Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Microsoft doing very well :

http://chart.av-comparatives.org/chart1.php?chart=chart2&year=2017&month=4&sort=1&zoom=3

 

Not saying with CU , there is "Windows Defender Security Center", so no standalone WD anymore, in which WD is now a fully integrated component of the OS.
Now it is basically an "built-in suite" with anti-exploit mitigations coming soon.

- AV module + FW module + Cloud reputation module + common GUI = suite
- WD + WinFW + Smartscreen + common GUI = suite

People saying otherwise are just biased.

i rather prefer WD + SS tested than the current methodology (whatever score it may achieves).

 

+1
SS (at least the system-wide one) it's a kind of anti-exe and part of the "Windows Defender Security Center" suite

 

I have tried other 3rd party compression tools (peazip, bandizip, izarc) and they all don't propagate motw

 

yep this is why compressing/wrapping/packing malware is one method to FUD it

 

I have found this free compression tool http://www.ponsoftware.com/en/
When you extract a file with motw, it will ask you whether you wanna keep it blocked or unblock it. Quite cool

 

Defender and Windows got some nice improvements in the newest Insider Build.

 

Yes you CAN disable them. Again, the goal is to test AV's malware blocking capabilities. So this means that all other components that might block malware before AV's get a chance to react, must be disabled. This is a no brainer right? A five year old would understand this, do you all agree?

For example, browsers like Chrome and Firefox have got a "Safe Browsing" feature that will block sites that deliver malware. But in this scenario, users somehow managed to still download and run malicious apps (via website or email). In order to simulate this and not to interfere with AV's, Win SmartScreen and Safe Browsing must be turned off. Just for the sake of testing AV's.

 

If WD's cloud feature was disabled, then yes it's not fair. But Win SmartScreen has got nothing to do with bad detection rates of WD. Win SS should be tested separately. I would love to know how many malware it's able to block, perhaps it's so good we don't need any AV anymore? Of course false positives should also be taken into consideration, just like with AV's.

Well yes that may be the case, and that's exactly the reason why it's disabled, because we need to know how good AV's are in blocking malware without the help of SmartScreen. But now I'm just repeating myself, I have a feeling it's pointless to continue this pretty dumb debate. I mean this is basic logic.

 

I think that option is in the PRO version? And some are using a reg hack to enable it on home.

 

You CAN'T. It happens that the new Windows built in security components work as a WHOLE. This is obviously something that either bothers you or simply don't (want to) understand.

 

Windows 10 has a well thought-out security architecture. WD is is one component of that architecture.

 

Exactly, I dont know why it is so hard to understand this.

Look at how SmartScreen is set on Windows 10 CU, it is obvious a layer of Windows Defender.

 

It's set the same way on my machine. While running KIS 2018. Except Windows Defender is disabled because a 3rd party AV is installed. It's not that people don't understand. They don't agree. Valid points are made on both sides, but in the end everyone can agree to disagree. Or not.

 

Fair enough

If SmartScreen was disabled while running a 3rd party AV it wont do any good to Windows ecosystem and I imagine we could see more antitrust complaints against Microsoft.


Still this discussion wasnt meaningless, MRG-Effitas is considering to adopt a new aproach while testing Windows Defender (Windows native security).

https://www.wilderssecurity.com/thr...rogramme-q-1-201-7.393921/page-2#post-2674984
https://www.wilderssecurity.com/thr...rogramme-q-1-201-7.393921/page-4#post-2675582

 

I think they should test it both ways so it can be seen what component makes what difference.

 

You still are still based on the Win7 model , don't you understand that win10 is different in term of security approach, you don't use MSE, you use Windows Defender Security Center; do you get it?
WD is now an OS component, not a standalone AV like MSE. You point is only valid on Win7 not on Win8/10.
And if i follow you, so test labs should disable HIPS/BB/sandboxes of other products because they have nothing to do with detection? you agree on that right?

@Illumination had videos of products tested with SS and UAC enabled, and i recall SS and UAC blocked a lot of them. Not all but a big amount. He could give us more details but he deleted his accounts here...

problem is you logic is flawed. The same way you disable every built-in security in exchange for an HIPS. does a soldier remove his bullet-proof vest because he is inside an armored vehicle? no.
Me? i don't exchange, i add. I use what is offered by default and add what i feel it is needed. Unlike you, i dont look down built-in security because i know other methods that fit me better.

He doesn't want to understand, he is against all built-in features of Windows. He trust only HIPS.

Anyway since MRG may test Windows built-in security as a whole we will see the difference.

 

That does not make sense at all. SmartScreen is enabled by default and it is highly unlikely that the average user would disable it. As a result, if you run tests with SmartScreen disabled they would in no way represent a typical real world situation.

 

Simple as that. Even MRG seems to understand that.

 

good question , i never even tried to do that

i don't believe it will stop the monitoring but probably disable the various toast bar alerts and notifications and maybe the automatic signature updates (not sure for this one) .

 

Hi Stapp,

I don't know about WD but I'm pretty sure disabling all with the universal switch stops Windows Spotlight from updating. Obviously this won't be an issue for most members here but I thought I'd mention it just the same.

 

Question: why SmartScreen checks only files with the mark of the web?
I mean, I know they are the most dangerous, but wouldn't it be better if SS checks every file (except Windows and Microsoft files) and give the user an option like "don't show this warning again"?

 

Interesting. I have Background Apps set to Off, but had not noticed that WD Security Center was in there.
As far as I can tell WD Security Center is acting 'normally', including updates. I am using EAM, but with WD set to Limited Periodic Scanning.
So I have no idea what might be disabled. Would be interested to know also.