Do AV products give a net improvement in security ?

LOL, good point. https://blog.avast.com/windows-10-users-need-more-protection-than-basic-defender

In almost all tests, Win Defender performs worse than others, when others score 95%, WD scores only 90%. And SmartScreen leaves the end decision with the user, so you can not say it will stop everything.

I actually think AV companies can probably easily solve certain problems.

 

Another attempt from @itman at poisoning a thread with stories and links that are not true.

I don't know why it is so important for @itman to try and deceive people reading along.

EMET are available now and as has already been posted by @WildByDesign - one of our users here that are always on top of all things that matters - EMET will be "baked in" in Windows 10 when the Creators Update are released in a few months.

More here : https://www.wilderssecurity.com/thr...xperience-toolkit.344631/page-56#post-2644705

So absolutely nothing to worry about.
The native security in Windows 10 has you covered.

 

Please do read this posting and decide for yourself if this is applicable to the average PC user.

-EDIT- All Microsoft is doing is incorporating EMET protection functionality into Win 10. This will enable them to discontinue EMET support for other OS versions thereby forcing their corporate users who are overwhelming still Win 7 based to upgrade to Win 10. Would you expect anything else from them?

 

@itman :

So you try to cause fear and confusion with a link that claims that the future of native security on Windows 10 are doomed since EMET are to be retired.

I post that your claim are not true, since with the release of Windows 10 Creators Update in two months EMET will be "baked in" in Windows 10.

And now you post that EMET are not relevant.

I think that if one are to look up the phrase "fake news", then your picture will appear next to it.

But in a way I feel that I should say "thank you very much".
Because with your many posts that tries to lure people into believing things that aren't true, it has given us all a VERY needed opportunity to turn the spotlight on onto such behavior and warn anyone reading along that there are certain users and certain media that has a hidden agenda.

 

Let's see. You have called me a liar. Accused me of misleading and distorting facts. And finally this:

These replies "speak volumes" about your character. Do you actually believe anyone is paying attention to your comments?

 

@itman :

Well - since you constantly post things that are not correct and since when it has been proven that your claims are incorrect, then you just move to another thread and post the same incorrect statements again.

That is the very definition of deliberate misleading actions.

Do you really think that is the purpose of forums ?

People come here in search for information and answers. Not to be lured by tactically placed misinformation.

 

@itman and @Martin_C
Hi guys, why don't you solve your different by PM

 

If you will observe, I have been a participant of this forum far longer than you. My total number of postings are 15 times what yours are. I posting articles that I believe are relevant to the topic discussed. Members are free to voice their agreement or disagreement to what is posted in a respectful manner without defamation of character and accusations of deception and hidden agendas. That is what this forum is all about.

 

Posting things that instantly can be proven to be false, are never relevant.

And since it can be observed that it is a constantly reoccurring move from you in threads where Windows native security are mentioned, then your motives are not exactly difficult to decipher.

 

Can we clear something up for the benefit of those of us less knowledgeable? Is the version of EMET that's going to be "baked in" to the Creators Update going to be available for *all* Windows 10 users or just for Enterprise users?

 

Baked in functionality-wise, yes. Accessibility via graphical user interface, unfortunately not. The functionality should be available to all SKU's (as far as I know thus far) of Creators Update but will only be accessible via registry and/or group policy. while some features such as ASR (attack surface reduction) may only be accessible via Powershell. However, this will open up the possibility for any developer to create a program (similar to EMET user interface, for example) that can manipulate these underlying operating system mitigation settings just the same as some developers will likely create and share some cmdlets for Powershell to manipulate ASR.

A step up from EMET will be Control Flow Guard (CFG) and Return Flow Guard (RFG) process mitigations which will both be enabled by default on Creators Update.

My hope is still for EMET toolkit to be open-sourced and let the community carry on from there.

 

In addition to what @WildByDesign wrote, Microsoft at one point also mentioned that the Process Mitigation Options GPO would receive further improvements.

Let's see what the next months ahead brings us.

 

This essentially is not something a average user wants to see but AV's have internal stats they monitor when they have new goodies out.

 

Absolutely. I have more control over this install of Xp than over any newer version of Windows. It is smaller and simpler than any later version of Windows. It allows me do do a complete replacement of the MS ACL structure that comes with Windows. I set things up for extreme stability and have run this system without rebooting for over 3 months. I first set this system up in 2010 from IBM restore media and have since cloned it to multiple computers and VMs. It has never failed me and could serve as an exemplary model on how much more effective using a LUA and limiting privilege is for security than depending on 3rd party products. I'm also smart enough to recognize the limits of 32 bit Xp and use it within its capacities. The real limiting factor is not that it is Xp but that it is a 32 OS.

It is secure because I follow sound and well established security principles in setting up and using any OS and this install of Xp is just one example, albeit a very good example given its track record of long and short term stability and zero security problems.

 

@MisterB indeed Windows tweaked and Windows barebone is 2 different animals, like in car's tuning; an old tweaked BMW model can beat a Ferrari in a race.

When you learn and know what you can do with your OS, then you realize that 3rd party security softs are not so much needed ; i wish i could afford Win10 Enterprise...so many things to make it a fortress without security softs. Applocker is great.

honestly, tests labs disable Smartscreen & UAC to test the samples, so their results are irrelevant to measure Windows whole security. It is like you test Comodo by disabling the HIPS & BB and just testing the AV...
now if the goal is to test WD alone , it then become pointless if you compare it with other products who have integrated HIPS or BB.
About Smartscreen , it does a cloud check of the launched executables and compare it to its huge database, so if you got an alert from it , it is clearly suspicious or the file is not cataloged yet, and i guess , in both case, a normal common sensed person won't run it without doing some research first.

indeed as MS; they add security mechanism with each major upgrades. What AV companies will do is giving particular features to complement Windows' security.

small or medium business maybe, but a serious corporate network doesn't need 3rd party AVs. what their IT uses are:

- hardware firewalls and honeypots to protect against network intrusions.
- workstations are locked via tight restriction policies, and ghosted; so if a user has issues it is easily remedied.
- servers are mirrored or virtualized.

Corporation stay on WinXP/7 because the cost and time to upgrade the whole network , potential incompatibilities with specific hardware/softwares they need to use, etc...
Many IT staff are competent in networking but totally out of topic in term of security, some don't even use SUA and restriction policies to lock workstations, i see that plenty of time.
They are like common users, they want something that do the job for them in a easy and fast way. It is why they use endpoint solutions; that give a sense of security and faster to deploy than creating rules in Applocker or group policy. (if they even know how to do).

 

I can't agree more with you.

 

It also depends on the digital certificate. There is a file reputation and a reputation for the digital certificate.
The file itself doesn't even need to be in their database to get a "green light" from Smartscreen. If the file is signed with an EV-certificate, the file can get immediate reputation and Smartscreen is not showing up.

If the file is signed with a non-EV-certificate it might take some time to build a reputation for the file, and it might be shown as "suspicious" first.
For unsigned files it takes even longer to build a reputation (in this case a reputation based on the digital certificate is not available)

And the url from where the file is being downloaded, plays also a role ("URL reputation")

If a vendor "accidentially" distributes malware from his domain, it affects the reputation of the file and MS is able to remove or lower the reputation of the digital certificate.
Now even the EV-certificate doesn't help anymore and files are being shown as "suspicious":

 

@guest thanks
@mood good summary

 

I'm a regular buyer of ex corporate laptops. A lot of them have come with hard drives that either were not securely wiped or not wiped at all. That is in itself a good indicator of security on corporate networks. I've taken the time to examine some of them to see how they were set up. Almost all of them were run from administrator accounts, some had multiple accounts, all administrator. The most common security program is Microsoft Endpoint Protection which is an enterprise version of Microsoft Security Essentials/Windows Defender. I checked the group policy settings, there were none of the simplest and most common security tweaks enabled, neither SRP or Applocker were enabled, no restrictions on executing from removable media. To sum it up, corporate computer security is really not much better than consumer in most cases and the so called IT professionals who run these networks don't really know or understand the basics of computer security. It is a hackers paradise out there.

 

I observed the same and even worse. then you read all those corporate hacks... we can put some of the responsibilities to the incompetent understaffed IT team, but also to the managing staff who press them to just make their machines work on the network ASAP and to the CEO who don't want spend a cent on security.

 

Your statement accurately describes the current, general state of IT affairs.

 

So very true.

Welcome to the wonderful world of IT outsourcing to third parties; many times the lowest bidder or whose CEO is the golfing buddy of the corp. CEO. These third party outsourcers in turn subcontract to low cost labor sources offshore to increase their net profits.

So please be kind to the corp. in-house security staff who are nothing more than a shell whom perform mainly administrative functions and try to mitigate the carnage as best they can.

 

I'm not sure what you mean with this. AFAIK in these tests, they simply check if AV's can spot malware or not, I don't see what this has got to do with SmartScreen (SS) and UAC. And it's not the problem of other AV's that Win Defender doesn't offer a behavior blocker.

But I think that only tools that make the end decision for the user should be tested, because you can't depend on noobs. This automatically means that UAC, SmartScreen and HIPS should never be mentioned as a way to secure average users or noobs. Only AV's with behavior blocker (on auto-pilot) and stuff like anti-exploit and "safe browsing", should be tested.

Well said.