Spawn

Administrator
Verified
Staff member

This article comes from Windows Central.​

Source: Free antivirus software is good enough for most people, here's why

To summarise:
  1. Preinstalled on Windows 10 devices.
  2. Experts and reviewers recommend them.
  3. Minimal slowdowns
  4. Feature-rich
  5. Designed to be easy to operate. (Aka You don't need to read the 100 page manual)

However there is paragraph from the article which may require further clarification. While Defender ATP is not available for consumers, is Defender Antivirus still considered a next-gen component of ATP, or is ATP the next-gen component for Defender Antivirus?
Microsoft Defender Antivirus is described as the "next generation protection component" of the company's Defender Advanced Threat Protection (ATP). Without paying a penny, you have access to protection that brings together machine learning, big-data analysis and in-depth threat resistance research. It also detects and blocks apps that are deemed unsafe, even though it may not be detected as malware.

The antivirus software updates as part of the Microsoft updates we've all come to know and love, so there's no need to worry about keeping it up to date with virus definitions. Why would you pay for anything else?
 

oldschool

Level 57
Verified
Is there any advantage of BAFS on Windows Home and Pro?

Yes, it is, and this is a very important WD feature. BAFS is enabled by default in all Windows editions for all Windows 10 versions supported by Microsoft.
By design, it works only for files with MOTW. Furthermore, only PE executables (EXE, DLL, etc.) and some script types (JS, VBS, VBA macros, etc.) can be protected.
Usually, BAFS is automatically triggered when the file has been downloaded from the Internet via Edge or Chrome.

Enable Block at First Sight to detect malware in seconds - Windows security

Turn on the block at first sight feature to detect and block malware within seconds, and validate that it is configured correctly.
docs.microsoft.com


What is the advantage of BAFS protection?

Without BAFS, the downloaded files are checked only against local signatures, which in the case of WD are optimized to minimize false positives. These signatures are only average for fighting new threats.
BAFS was introduced to cover new threats by applying additional protection:
  1. It forces scanning the file against fast signatures in the WD Cloud. Fast signatures are created when malicious files have been executed on any computer connected to the cloud. This also includes any computer which uses Windows E3 or E5. So, fast signatures can take advantage of advanced WD features like: "Advanced machine learning and AI based protection for apex level viruses and malware threats", and "Advanced cloud protection that includes deep inspection and detonation". All fast signatures ale available for any computer which uses the BAFS feature (also with installed Windows Home or Pro).
  2. If the file is not known, then it is automatically blocked just as in the case of executing it. This prevents the user from running files after the download, until they are checked by behavior-based cloud features. The behavior-based features are activated just like in the case of file execution and the user can see the usual WD behavior block warning:
  3. So, for the unknown malware, BASF on Windows E5 is still stronger than on Windows Home and Pro.

    In the Real world malware tests, the samples have MOTW attached, so BASF is triggered and the WD scoring is high.
    In the video tests, BASF is usually inactive due to the test procedure. The tester unpacks the password-protected archive with malware samples by using 3rd party unpackers (like 7-ZIP). Most unpackers do not transfer the MOTW from archive to extracted samples. The malware samples do not have MOTW, so they are ignored by BASF.
    The MOTW can be transferred from the archive downloaded from the Internet to extracted malware samples when using Bandizip.

    Edit.
    The conclusion that fast signatures are not used when the malware file without MOTW is executed, follows from some tests made on Malware Hub in this year. I do not understand the purpose of such counterintuitive behavior, except when it is for updating fast signatures. It should be confirmed by other tests, because Microsoft can allow fast signatures with any update also for files without MOTW.

Read more here:
 

Andy Ful

Level 65
Verified
Trusted
Content Creator
Last edited:

JakeXPMan

Level 17
Verified
I've went a few years without any anti-virus, just scanning here and there with a few tools, and malwarebytes. I thank my Safe HTTPS everywhere add on. Browser and program updates to help keep things secure, along with safe surfing and downloading. :)

Nothing bad found, just a false positive on Auslogics Disk Defrag (great defragmenting program) I prefer its "older" look and with the free offline defragmenting.

I might use the Comodo Firewall again soon.
 

Gandalf_The_Grey

Level 38
Verified
Trusted
Content Creator

McMcbrad

Level 10
On my tests it happens sometimes that MDA detects more malware than paid solutions. When I did the Norton test, Defender actually cleaned up Norton’s mess. Its removal capabilities were always great, from the very beginning MSE was cleaning up malware with all of its components like registry keys, folders, shortcuts, etc. Eset’s removal for example is not anywhere nearly as thorough.
Given that the EMET toolkit is now also integrated + core isolation, controlled folder access, Windows Firewall and SmartScreen, users might be better off not downloading anything, rather than getting a bad (to call it politely) AV. MDA’s got a bit more fps, but you can restore from the quarantine and exclude.
Performance impact I’ve observed is not great, with Defender service going up to 35-40% during normal tasks like software installation or launch... this is something that needs to be worked on.
 
Last edited:

security123

Level 28
Verified