Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

And once again, together with Quick Heal it's the only one to score one user dependent, since when do AV's make people gamble?

 

Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV.

Much, much more in blog post here : https://cloudblogs.microsoft.com/mi...ith-behavior-monitoring-amsi-and-next-gen-av/

 

Recent testing conducted by Andy Ful shows that ASR is able to block reflexive DLL injection:
https://malwaretips.com/threads/hard_configurator-windows-hardening-configurator.66416/post-766957

 

The best antivirus is not traditional antivirus
Windows Defender is enough for most PC users
September 28, 2018
https://www.engadget.com/2018/09/28/the-best-antivirus-is-not-traditional-antivirus/

 

From the article:

"Information security experts told us that the built-in Windows Defender is good-enough antivirus for most Windows PC owners, and that both Mac and Windows users should consider using Malwarebytes Premium, an anti-malware program that augments both operating systems' built-in protections. These options provide reliable protection without slowing your computer significantly, installing unwanted add-ons, or harassing you about upgrades".

If this comes from actual "Experts" it is no wonder why so many Enterprises are breached. Perhaps the most ignorant statement I have ever read.

 

No intentional knock on Malwarebytes or it's programs but I went down the road so many times with what I still call that MBAMSwissArmy.sys- It always caused numerous critical PC issues time after time that I finally threw in the towel for good and never looked back. That's been some time ago.

Now it may be that it's these days so much more improved. I simply don't know. And I don't care. What i do know is that it was such a persistent issue for my systems for such a long time that the very mention triggers immediate dismissal-pass and move on mentality on this end.

That said, Windows Defender has really been quite impressive in comparison-however no manner of such "experts" endorsement raise any interest when the choices are a plenty that IMHO offer far greater tandem pairing alongside WD then the one they suggest.

 

This article should be right up there with PC Mag reviews (private sarcasm).

 

I turned off Windows Defender. Comodo Firewall is it, and it is enough. I do have Macrium Reflect and a couple of images, but that's more to protect my laptop from my stupidity than anything else.

 

This article contradicts itself IMO:
"So why shouldn't you install a full antivirus suite from a known brand, just to be on the safe side? For many good reasons:"
- vulnerabilities. So instead of using one AV solution that can be exploited, we should use two (WD and MBAM) to make us even more vulnerable? It just doesn't make sense.
- performance. I found WD degrading system performance more than some other AVs. I doubt that adding MBAM will improve situation. (of course that's only my experience)
- privacy. Again, sharing data with two vendors instead of one IMO doesn't improve privacy.

Article is just full of contradictions. I've read some good articles on endgadget but I was disappointed by this one.
I sure hope that those experts actually didn't sign under this article. But as @cruelsister said, that would explain a lot about current state of affair.

 

sponsored article probably.

Then we interviewed experts, including computer-security journalists, experienced security researchers, and the information security team at The New York Times (parent company of Wirecutter), whose responsibilities include (but are not limited to) protecting reporters and bureaus both overseas and here in the US from hacking and surveillance:

• Brian Krebs, journalist and operator of Krebs on Security
• Bill McKinley, executive director of information security for The New York Times (parent company of Wirecutter), and others on The Times's information security team: Neena Kapur, James Pettit, Runa Sandvik, and David Templeton
• Rich Mogull, CEO and analyst at independent security research firm Securosis
• Joseph Cox, writer on computer security and crime for Motherboard
• Whitson Gordon, former editor of Lifehacker and How-To Geek
• Alan Henry, editor of the Smarter Living section of The New York Times, and former editor of Lifehacker.

mostly journalists...

 

Yes they might have interviewed them, but IDK if they actually read and "approved" final article before being named in it.

 

Not sure they even understand security lol

 

Nice article, good to see that Win Def ATP can tackle this stuff.

LOL, good one. I do believe that Win Def on Win 10 has become pretty good, but MBAM always scores badly in almost all tests.

 

I agree with the above comments in that it is rather obvious the author "didn't know his butt from a hole in the ground."

This excerpt is clearly misleading:

In contrast to the last A-V Comparatives Malware test where WD scored 70 FPs out of a total of 20046 malware samples: https://www.av-comparatives.org/tests/malware-protection-test-march-2018/ . Obvious AV Lab test "cherry picking" activity in play here.

It is somewhat obvious that this was a sponsored "by you know who" article.

 

R- WD on 10 has become much better, but is hardly proof against zero-day samples. MBAM has become and embarrassment.

 

Well, in the latest test it blocked all zero day samples, but in another that I posted earlier this year it failed, so what to believe.

 

Which test?

If you are referring to WD, it depends how block at first sight is configured. If set it to a non-default level of high, it will alert at a much higher frequency. However, those alerts require user decision and this level setting will greatly increase FP incidence.

 

This one, not sure if it was already posted in some other topic. And yes, FP's are becoming a problem:

https://www.av-test.org/en/antivirus/home-windows/

 

Rasheed- the issue is that the AV testing sites do not tell you WHEN the "zero-day" samples are tested. This is of the upmost important to know- one can collect new malware, but if they wait to test it for a few days it is no longer zero-day. This delay in testing is why you will see so many products getting a 90%+ rating.

I did a recent video on this topic (not that I can post it on Wilders as I am a rank amateur).

 

Excellent point. With the number of "feeds" available to AV vendors these days, detection with remediation, signature or blacklisting, is had within hours of the first discovery of the malware.

What would be a great new test by the AV labs is to measure the "mean time to detection" by the various AV vendors of 0-day malware. The problem here is the frequency and distribution of the malware. If it was restricted to one geographic sparsely populated area and only deployed infrequently, the malware could go undetected for months and in some cases, years.

 

Thank You Itman! The issue with Pro AV testing is that although the malware may be collected zero-day from Honeypots, they will just package them up and do a scan in a few days, thus making any detection percentages meaningless (90+ plus- everyone gets a Medal!).

From someone who has changed the color of their hats, trust me that any malware that is ACTIVELY BEING PUSHED OUT will be morphed at the minimum of every 12 hours. Although this may not fool some products, those that rely on just signatures will be. And as most use signature based security solutions, that was always enough for me (actually not me, being Kind and Gentle, but Ophelia who is very, very nasty).

 

Eset is pretty good at picking up variants. Tested a while back on a web site downloads that no one was detecting. Each download had a different hash value. Eset caught every download. See below screeb shots:

 

But isn't it so called "real world test" all of you're talking about? In this type of test they don't use honeypot, but use crawler and manual search, at least for AVC (no surprise if AVT or MRG combine honeypot too, as AVT combines email threats and MRG email & USB too). IIRC IBK confirmed in an old thread they use the found link as soon as they confirmed it, then discard duplicated malware family. My memory may be wrong, but the thread should be around Nov.2014 as I exchanged PMs about detailed methodology with him in that time (and that mention was not included in PMs - then it should be in a thread), but can't find what the thread was. Still it's not clear how many minutes or hours after discovery tho.
For me more serious matter of this method is there's no way to guarantee the sample is statistically unbiased (unlike file detection test) tho it's inevitable.

BTW guys, this thread is about WD.

 

OK, it is nice to have the specialists in this area address the worst of the worst case scenarios, however for the average user the likelihood of exposure is going to be older malware.

My system detects older stuff in torrented programs mostly, and there aren't numerous posts here from zero day victims.

So will Defender and other 'inferior' programs do the job for most people?

 

yes