Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Discussion in 'other anti-virus software' started by Secondmineboy, Jan 30, 2016.

  1. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,618
    Location:
    Sneffels volcano
  2. illumination

    illumination Guest

    I don't know about that, but I do know this thread is based on WD and Windows 10, and the test posted and quoted by Martin_c is Windows 7 with MSE score.

    Maybe users should actually open the links and read these things.
     
  3. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    5,101
    Location:
    Among the gum trees
    :thumb:
     
  4. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    431
    Yes, it's funny.

    Every week, every month, year in and year out we hear these third-party AV fanboys yell and scream in thread after thread.

    But now suddenly these third-party AV fanboys are falling over each other on every single forum to post about how tests are suddenly not important, tests are biased, samples are suddenly wrong, that nobody ever come across so many malicious samples, that detection and blocking are suddenly not important - now it's suddenly all on the user, that settings are suddenly not fair and on and on and on they harp ....

    It's a waste of time caring about these usual third-party AV fanboy hotheads and their desire to be at war with everybody on every forum and in every media.

    When utilizing all the native security in Windows, we have great protection AND a fully functional OS every single day - life is good. :thumb::thumb:
     
  5. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,618
    Location:
    Sneffels volcano
    No mention of the June test itself in the (misleading) title here https://www.wilderssecurity.com/thr...ld-protection-test-february-june-2017.395424/ only the Feb to June one and a 'just to add' the June test in the description. It seems the terrific results of MS for June didn't deserve its own thread this time. So...
     
  6. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    5,091
    o_O

    Are you happy now? =
    If not, feel free to open a new thread with June results.
     
    Last edited: Jul 18, 2017
  7. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,618
    Location:
    Sneffels volcano
    That's fine, I just saw that you corrected the title of your thread. I thought you "forgot it" this time ;)
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,947
    Location:
    The Netherlands
    Wait a minute, so it outperformed certain third party AV's, without the need for the cloud and SmartScreen? This sounds fishy, the test must be rigged, LOL.
     
  9. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    431
  10. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,618
    Location:
    Sneffels volcano
  11. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    3,738
  12. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,430
    Location:
    USA
    The detection rates aren't bad. Now they need to work on those performance numbers.
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,947
    Location:
    The Netherlands
    Yes exactly, good detection rates. But I don't want to hear any complaints about SmartScreen being disabled the next times it scores badly in testing done by MRG. :thumb:
     
  14. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,348
    Now WD is relegated on my PC to running as a backup AV scanner.
     
  15. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    942
    I will still complain even if it continues to do good at AV Comparatives/AV Tests because I believe that those tests dont reflect the native security of Windows 10, thats the test that I want to see, default Windows 10 security.

    Windows Defender with Cloud assistance + SmartScreen + Windows Defender Exploit Guard (EMET on steroids) is what I want to see properly tested in the near future.

    I know that some people will complain about that, they will say that it isnt an antivirus test anymore, but they forget that antivirus arent about signatures anymore, so if only Windows Defender is tested some modules of default security wont be utilized and this will impact negatively the results.

    Some third party antivirus vendors really need to step up their game because they arent doing better than the free, default protection of Windows.
     
    Last edited: Jul 25, 2017
  16. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,430
    Location:
    USA
    I disable SmartScreen. That's where all of the false positives come from...
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,947
    Location:
    The Netherlands
    I do believe the cloud is being used during these tests. But Exploit Guard only makes sense if anti-exploit is tested, and system wide SmartScreen is basically a white-list. So it will probably stop all malware. Google's Safe Browsing will also stop people from downloading malware. So no wonder that this kind of stuff often gets disabled for testing purposes. I really don't see what's so hard to understand about this.

    Can you give some more info about how many false positives you encounter?
     
  18. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    942
    Because thats what the Windows 10 user gets by default and free, we should have this tested because thats the only way we can see what third party antivirus brings to the table.

    IMO most antivirus are simple useless despite their "100 % dynamic protection" tests; in real scenario usage they arent much better than Windows Defender, but ofcourse there are exceptions (cough K, ES, EM, BD cough).
     
  19. illumination

    illumination Guest

    I have mentioned this more times then I care to recall. In independent testing, the testers generally disable Smartscreen and UAC. I am one of the very few I know of, that does not, even when testing 3rd party applications. I can tell you from a long time of testing, that it is rare that a sample will execute and bypass both of those. The most common reply I get back to these statements is that SS does not provide users with enough information, thus many do not want to rely on this, and every time I hear it, I shake my head. It is reputation based, and if unknown, will flag and recommend it to not be run. There are plenty of ways to verify applications, so simply clicking Don't Run, when the file is flagged, and researching to verify the file solves the lack of information.
     
    Last edited by a moderator: Jul 29, 2017
  20. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,646
    Location:
    U.S.A.
    Since I have never seen an alert from it, I would say it's a blacklist and uses the lists that IE and Edge use. Since one could get a .exe via e-mail client, external drive upload, etc., its primary purpose is to check those files. Also, it can be optionally used in Chrome and Firefox.
     
  21. illumination

    illumination Guest

    Hard to classify it as the original for IE only is a black list of websites. Since system wide is reputation based allowing known good files and flagging unknown, it could actually be considered a white list.
     
    Last edited by a moderator: Jul 29, 2017
  22. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,430
    Location:
    USA
    Unfortunately I really can't as I haven't been keeping a list. I can say that most of it is our own in-house stuff. There are a couple of other 3rd party AVs that do the same thing, but many more that don't. When you do software development there are just some AVs you can't use. I don't like to hear the programmers beating on the desk... :eek:
     
  23. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,646
    Location:
    U.S.A.
    Actually, @Rasheed187 and I are both correct in that native SmartScreen employs both cloud based whitelisting and blacklisting. I will demonstrate as follows.

    For this test, I employed the unknown reputation and know malicious files used in the Microsoft web based SmartScreen functionality test here: http://demo.smartscreen.msft.net/ . Although the files were created by Microsoft to test like SmartScreen browser based functionality, the off-line IE11 and Edge reputational SmartScreen files and the native SmartScreen cloud based reputational database are created from the same source.

    Test 1 - direct execution of knownmalicous.exe

    SmartScreen_Malicious.png

    Test 2 - direct execution of "unknown" file, freevideo.exe

    SmartScreen_Unknown.png

    Test 3 - what happens if native SmartScreen cannot connect to the cloud database at file execution?

    SmartScreen_Unreachable.png

    One final comment about native SmartScreen. It is totally useless against any .exe executed via a shell.
     
  24. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    3,738
    I will say this. WD stopped a ransomware at my job yesterday. Was pleasantly surprised. I can't say the same for the av that we have in house though. Fortunately, the damage was fairly minimal.
     
  25. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,646
    Location:
    U.S.A.
    I did one more test.

    I ran the test tool I described in the WanaCry Can Infect Win 10 thread. Eset's rep scanner detects this .exe as unknown but let it run w/o issue. Native SmartScreen on the other hand will alert as unknown when the process is directly executed. However as noted previously when the same process runs from the command line, native SmartScreen lets it run w/o issue. Bottom line is unfortunately, most malware these days is being run via indirect startup methods.

    One more thing I have to test when I get around to it. It is if native SmartScreen will detect if the .exe is missing "The Mark of The Web" signature. Stripping same is fairly easy to perform.
     
    Last edited: Jul 29, 2017
Loading...