Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Some of us care about real world tests.

 

No it's not. I'm afraid Win Def and Win SS are two separate layers. If you turn off one, the other stays enabled. But OK, according to you guys, when AV's are tested, it should be "third party AV" versus Win Def + Win SS, because they are both related to the OS. OK, I guess it's fair enough.

No, that's exactly the problem, you can't assume anything. I already gave an example of why some people might be enticed to run this "unknown app" anyway, it's because they might think their system is infected. Also, Win SS might sometimes give false positives, so that will make some people less cautious, same goes for UAC. So according to my criteria it should be marked as a fail. BTW, home user HIPS are not meant to be used by 90% of the world, HIPS don't know if the app is truly malicious and depend on user decision, so not relevant.

 

I don't care too much for one side of the argument or the other because I do not use Windows Defender personally. Also I greatly respect the opinions of both sides and understand both perspectives. I just wanted to point out that with most AVs, you can toggle individual components (layers) On/Off while the other components continue to work just the same. AVs have file system components, email scanning components, web scanning components... each being different layers entirely based on the security functionality in which they serve.

I wouldn't use any AV on my systems though. On client systems that I maintain for others which are Windows 8.1 and higher, I keep Windows Defender as one of several protection layers. If the client systems are Windows 7 and lower, I quite often setup Bitdefender Free and generally don't support them further until they upgrade to Windows 10.

 

Correct, but the point is that if you replace Win Def with a third party AV, Win SS keeps working. People keep mentioning that Win Def is supposed to be combined with Win SS, because they are closely tied. So detection of Win Def should always be combined with detection of Win SS. But that logic can be applied to all AV's who might have a bad detection rate on its own, because they may lack certain features.

 

@Rasheed187 I see your point even more clearly now. You are absolutely right, in the real world, any third-party AV would still have the extra protection provided by SS. I certainly agree on that point and I can also understand why this would be a tricky point with regard to organized malware testing.

 

Indeed, SS will work for all, so there is no real cons for the 3rd party AVs. The problem will be for the labs because maybe SS will block most of their samples, making the test more difficult to deploy.

 

Perhaps Win SS should only be disabled when third party AV's are tested. After all, they should be able to block malware on its own. But like I said in another thread, the question is if Win SS should be allowed to improve Win Def's "detection" in the first place:

https://www.wilderssecurity.com/thr...cation-for-q1-2017.394134/page-2#post-2677828

 

Did you guys see this? Apologies if it has been already posted.

https://www.microsoft.com/security/...spx?Name=MonitoringTool:Win32/MicTrayDebugger

 

Yep, posted elsewhere.

https://www.wilderssecurity.com/threads/keylogger-found-in-audio-driver-of-hp-laptops.393930/

 

Also, it has been patched by HP.

 

That's cool. I was moreso pointing out that WD has definitions for it. I guess most av companies do by now I am assuming? I know Sophos does.

 

I don't really care for Windows Defender because I am used to running without AV too like you do.

However, I think AV testers must start looking at WD and SS as a holistic approach that Microsoft uses to fight against the known and unknown malware problem. Not doing so only deflates the default protection Microsoft customers get.

On the other hand, SS should remain disabled when a 3rd-party AV is running to avoid the possible issue of it potentially inflating the detection rates.

If users still insist on "real world" results, testers can conduct an additional test with both 3rd-party AVs and SS enabled. That way, users can make a more informed decision.

 

Brilliant post, this is what I was defending here all along, a single minded solution (basic antivirus detection) is bound to fail.

These tests simple make third party antivirus desirable while painting a incomplete picture of what users are getting by default and free with Windows 10.

Historically, antivirus vendors are masters of using fearmongering to make their products something that you cant live without, but with Windows 10 it is something optional and the Windows user needs to know what they are "getting" while running and paying for a third party solution.

 

1- that was my point since the beginning
2 yes because now we talk about WDSC on win10 not just Win7+MSE on Win7

1- so do i, i use WDSC because it is built-in
2,3,4- exactly what we pointed from the start

1- and it is not easy to make people understand that simple fact.
2- exact
3- i agree, look at all those AVs marketing campaign jumping in the train of "we stop wannacry" ...

 

Windows Defender does not defend Windows 7 against WannaCry
http://www.computerworld.com/articl...es-not-defend-windows-7-against-wannacry.html

 

that is obvious for us, not so much for others. anyway doesn't people shouldn't supposed to move to win10 since win7 is end of life? ah they didn't ? their fault.

 

How long do I have until Windows 7 support ends?
2 years, 33 weeks, 6 days, 5 hrs, 45 mins, 50 secs

 

i know still have 2 years of extended support, i was mentioning mainstream support. To me: no development = end of life.

to me fixes and patches aren't development , they are cures.

 

Clickbait article, whats the point?

Everybody knows that Windows Defender running in Windows 7 is very different from the solution running in Windows 10.

 

To the rest:

 

Are you talking on behalf of everybody? Nice......

From my side: End of story.

 

yes , but you won't have any security features added if a new kind of attack would appear which will be more than probable... for example, we know that exploits/ransomware are the new modern threats, next release of Win10 will have EMET stuff implemented as default feature, Win7 won't. Does win7 will be still secure out-of-the-box? no (and it wasn't even safe back in the days).

Fixing holes is not improving. (at least for me)

 

From that point of view, I agree.

 

I also don't care about WD and third party AV's at all. But what caught my attention was the fact that Win Def missed 86 samples, which means it's a crappy AV, according to this test. Malwarebytes and McAfee also performed poorly. It's obvious to me that with Win SmartScreen enabled, detection rate would have been higher. But then it's Win SS who is doing most of the blocking, and you might start to wonder if you need WD at all? Probably only for detecting malware that already infected the system, in other words for cleaning.

If Win Def and Win SS do have the same detection rate when it comes to "known bad" (blacklisting), then it's probably wiser to combine Win SS with a third party AV, because then you would in fact have 2 separate AV's that don't overlap for the most part. And that should improve overall detection.

 

WD is for detection of local files while SS is acting on online threats (downloads & urls), if internet is cut , SS will alert (or block depending the settings) by default if a file is unsigned.

that is what MS is trying to do since win8, enhance the overall protection of the OS (with various degree of success). i'm quite interested by the integration of "EMET" in WDSC for the next build.

small anecdote , yesterday my ex-girlfriend gave me her laptop to check, as expected from a total noob user:

- it was outdated Win7 with 200+ pending updates...and various small issues...
- outdated KIS , license expired...
- i did a scan with Zemana AM, some PUPs and host file modification detected...
- i tried to find a good AV for her but cannot decide which one because i know she doesn't have the skill and motivation to learn how to use and maintain one properly...

so i asked her if she mind about upgrading to Win10, she said she won't care if she can still do her works on it.

- so i upgraded it, and made an account for myself as admin with password (since she barely install anything and win10 has all the needed apps for basic use). in case of, i installed Teamviewer if she need my help.
- Right away WD found 2 malware on the other partitions...i was quite surprised honestly...
- put her on SUA with UAC at Max. SS at default then added a reg tweak to block unsigned elevation and powershell scripts then removed legacy features (IE, WMP, smb1.0, etc...)
- since i don't need to mind about a 3rd party AV anymore , i added and set up Sandboxie free to isolate FF properly.

so conclusion, her computer will now always be up to date (OS and AV ) which was the goal of MS and i totally support that. All i did is just reducing the attack vectors to the bare minimum.