Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Discussion in 'other anti-virus software' started by Secondmineboy, Jan 30, 2016.

  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,894
    Location:
    The Netherlands
    Good point, if you have no internet connection, it should still be able to block malware via signatures and hopefully also via behavior blocking, but I have this feeling that for behavior blocking it's mostly depending on the cloud.
     
  2. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,147
    Location:
    SinCity (aka Las Vegas)
    That was covered to some degree in one of the recent AV Comparatives tests based on "offline" efficacy> Microsoft, Panda and Trend Micro were the worst for offline detection which means by deduction, both are very cloud dependent.

    I like Windows Defender on several of my machines but that low score for offline is a concern-no question.

    https://www.av-comparatives.org/tests/malware-protection-test-march-2021/
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,894
    Location:
    The Netherlands
    Yes another good point, how can AV's perform so bad without cloud connection? This means that the locally based engine, including "behavior blocker" is crap! That's why I'm using tools like SpyShelter, OSArmor and AppCheck. I often read that malware tries to disable Win Defender via PowerShell, this makes me wonder just how good the "tamper protection" is.
     
  4. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,775
    I just feel without being online, you are very unlikely to encounter a virus anyway. And that I am online 99.7% anyway.
     
  5. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,383
    Makes me wonder if it’s possible for someone to design malware that only becomes active after the computer is disconnected from the internet.
     
  6. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    6,853
    Location:
    USA
    Absolutely. A non malicious trigger that waits for an internet disconnect or a time of day that the author thinks you may be asleep. Could it sit undetected until then? Maybe. But there are many possibilities.
     
  7. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,313
    Totally not worth the effort and the malicious actor needs to bypass the online system security in first place anyway.
     
    Last edited: Jul 3, 2021
  8. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,313
    Actually that is not the reason, you are using those tools because you have "security" as a hobby, you dont need them at all, most members of this forum dont need any security solution except for "geek reasons".

    Said that, Microsoft Defender is good enough for everyone that dont have any issues (like system slowdown) with it,computer users need more security education than security tools.
     
  9. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,313
    It is possible to postpone the "main" malicious behavior by placing this condition of waiting for the internet connection to be turned off, but this type of threat is more theoretical than practical.

    First, the process of postponing the infection itself can already be seen as a suspicious activity by contemporary antivirus behavior blockers and the programming to check if there is an active connection is another point that can be considered suspicious.

    That said, let's get to the practical issue of this type of infection, the longer the main malicious procedure is postponed due to the need to be offline, the more likely the antivirus will receive updates to detect the malicious file or behavior later (and the cloud/reputation thing too).

    Anyway, it's a threat that could cause problems in certain environments, but in 99% of cases it's as silly a concern as worrying about a supernova exploding or a meteor directly hitting our heads.
     
  10. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,049
    Location:
    Baden Germany
  11. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    6,853
    Location:
    USA
    The question asked was is it possible. It is. I in no way claimed it was practical. And no, checking for an internet connection is not suspicious. A lot of software does it for update and/or licensing checks. I have personally worked on legitimate software that does that very thing.
     
  12. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,313
    Isolated checking for an internet connection is not suspicious, but an application with no visibile GUI, unsigned, with low reputation/users count in the cloud just checking for it in the background will have a strike on most behavior blockers; context is very important of how behavior blocker works.

    Off Reply-General Post

    There is a reason why LOLbins attacks are the main focus of most malicious actors nowadays, the old-school malware is a joke for modern-cloud assisted antivirus solution and browsers with reputation check, anyway the chances of being attacked by one is very low and needs human error to works.

    Save for very specific zero day vulnerabilities, human error is always the problem, not the antivirus solution.
     
    Last edited: Jul 4, 2021
  13. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,383
    I greatly appreciate everyone’s answers here. Thanks a lot.
     
  14. DeRodeKater

    DeRodeKater Registered Member

    Joined:
    Sep 21, 2011
    Posts:
    33
    Of course, but it would/should likely be detected already :)
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,894
    Location:
    The Netherlands
    I know what you mean, but I'm afraid you're missing the point. What I'm saying is that it's foolish to rely strictly on your AV. It will most likely not protect you against advanced malware, especially when AV's don't have access to the cloud.

    Let's take the CCleaner attack for example. In general, most AV's won't see the backdoor and will let it run. Most people will give CCleaner outbound access and it will now try to download a trojan or ransomware in the background. Perhaps the backdoor can disable WIFI or ethernet to block cloud access which makes it difficult to detect the malware via behavior blocking.

    So what might actually protect you against this? You already guessed it, tools like OSArmor, AppCheck, SpyShelter, HitmanPro.Alert and not to forget TinyWall. They might be able to interfere with this attack in certain stages. However, the key is that they should not be configured in "auto-trust" mode.

    In general, AV's will allow malware to run if they don't identify it as malicious, but true behavior blockers will be able to block outbound connections, code injection, keyboard and screen recording, folder access, interprocess communication, rapid file modification and more. So that's why I'm using these tools, not just because I'm a geek, but because it makes sense.
     
  16. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,147
    Location:
    SinCity (aka Las Vegas)
    I don't use any of them- just Windows stock firewall and WD. I have argued on this forum for 14 years that the only secure way to insure the integrity of your files and system is to backup everyday to an image. I have only needed to restore from my image once and that was because one of the major AV programs trashed my Win10 OS. I highly recommend image backups daily.
     
  17. monkeylove

    monkeylove Registered Member

    Joined:
    Dec 10, 2013
    Posts:
    119
    The catch is that backups don't protect users from stolen information. That's why it's better to have strong protection plus backups, and more.
     
  18. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,388
    Location:
    Milan and Seoul
    Case in point, this morning I created an incremental backup as I usually do almost everyday. At around 9pm, not long ago, I noticed any video I played had no audio. I don't know what happened, rather than investigate the problem as I would have done years ago I restored the last image made in the morning as my first option and it worked beautifully. If that hadn't worked, I would have gone back in time until one of the images would rectify the problem. Restore time? less than 3 minutes, our time is too precious to troubleshoot computer problems, unless one sees it as a hobby...
     
    Last edited: Jul 11, 2021
  19. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    1,272
    Location:
    Brooklyn, NY
    Yes, I don't rely on a single method etiher. Defender plus OSA and I keep my stuff offline. It's very obvious here that the enclosure is plugged in, so it's easy to remember to unplug it immediately when done. :)
     
  20. Bertazzone

    Bertazzone Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    432
    Location:
    Milan, Italia
    In the alternative, a user may simply add RunBySmartscreen, FirewallHardening, which are included in the ConfigureDefender Zip file, alongside Simple Windows Hardening.
     
  21. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,147
    Location:
    SinCity (aka Las Vegas)
    I have heard this argument before but I am highly skeptical that stolen data is a major problem for a PC user unless they are totally incompetent.

    I do agree it is an issue for the inept IT departments of hundreds of commercial and governmental entities as history has shown.
     
  22. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,806
    Location:
    U.S.A. (South)
    Thanks. I shall keep that in mind. Good to know that we can safely impliment both along with Simple-
     
  23. monkeylove

    monkeylove Registered Member

    Joined:
    Dec 10, 2013
    Posts:
    119
    From what I gathered, it's not just an argument but that around half of ransomware attacks might now involve theft before encryption. Perhaps by incompetence you mean failure to encrypt as part of protection, but that only proves my point further: backups are not enough.

    And then there are now firmware attacks. I don't think backups will be enough to counter that as well.
     
  24. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,383
    Seems to be called extortionware
    https://blog.emsisoft.com/en/38394/what-is-extortionware/
     
  25. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    962
    Hi @ Wilders

    Windows Defender appears to have improved significantly over the years and features well in lab reviews. That said, not as good as some of the well known names free offerings.

    My questions are, how much protection improvement is achieved when WD is paired up with Configure Defender on HIGH setting?

    Has any lab tested this?

    Thank you


    Terry
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.