Antimalware software works, hackers still trying to exploit 6-year-old bugs

[Alkajak]

Content source

http://arstechnica.com/information-technology/2016/05/microsoft-blocked-4-billion-malicious-login-attempts-in-2015/

Microsoft has released the latest edition of its twice-annual Security Intelligence Report, its survey of the security landscape and threats around the world. The survey has a ton of data about what malware is infecting people, which parts of the world are seeing more attacks, and more.

For the first time, this report includes data that Microsoft has collected from its cloud operations. Azure Active Directory, handling logins for corporate Office 365 customers, has some 550 million users across 8.24 million customers and handles 1.3 billion logins a day. The Microsoft Account system used for consumer products handles more than 13 million logins per day.

This generates a ton of data, and Microsoft uses this data in machine learning systems to build models of what normal user behavior looks like and detect anomalies. Capabilities like this are used in the new Windows Defender Advanced Threat Protection, and today's SIR gives some quantification to them.

[...]

Read Article: Antimalware software works, hackers still trying to exploit 6-year-old bugs

 

[Deleted member 178]

That is the MS data collecting's real purpose, not some fancy nonsense spying conspiracy. Why do you think that Windows Defender suddenly get better and better since Win10 was released.

Windows Defender pre-Win10 = useless
Windows Defender post-Win10 = rivals some major AV vendors.

 

[hjlbx]

WDATP is Enterprise-Only.

I only wish Microsoft would make Windows Defender less of a resource hog; its scans are slow, consume a lot of CPU, and it can use a bunch of RAM.

WD needs to be further refined and optimized - otherwise it is one area that Microsoft has really improved.

 

[Deleted member 178]

WDATP is Enterprise-Only.

yes i know, but it results influences the rest.

WDATP is Enterprise-Only.
I only wish Microsoft would make Windows Defender less of a resource hog; its scans are slow, consume a lot of CPU, and it can use a bunch of RAM.

The only time i feel WD footprints on the system is when i open for the first time folders containing a massive quantity of exe ; except that i feel it ok compared to other vendors.

 

[hjlbx]

The only time i feel WD footprints on the system is when i open for the first time folders containing a massive quantity of exe ; except that i feel it ok compared to other vendors.

I think WD full system scan is about the same as Emsisoft or Webroot full system scan.

I am using WD right now.

Once in a while (during malware testing) I will see RAM jump from 11 % up to 18 % - because of all the Windows processes involved in Windows AntiMalware Service - but I suppose it isn't that big of a deal.

 

[hjlbx]

WD is buggy.

Download malware pack.

Extract all contents.

If WD detects malware in the extracted archive, then it will remove all files from the extracted folder.

Quarantined items will not show in WD Quarantine, and also only the first item detected will show in WD Detection list - but it will indicate the file cannot be found on system.

The following error occurred: Error code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer.

 

[Deleted member 178]

Normal users wouldn't have to download a pack of malwares and open it. WD is made for Average Joe , not pen testers.

That is why i don't stand those test labs, they used an unrealistic methodology to test Avs.

 

[hjlbx]

Normal users wouldn't have to download a pack of malwares and open it. WD is made for Average Joe , not pen testers.

That is why i don't stand those test labs, they used an unrealistic methodology to test Avs.

It could be by design. Emsisoft, for example, will wipe out all of the files from an archive if it detects a single malicious file when the archive is extracted. Maybe this is what WD is doing -- but the logging is still messed up.