Advice Request Free Antivirus is Good Enough (5 reasons why)

Please provide comments and solutions that are helpful to the author of this topic.

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,361

This article comes from Windows Central.​

Source: Free antivirus software is good enough for most people, here's why

To summarise:
  1. Preinstalled on Windows 10 devices.
  2. Experts and reviewers recommend them.
  3. Minimal slowdowns
  4. Feature-rich
  5. Designed to be easy to operate. (Aka You don't need to read the 100 page manual)

However there is paragraph from the article which may require further clarification. While Defender ATP is not available for consumers, is Defender Antivirus still considered a next-gen component of ATP, or is ATP the next-gen component for Defender Antivirus?
Microsoft Defender Antivirus is described as the "next generation protection component" of the company's Defender Advanced Threat Protection (ATP). Without paying a penny, you have access to protection that brings together machine learning, big-data analysis and in-depth threat resistance research. It also detects and blocks apps that are deemed unsafe, even though it may not be detected as malware.

The antivirus software updates as part of the Microsoft updates we've all come to know and love, so there's no need to worry about keeping it up to date with virus definitions. Why would you pay for anything else?
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
Is there any advantage of BAFS on Windows Home and Pro?

Yes, it is, and this is a very important WD feature. BAFS is enabled by default in all Windows editions for all Windows 10 versions supported by Microsoft.
By design, it works only for files with MOTW. Furthermore, only PE executables (EXE, DLL, etc.) and some script types (JS, VBS, VBA macros, etc.) can be protected.
Usually, BAFS is automatically triggered when the file has been downloaded from the Internet via Edge or Chrome.

Enable Block at First Sight to detect malware in seconds - Windows security

Turn on the block at first sight feature to detect and block malware within seconds, and validate that it is configured correctly.
docs.microsoft.com


What is the advantage of BAFS protection?

Without BAFS, the downloaded files are checked only against local signatures, which in the case of WD are optimized to minimize false positives. These signatures are only average for fighting new threats.
BAFS was introduced to cover new threats by applying additional protection:
  1. It forces scanning the file against fast signatures in the WD Cloud. Fast signatures are created when malicious files have been executed on any computer connected to the cloud. This also includes any computer which uses Windows E3 or E5. So, fast signatures can take advantage of advanced WD features like: "Advanced machine learning and AI based protection for apex level viruses and malware threats", and "Advanced cloud protection that includes deep inspection and detonation". All fast signatures ale available for any computer which uses the BAFS feature (also with installed Windows Home or Pro).
  2. If the file is not known, then it is automatically blocked just as in the case of executing it. This prevents the user from running files after the download, until they are checked by behavior-based cloud features. The behavior-based features are activated just like in the case of file execution and the user can see the usual WD behavior block warning:
  3. So, for the unknown malware, BASF on Windows E5 is still stronger than on Windows Home and Pro.

    In the Real world malware tests, the samples have MOTW attached, so BASF is triggered and the WD scoring is high.
    In the video tests, BASF is usually inactive due to the test procedure. The tester unpacks the password-protected archive with malware samples by using 3rd party unpackers (like 7-ZIP). Most unpackers do not transfer the MOTW from archive to extracted samples. The malware samples do not have MOTW, so they are ignored by BASF.
    The MOTW can be transferred from the archive downloaded from the Internet to extracted malware samples when using Bandizip.

    Edit.
    The conclusion that fast signatures are not used when the malware file without MOTW is executed, follows from some tests made on Malware Hub in this year. I do not understand the purpose of such counterintuitive behavior, except when it is for updating fast signatures. It should be confirmed by other tests, because Microsoft can allow fast signatures with any update also for files without MOTW.

Read more here:
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Last edited:

JakeXPMan

Level 17
Verified
Top Poster
Well-known
Oct 20, 2014
804
I've went a few years without any anti-virus, just scanning here and there with a few tools, and malwarebytes. I thank my Safe HTTPS everywhere add on. Browser and program updates to help keep things secure, along with safe surfing and downloading. :)

Nothing bad found, just a false positive on Auslogics Disk Defrag (great defragmenting program) I prefer its "older" look and with the free offline defragmenting.

I might use the Comodo Firewall again soon.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
I use few MS modules including their AV, I find most alternatives have advantages - I'll be using a pay AV maybe KIS? until the day I expire, it's inexpensive & gives me far more control that MDA & I simply prefer alternatives to the Microsoft offering.
 
F

ForgottenSeer 89360

On my tests it happens sometimes that MDA detects more malware than paid solutions. When I did the Norton test, Defender actually cleaned up Norton’s mess. Its removal capabilities were always great, from the very beginning MSE was cleaning up malware with all of its components like registry keys, folders, shortcuts, etc. Eset’s removal for example is not anywhere nearly as thorough.
Given that the EMET toolkit is now also integrated + core isolation, controlled folder access, Windows Firewall and SmartScreen, users might be better off not downloading anything, rather than getting a bad (to call it politely) AV. MDA’s got a bit more fps, but you can restore from the quarantine and exclude.
Performance impact I’ve observed is not great, with Defender service going up to 35-40% during normal tasks like software installation or launch... this is something that needs to be worked on.
 
Last edited by a moderator:
F

ForgottenSeer 85179

DDE_Server

Level 22
Verified
Top Poster
Well-known
Sep 5, 2017
1,168

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top