Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

100%. I don't think that an AV is your first line of defense and I have stated that on this forum for over a decade. The first line of defense is a daily system image backup- not your AV. Sure we would like to see all AVs perform well- but there are people out there that want to harm us. Make a daily system image.

 

https://www.ghacks.net/2019/08/03/windows-defender-has-a-market-share-of-50/

That was back in 2019 about 3 years ago, 500 million devices means that any malware on the internet will be either intercepted by MS Defender or infect some machines. It also means that MS Defender might have the biggest data base of real malware affecting average users. Either by behavioral detection or infection MS cloud will record the new malware, a bit like a huge network of artificial intelligence at work.

Cloud connectivity becomes of paramount importance to protect from new malware. My computer is always connected when powered on, I can’t imagine going offline for any reasons. Ever since I rely on MS defender I had no detection and no false positives, however as Bunkhouse Buck pointed out, it would be foolish to rely on the sole protection of an AV.

 

Love it or hate it, one way or another facts will be distorted. On the plus side they have improved with the false positives, credit must be given. On the minus side it is easy to bypass and the offline detection rates suck. I'm not sure what the excuse is. Do they not want to take up the disk space for some better offline definitions? Per another discussion recently they sure don't seem to mind taking up 1.5 GB of disk space in Windows for a bunch of apps nobody wants. There are issues that need to be addressed and until they do so it is still a product I find lacking. I'd surely like them to fix my complaints, I would rather use something free. On the other hand, losing all of the other providers would leave MS doing all of the malware research and we would lose companies that make valuable contributions to the industry. In the end you can love it, hate it, or not really care either way. You are entitled to your opinion and can use what you like. I'll keep watching it and hope it becomes what I want it to be at some point.

 

any antivirus where user has admin rights can be disabled with ease. and any antivirus with no connection to its servers lacks security. the "bypass" first has to find its way onto the host, the weakest hurdle is user. so what?

 

Nope. There are a few with good enough self defense that you have to use their UI to do it.

 

Agreed. Also, multi-layer defense is the way.

 

do not matter if the kernel mode driver itself is vulnerable, like eg. kaspersky has or had. malware force the driver to execute programs with its admin and/or system rights and that is very below any other level. self protection is futile for such attacks where nothing of the antivirus is harmed, its just exploited to do something. and this can mean that malware can wait, catch keystrokes and exploit the antivirus itself. but at first sight such malware has to reach the host and if any security defense has already lost. and nothing else told us Nightwalker. any antivirus is NOT the first line of defense, only third or lower.

 

While a backup of any kind is still the best thing to have, you're still the more likely to be exploited in the first place if you are running a product that is easy to shut down. Make the hackers work harder and they will move on to the low hanging fruit.

 

Exactly ! Antivirus solutions should never be considered the first line of defense, said that, backups are crucial.

In my opinion the basic of security is the following:

1 - Use an up-to-date supported OS (Windows 10 or 11);

2 - Standard user account for daily usage with UAC for convenience;

3 - Password manager;

4 - Adblocker + encrypted DNS;

5 - System image and files backups;

6 - A capable antivirus like Microsoft Defender;

7 - Network hardware (routers for example) with updated firmware.

Thats it, the "rest" is optional.

 

Very well said

 

Hmmm, I installed the drive with Windows 11 on it so it could update and then ran a "quick scan." This time it was normal (as opposed to 8 sec. for 17K items in 10).

So apparently this was an anomaly in my Windows 10. Hope it doesn't happen again.

Spoiler: 11defscan

I'm not too worried about anything disabling Defender on here. All the hardware security is enabled (memory integrity, etc) and everything is up to date. Burn yourself playing with fire, not otherwise, right?

 

If a keylogger gets on your system and records your banking password a backup program will be of zero use to you. A backup program is the first line of defense to repair/remove malware, an AV is the first line of defense to stop said malware from getting on your system in the first place.

 

With all the respect, you are just being pedantic, it is not like that in my recommendation an antivirus isnt present or treated as something irrelevant, it is a important piece in any security combo.

IMO the first line of defense is security awareness.

I dont consider backups as the first line of defense, the user Bunkhouse Buck that talked about that (and I respect his opinion); I see backups as something crucial, like a good antivirus is.

For me, all of this below is important:

1 - Use an up-to-date supported OS (Windows 10 or 11);

2 - Standard user account for daily usage with UAC for convenience;

3 - Password manager;

4 - Adblocker + encrypted DNS;

5 - System image and files backups;

6 - A capable antivirus like Microsoft Defender;

7 - Network hardware (routers for example) with updated firmware.

 

uhhm? first line really!

the first should be
a secure network/firewall (in support and up to date), with a gateway IDS, Segregated VLANS (keep those guests and iOT devices off your trusted network)
DNS filtering/Adblock
Geofiltering/Geoblocking you dont need the whole world to connect to/from!
Hardened & updated OS, SRP etc
Updated Broswer
Common Sense.......

up to this point the AV doesnt matter..... if you have a secure environment and common sense.... the AV is the last line

 

Yeah, pretty much that.

Your list is the "advanced" version of my basic one posted earlier.

 

looks like we were typing at the same time! totally agree in the layered approach, maybe its just laziness, but the amount of people that seem to think the AV is a primary protection method are seriously deluded.

 

Some of these posts are deluded. I was just trying to make a point, that a backup program is not really a form of protection. Everyone has different opinions and if you don't like mine just ignore them please and don't go off like you know everything about computer security.

 

Layered approach is the only way. AV is not the first line of defense, period.

 

Gee- I never thought that recommending a daily image backup would be that contentious. I do what works for me, and as a main player in the founding of computer security and computers in general, I do what is logical and what works. If some of you think an image backup is not a malware defense, you need to check your premises. For me, it is the first and last line of defense.

 

Microsoft Defender, love it or hate it, right?

 

Around here- yup.

 

By what means are you implementing this? I'm on the lookout for suggestions.

 

And I was referring to 95% of the population not security guru's who spend more time tweaking their computer then using it. The 95 start with an AV and then add from there, whether it be a secondary program, DNS etc. Of course I agree layering is best. Whether an imaging program is defensive or a removal/correction method is semantics.

 

Via Firewall rules & traffic rules on a ubuiqiti UDM-Pro https://store.ui.com/collections/unifi-network-unifi-os-consoles/products/udm-pro

 

for the german audience here:
https://www.drwindows.de/xf/threads...datein-sind-beschädigt-w-defender-tot.180764/

he has been "hacked" from inside, ransomware and some other nasty trojans, got by questionable downloads + using the programs.

i agree to your list above. but i have to admit that my experience is lasting for over 25 years now and still growing. i do questionable downloads, but i am able to check, inspect, unpack and research content. (unpack xyz suite and my own, sandboxie, vt on demand)

i had nearly the most common antivirus programs/suites and dismissed them all - to much impacts where not expected. i gave defender a chance and all is well, a wheel in a system.

ofc other antivirus are rich featured but at least its only a more granula setting of those what defender also offers. microsoft has also a research team like other antivirus vendors, and all are fed by VT, so in such cases all participants are informed. the result is spread and a daily biased signature. thats why the test results a so different.

for my friends and work colleagues - i would own them all with my knowledge of malware and defense. thats around 50 people. and i know (basics) about some external security solutions, security gateways, UTM/USG whatever.

your hint about a router, which defeats a lot of intrusions. i could compare while using outpost (10 years ago) behind a modem and behind a router which reduced the amount of attacks from 100% to zero!

i use an adblocker in any browser and i have a basic but rock stable passive defense for windows (currently v10).

it make no sense to install lost of security programs for windows 7 while windows 7 itself has > 700 attackable security flaws (# growing) which are not covered.