net improvement in security ?

Yes exactly, I'm also not fan of most AV's because they are way too bloated, but I know how to stay safe without them. But probably 95% of all people don't have the knowledge, so I would still advice them to use AV.

LOL, yes exactly, we all know that Win Defender is crap. At least according to a lot of tests.

I agree that AV products should be improved a lot, they should really be causing less problems. But I guess it's also because they want to provide as much as protection as possible, nowadays they try to do just about everything, while instead they should stick with the basics.

 

Great idea.

Anyone reading along, pay attention to exactly what are used in the report from that thread.

Now pay attention to what are used in the links @itman posts here in this thread.

The report from that thread shows that the combination of Windows Defender + SmartScreen blocks these bypass attempts.

The links @itman posts in this thread are with SmartScreen disabled.

@itman knows very well that the combined native security will block those bypass attempts because that few day old report proves it.

Yet he shows up here in this thread trying to cause confusion with links to pages where parts of the native security are disabled. The native security that exactly blocks those bypass attempts.

Like I said earlier - @itman are deliberately trying to deceive anyone reading along.
Please don't fall victim of this.
This kind of behavior - users with a hidden agenda - is exactly the danger of forums.

Personally I find such behavior extremely problematic because fake posts/fake news like those are pure poison to anyone passing through in search for answers.

 

That's exactly why I always keep reminding people not to think they are safe by simply depending on LUA + UAC. And to not rely on stuff like Windows Defender + SmartScreen. Instead I stimulate them to look for better solutions, that's exactly how I secure systems for noobs.

 

Something to ponder.

Corporations employ a large number of staff IT security professionals. They also utilize outside security professionals. All develop a strategy to secure their IT infrastructure. These organizations overwhelming use third party AV solutions to do so. Purchasing endpoint licenses to secure their client PCs cost many thousands of dollars on a yearly basis. So why is it that they incur such costs if Windows native protections have been or are adequate to protect their client PCs?

When I see corporations abandoning in droves their client third party AV solutions in favor of native Windows based ones is when I will seriously consider them as my sole malware protection .

 

@itman
It looks like MS also noticed big money on AV market and decided to get it's share. I guess that we can expect this anti 3rd party AV propaganda in coming months and years.

 

I partially agree but from a different perspective; namely increased revenue through reduced costs. Trying to accommodate the multitude of AV vendors for each OS change is increased labor costs. With decreasing revenue from the desktop line, cost cutting is one way to increase the bottom line. Also this really has nothing to do with security which never was a priority for Microsoft.

As far as the Google and Mozilla attacks go, it really is the same scenario in my opinion.

In other words, the AV vendors are finding themselves in the unfortunate position of being the "whipping boy" for all the world's malware malaise.

 

Actually there is something MS could and should have done which is to ditch the Windows two ring level, system and user mode, in favor of the multi-level security ring approach employed in Unix and Ubuntu. Of course, that will never happen.

 

Anti 3rd party AV "propaganda" would make sense if it came from Microsoft, it is not. It is coming from browser developers.

How many of them are on Windows 10 where the combination of SmartScreen and Defender will stop virtually everything?

Probably none.

Now how many IT staff (assuming you have security specific staff) are going to say "you don't need me anymore, just upgrade to Windows 10 and fire me"?

Probably none.

You mean cross your fingers and hope and pray that you are not as screwed as you think you are? In todays age of ransomware? Hah!

I'm pretty sure when people get infected they don't think "well I'll just wait for the AV to update" they tend to take immediate action, such as rescue disks. Or more commonly, call someone to help.

 

For a typical Windows user who doesn't understand how the system really works, runs Windows in a default administrator account and is often unclear on basic file system concepts, an AV probably does improve security. Even for such a user, a proactive security program like Voodoo Shield will help much more than a reactive signature based AV. For more knowledgeable users, the article certainly applies. I haven't used any AV except MS Security Essentials/Windows Defender for years. The only reason I have them is to check for known malware on other peoples computers or hard drives.

And here I am, still running Xp and Windows 7 because Windows 10 sucks and I never have security issues. In fact, I feel this locked down Xp system I'm using to post this is far more secure than most of the Windows 10 boxes out there. The security has nothing to do with the AV, it comes from being well set up by a skilled user.

 

As someone who obviously doesn't use Windows 10 regularly, you lack the experience to give people advice about AV on modern operating systems. Smartscreen, a Windows 10 function, negates your point about average Joe needing a 3rd party AV installed.

Unfortunately you need to broaden the scope of what you think security is, it's too narrow. As a basic example, you are not considering transport encryption technology, of which XP has nothing meaningful. As soon as browsers that implement their own security layers drop support for XP, you're done. Any software you run locally that uses native Windows API to communicate is also insecure.

This we can certainly agree on

 

I have been running my machines with AVs and without always with excellent results in terms of security. I remember however several instances in the past (8-9 years ago) with both Eset and Avira detecting up to 20 infecting vectors within five minutes upon plugging in third party flash drives... In those days MS had not yet developed Windows Defender, and I believe this heavily infected environment was due to the fact that a lot users had no AV installed.

Fast forward to Win 8 and 10, and as far as I can tell the number of third party flash drives infected has dropped from roughly 75% to 2-3%, an amazing improvement if you ask me, and certainly due to Windows Defender and SmartScreen, these are results from my real life experience...

In the light of my own experience I believe that AVs by and large are definitely needed by the average user, Windows Defender and SmartScreen made a huge difference in the security environment in general. I have no idea whether AVs' code always affect negatively the performance of a computer, I suppose that a test trial is meant to check compatibility, performance impact, conflicts etc... The only reason I'm not using Window Defender is performance speed, Avira is definitely lighter than WD, and it has been confirmed by AV Comparatives. If WD is so well coded it should be at least as light as Avira and Avast, but maybe there is no correlation...

 

Security Products don't really increase security, in fact their are just security nets made to be your backups, in case of your mistakes/careless behavior. Give the best security soft to an happy clicker, he will manage to get infected by himself someday.

1- in the pre-Win10 era, AVs may have been useful for beginners because they don't know how to setup their system to secure themselves; but now Win10 started take care of it.
2-security geeks/expert shouldn't depend of security apps, if they do it means they don't understand how their OS can protect them or have careless behaviors. Now if they like to play with security apps, it is another story.

With Win10 set properly (SUA, Win Def , smartscreen and UAC at max) and some Windows' tweaks, you don't really need any security apps; 75% of security forum members are living in a bubble of semi-paranoia, security apps addiction and "i have a stronger security setup than you". i know because i was one too

Most "grey/black hats" i knew , don't even have a single security apps, they all tweaked their OS (either Windows or Linux); i asked them why? the answer was "common malwares won't land or run on my system and those who may run are military-grade ones"

based on that , why run an AV when malwares have almost no chances to land on the system; i'm using security softs since decades, the worst threat i ever faced was a PUP. (term that even doesn't existed at that time), in fact if i didn't have any security apps, it would be same.... My Win10 was setup to block most of the vector attacks without the need to depend of any security apps.

The only thing you need is a backup/rollback software, in case of issues (not only infections.).

Exact but too late for that, look at all those whiners when you start talking about SUA, they can't handle a simple thing as SUA so don't even mention Linux-type multi-ring approach with sudo commands ...

and yes telemetry was initially made to improve feedbacks for further development, as a rifle was initially made to hunt; now they can also have less honorable purposes.

 

I've used Windows 10 enough to do guerilla tweaks to disable features of the OS I don't like. It really isn't that different from earlier versions of Windows on the inside. I might not use it regularly but I know the internals of Windows well and do see improvements in Windows 10 in ways that are much less obvious than smart screen like system privilege being much more restricted than in earlier Windows. Knowing Windows well also informs my opinion of Windows 10, it sucks. It offers me nothing that I need or am interested in and has huge liabilities.

Actually, my security focus right now is on a Wordpress website I set up. Fun stuff, the security issues are real. I've already made life impossible for one determined hacker that spent most of the Christmas holidays trying to brute force my site and, in viewing the logs, I found that my site, and any Wordpress site, is constantly being crawled by malicious bots. I've ended up tweaking the php code a bit for security instead of relying on 3rd party plugins. It really doesn't matter what the medium, security is a mindset and technology alone is never going to provide it. It requires awareness, intelligence and creativity. Windows security is pretty much a non issue for me these days. All of my own systems have been secure since the days of Windows NT4. For all I use it for, this Xp box is as secure as it will ever need to be.

Exactly. One of the general principles of security is to set it up at the appropriate level. You don't secure a corner store at the same level as a bank. The cost doesn't justify the benefits. There is a price to pay in money, performance and convenience that often isn't justified by the benefits these apps provide. Windows provides all the tools necessary to secure itself with the OS, it's just a matter of learning to use them.

 

i can't say better

 

Do AV product gives a net improvement in security?
Of course not. Simply it isn't possible in any way.

 

So AVs are placebo? Overall, I'm equally safe with or without an AV?

Edit: A lot of the posts above also don't know what "net improvement" actually means in English. A happy clicker can get infected, but it will take more clicks to get infected when your security product is blocking the well-known ones. Eventually, yes, a happy clicker can get infected by a less-known malware, but this is still a net improvement.

 

sure you are right for the "aware" Average Joe. But for happy clickers, at the end the result is same : infection. Just look at all those guys looking for cracks/keygens; they will click yes until it works whatever the security soft will say. I knew some guys which even disable/uninstall the security apps... however, if you put a policy restriction tweak in the OS, the tool won't run, whatever they do. That is real improvement.

My point is : more the OS will be secured, less will be the need of a 3rd party security apps. MS is finally taking this road, and many security vendors are unhappy with that.

 

written by a guy who think he has full control over an outdated system at least without 3 years no updates for important security functions?

LMAO

concerning it staff and business networks - security is not only part of a single computer - it is mostly done outside with a different concept and methods as on a single personal computer.

 

To the point they`re complaining that it`s unfair practice.

In other words how dare MS secure their OS to that level it may have an impact on our sales ?

Regards Eck

 

It's true though, it does take a skilled user. If you think about it, a skilled user would always use the latest updates and OS.

Your reponse to my valid (albeit short and basic) point is to go on a tangent about wordpress, well done, well done. I bet you're using the latest version of wordpress. Sorry, but you just don't have a clue if you can't refute a small point like that... Unless you refuting it was stating "for all I use it for" i.e. you don't use it for anything important.

 

One important aspect that we need to keep in mind with this conversation is that these security researchers and browser developers are not referring (or comparing) antivirus detection rates. Specifically, more to do with opening up and creating attack surface as well as the lack of fundamentals such as sandboxing certain antivirus components such as parsers, unpackers, etc. and also the fact that antivirus software companies have to use many less than smooth tactics at the expense of browser stability and security.

I suppose another thing that is a reality with regard to many of these antivirus software companies is that their software roots is often quite antiquated. With that, I mean companies such as Trend Micro, Symantec, McAfee, etc. have had antivirus programs for something like two decades now and therefore their kernel-mode drivers and software infrastructure as a whole has had to continuously evolve to keep up with modern day computing.

Think of Netscape and Mozilla Firefox, for example. Compare that to Chromium which was built from the ground up using modern day sandboxing multi-process architecture and much more. Evolving over the years has been a daunting engineering task for Mozilla and also cost them a lot of time and money. Part of the problem with these antivirus companies is that they need to "refresh" their GUI each year with a fancy 2017, 2018, version, etc. because they have to keep selling their yearly subscriptions.

Taking the time to re-architect their antivirus software from the ground up would be extremely costly. But the argument here to utilize built-in operating system capabilities such as sandboxing and limiting overall attack space is key. While I think that both sides likely have some good points, the most important thing here is that discussion is taking place and there is some light shining on key areas which can be improved upon all for the greater good of all users. I am confident that great things will come out of this over time.

 

But this isn't about performance or detection rate at all.

For all we know they purposely avoid official API in favour of hooks purely for the purpose of performance (total assumption, let's roll with it and assume the APIs have an overhead). If that is the case, what would an AV company with a profit to look after do when faced with competition with other AV companies? Advertise how clean their implementation is? I'm not sure that's much of a selling point when your competitor ends up being "faster and lighter". In the case of Defender, there's no profit margin to meet, the goal is security.

 

Antivirus work, IMO some seem to clearly work better than other. I have seen a lot of people's butts saved by them. There's no replacement for education though, and many people have a false sense of Security, especially with traditional blacklisting AVs. I believe one should always use a well thought out layered security approach.

 

Most additional software could (and probably would) add additional attack surface to exploit. AVs that usually run at System level are no exception. I agree, it would be great if AV vendors would implement new security mechanisms that MS introduces to OS, but as you said it would take a lot of effort to accomplish that.
This whole thread though started with link to a blog post and claims posted there. One example:

So author says that threats introduced by running AV are bigger than benefits from using it. Well I don't agree with that and I haven't find any evidence to support those claims.
He also puts all AVs in one big bag and writes some generalized statements about them as if they would all work the same way.
If regular users would read this blog they would probably get confused as they wouldn't know what weight to put on those claims.

 

Maybe something specific in regards to Win 10's native protections will help:

Microsoft should reverse its planned axing of the lauded Enhanced Mitigation Toolkit (EMET) as Windows 10 cannot yet match its level of security, according to Carnegie Mellon University CERT furniture Will Dormann.

The vulnerability analyst, who has pushed out security alerts and advice from the world's first CERT for around a decade, says even a Windows 7 machine running EMET trumps Windows 10's native defences.

Ref.: http://www.theregister.co.uk/2016/1...t_even_win_7_emet_is_better_than_solo_win_10/
​

Since EMET use is beyond the expertise of the average PC user, the best and most responsible recommendation for them is to use a third party security solution until such time, if ever, Microsoft delivers on its promise that Win 10 is truly a secure operating system.