Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Discussion in 'other anti-virus software' started by Secondmineboy, Jan 30, 2016.

  1. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,519
    Location:
    Paris
    Yuki- It's not about collection methods it's all about the malware age. Bringing the thread back to WD, for any that have played around with malware that is being actively pushed out into the Wild it would be seen that WD has a poor record. In the next day or two WD may indeed then give stellar results- but sadly this would be against malware that now could be considered relics.

    Excellent observation! The only worms that the Pro AV testing sites are familiar with are those burrowing around in their gardens.
     
  2. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    1,057
    How can you tell the birth of the malware?
     
  3. 142395

    142395 Guest

    @cruelsister
    Yeah, I see where you come from. Practically it should not be easy to grab dozens of really new maliciou URLs and if testing org can do that probably AV company can do it better thks to more resouces. I remember IBK himself acknowledged these links are not necessarily real 0day. Maybe my question was kind of nitpick, forgive me.
    Anyway, that is why I still don't recommend for online ppl who're noobs about security to be satisfied w/ WD.
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,398
    Location:
    U.S.A.
  5. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    545
    Adobe would have a lot of 0-days in their products? I would never have guessed!

    But seriously, how many people are actively exploited by 0-days every year? I'm willing to say, not a lot.
     
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,398
    Location:
    U.S.A.
    I also believe there are a number of misconceptions in regards the these AV lab realtime tests.

    Their definition of a 0-day is a web site that is serving up malware that supposedly no test series AV vendor is presently detecting at the time the comparative testing is initiated. You have to think about that previous sentence a bit. For me, I would expect every AV vendor product to fail. In reality, I believe the sample URLs are gathered a predetermined interval; 1-3 days, etc.., prior to testing. This also raises the question of blacklisting many AV vendors do prior to a formal AV signature being deployed. If the AV lab testing in any way interferes with blacklist updating or equivalent cloud lookup, then the test is not accurate as to AV product detection.

    The formal definition of a 0-day is it is an exploit of a 0-day vulnerability.
     
    Last edited: Oct 1, 2018
  7. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,519
    Location:
    Paris
    ITMan- The article you reference is for zero day EXPLOITS, These are indeed rare and as they frequently concern software that I either do not use or stuff I've never heard of really hold little interest to me.

    What I have been writing about are not exploits, but just plain-jane malware (like ransomware, bankers, etc) that are morphed a few daily to stay ahead of those security solutions that rely primarily on dumb (file ID) detection.

    To those that may not be conversant with this sort of stuff, never ever (never ever) equate an exploit with a malware file. They are far far from the same things!

    You really have to be a total Geek to follow these things; and having friends in high places (that still want a date) sending you interesting stuff helps. You may want to google " The fallacy of Professional AV Testing" for a video using Panda Dome against the same malware that was morphed daily by the same Blackhat crew (Music by Lisa Gerrard). Similar results would be seen if WD was used.
     
  8. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,398
    Location:
    U.S.A.
    Yeah, I clarified this in reply #1906.
     
  9. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,519
    Location:
    Paris
    I disagree. Zero-day can also include a non-exploit malware file that I (well, not I, as I am Kind and Gentle) just coded and release into the Wild. Thus we have zero-day exploits and zero-day malware.
     
  10. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,398
    Location:
    U.S.A.
    Better be careful about statements like this. You don't want Interpol showing up at your front door.

    But, yes, I get your "drift." However and notable is how many new malware's are actually 100% new code that has been never been seen before?
     
  11. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,519
    Location:
    Paris
    I was already convicted. Perhaps the best thing ever in my life as it gave me a a scholarship, a job, and Gravitas.

    As far as the malware is concerned, it is a rule of thumb that malware being actively pushed out be morphed q8-12h. This is no secret- except apparently to the Pro Reviews.
     
  12. 142395

    142395 Guest

    Yup, Wilders residents can distinguish 0-day malware and 0-day exploit from context, but maybe it's confusing for others.
    Some malware include time stamp in its source code (ofc reverse enginerring is required), but otherwise (well, and if not signed - tho signature date can be controlled) it won't be trivial as neither the domain registration date nor date of file modification represent correct birth date. But we don't need to know exactly when the malware was created, and it's relatively easy to find a malware is not yet known to AV vendors.
     
  13. guest

    guest Guest

    What is amusing, when i ask labs about more visibility about samples used (type, age, hash, etc...), i never get a reply with a valid reason, or the only one i get was "vendors can have it if requested "(and that was because i worked for Emsisoft).
     
  14. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,519
    Location:
    Paris
    guest- if they used true in the Wild, actively pushed out malware (or Worms) not every product would get a Medal.

    The lack of transparency that you note is horrible. These "Pro" tests should be conducted so that a Home (noob) user could make an informed decision. But instead, if anything, it just shows what products one should avoid.
     
  15. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,484
    I thought that 1809 would put a button in Windows Security, to enable selected ASR rules. I don't see the button anywhere.
     
  16. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,138
    Location:
    Italy
    Some ASR rules have been added:

    https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction
     
    Last edited: Oct 4, 2018
  17. Eggnog

    Eggnog Registered Member

    Joined:
    Nov 17, 2012
    Posts:
    129
    Location:
    United States
    I'm still trying to get used to 1809. I just updated from the download at the Microsoft site. It was painless. I have two other machines updating now. I'm intrigued by what I think they said is a way to send and receive texts from your phone. I'm going to look into that. I've been wanting that for a while.
     
  18. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    6,790
  19. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,484
  20. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,363
    Location:
    Milan and Seoul
    I can confirm, WD runs very light with version 1809. I have uninstalled Avira Pro for the time being, as it doesn't work with version 1809, and I must say WD is a great substitute, tempting, tempting...
     
  21. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,772
    Really?!?!?! Been heavy for so long. Maybe I will give it another go.
     
  22. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,744
    Location:
    U.S.A. (South)
    Me too! There's no dispute from this end that WD is been improving and making newer provisions for almost every sort of nasty compared to it's previous history, and that is a huge benefit. If true the performance energy it taps is also better improved I might have to have a closer look at it too. And this is from an avid no-AV user.

    It's crazy, but if I was going to implement an AV, the choice preference is for it to come from the O/S vendor itself Windows in spite of the track records of external vendors. But that's just me. Am always been a harsh critic of Windows, and will continue to be, but is meant as constructive criticism because I realize it began as a simple framework for users/customers to attach programs on in order for it to congeal into something much more productive and safe. :)
     
  23. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,484
    You can beef up Defender's ability to fight zero-days if you tweak it. And the easiest way to do that is with Andy Ful's ConfigureDefender, available on GitHub and Softpedia.

    Microsoft has been working on the ASR rules in Win 10 1809, and improving them. MS also revamped the Protected folders feature, making it work pretty smooth. It is now called Controlled folders.

    In 1809, I think you can safely say that Defender is seriously worth considering .
     
  24. Bertazzone

    Bertazzone Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    392
    Location:
    Milan, Italia
    Totally agree! Choose some form of OS hardening, add something like VoodooShield and you've got a lightweight setup! :thumb:
     
  25. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    6,621
    Location:
    USA
    False positive on Adobe Creative Suite installer. I see they came by their false positive win honestly. :D
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.