Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

The recent test results, from several different testing organizations, is an absolute nightmare for the competitors.

 

Microsoft’s Antivirus Has Finally Become a Top Security Product
Excellent scores obtained in the latest rounds of tests
March 29, 2018
http://news.softpedia.com/news/micr...ly-become-a-top-security-product-520464.shtml

 

I have a license for several different products, but use Windows Defender alongside supplemental protection. It doesn't slow my computer like others have stated and I don't see extra junk and ads that other free antivirus developers build into their products. I have never had serious system false positives like I have had with others. These days, I feel like I could use any antivirus and be protected enough, but the best thing about Windows Defender is, it's free, ad-free, and it works.

 

Critical flaw in MS Malware Protection Engine (CVE-2018-0986)
https://borncity.com/win/2018/04/04/critical-flaw-in-ms-malware-protection-engine-cve-2018-0986/

 

Seriously, AV's are becoming a true security risk, I believe this is the third serious bug in Win Defender.

http://www.zdnet.com/article/window...ft-patches-critical-flaw-in-windows-defender/

 

Hunting down Dofoil with Windows Defender ATP.

More in blog post here : https://cloudblogs.microsoft.com/mi...hunting-down-dofoil-with-windows-defender-atp

 

Any software has bugs that can be exploited. With AV it can be even more dangerous since it runs with high privileges. But what are the chances of your system getting compromised by AV exploit compared to getting compromised by malware that could be prevented by this same AV?

 

Windows Defender is the only AV employing PPL & CFG which mitigated some vuln found in the past. The dev also said they're trying to sandbox scan engine. These facts make it different from rest of AVs. But I think MS should expand their bug bounty program to include WD too. Anyway I don't care much about AV.

 

They forked this one up: Microsoft modifies open-source code, blows hole in Windows Defender

https://www.theregister.co.uk/2018/04/04/microsoft_windows_defender_rar_bug/

 

Yes I agree, chance are not that big, but it still gives me a funny feeling. Because if this attack vector hits you, it's probably game over, depending on what type of malware is used. Ransomware running with high privileges should still be blocked by behavioral monitoring tools, in theory.

Interesting stuff, and I see process hollowing is mentioned a lot. Will Win Defender block process hollowing automatically with its behavior blocker? Keep in mind, I'm not talking about Win Def ATP, but about Win Def AV, just to be clear.

 

It's no wonder Windows Defender is doing a lot better than it used to. Last time I tested it, would be going back a good couple of years now, you would get a definition update at most twice a day. Testing just now I've been able to receive a signature update three times in the last hour alone.

 

Great question. Does anyone have any insight into whether this blocking capability requires ATP or not?

 

Can someone using W10 1709 tell me whats their Antimalware Client Version number. My computer shows version 4.12.17007.18022, is that version the latest for W10 1709?

I dont use Windows defender or any AV but part of my routine is to turn WD ON for a day or so after updates for maintenance, to keep it up to date. I read a new Antimalware Client Version (4.14.17613.18038 ) was released but I am not sure if that one is for W10 1803 only or it is also for 1709. Information in the internet about this is little, I cant figure it.

Bo

 

I just had an update, the version is now: 4.14.17613.18039

 

Me too.

 

Thanks, I also got it now.

Bo

 

I'm guessing that it will not block the malware straight away, it will first upload it to the cloud, and then will it come up with a verdict. I rather have behavior blockers block it straight away, I don't need the freaking cloud. Also strange that they didn't want WD ATP being tested by MRG, see link.

https://www.wilderssecurity.com/threads/comparative-malware-protection-assessment.402594/

 

AV-Comparatives has published chart and report with their results for March 2018 Malware Protection Test :

Testing are on Windows 10 1709 Fall Creators Update 64bit.

Chart : http://chart.av-comparatives.org/chart1.php?chart=chart9&year=2018&month=3&sort=1&zoom=4

Full report : https://www.av-comparatives.org/wp-content/uploads/2018/04/avc_mpt_201803_en.pdf

Microsoft doing very well with a 99.99% protection rate.

 

Microsoft = 70 FP.
AV-Comparatives: Malware Protection Test - March 2018

 

Didn't expect this from M$, but I suppose it's because the behavior blocker has become more sensitive, they probably want to avoid misses like with NotPetya. But at least M$ did beat other big names, pretty good.

 

Blowed away by how serious Microsoft finally is taking O/S security and looks like they are learning what they been missing all this time from previous versions.

 

It's always been this way for me. The last time I uninstalled the suite I use to upgrade it to the newest version WD detected 3 false positives during the downtime. They are getting better at detection but the false positives are a deal breaker for me.

 

Intel, Microsoft to use GPU to scan memory for malware

https://arstechnica.com/gadgets/2018/04/intel-microsoft-to-use-gpu-to-scan-memory-for-malware/

 

Accelerated Memory Scanning - the new Intel feature to offload antivirus memory scanning to GPU in order to reduce load on CPU - will be available to all Windows Defender Antivirus users starting with the Windows 10 1709 Fall Creators Update branch and onwards :

https://mobile.twitter.com/AmitaiTechie/status/986111225460244480

And

https://mobile.twitter.com/AmitaiTechie/status/986111800981700608

Intel's early benchmarking shows CPU utilization dropping from 20 percent to as little as 2 percent :

https://newsroom.intel.com/editoria...rity-technologies-industry-adoption-rsa-2018/

 

let see if a folder with 20+ executables will still take 30+ seconds to load.