- Sep 2, 2021
- 2,582
He's a fanboy of a particular antivirus
I'll do a few tests later today as an answer, I think that'll be enough
How good is Microsoft Defender's protection now in 2024?
- Thread starter RRlight
- Start date
He's a fanboy of a particular antivirus
I'll do a few tests later today as an answer, I think that'll be enough
- Dec 23, 2014
- 8,458
This is probably true for all security solutions:
The Third Annual Study on the State of Endpoint Security Risk - Ponemon Institute LLC (Publication Date: January 2020).
Shortly: The effective solutions are hardly usable and the standard solutions are ineffective.
- Mar 30, 2022
- 283
- Dec 12, 2016
- 1,289
Unfortunately that's true best way would be from the ground up to create permission management like iOS , android then trying to play catch an mouse to stop skid malware via filters wich both have too many false positives and let a lot inThis is probably true for all security solutions:
View attachment 285862
View attachment 285863
The Third Annual Study on the State of Endpoint Security Risk - Ponemon Institute LLC (Publication Date: January 2020).
Shortly: The effective solutions are hardly usable and the standard solutions are ineffective.
Well technically you can do that by setting windows into window s and then you will have to worry just about state actor exploits , social engineering and not about skid malware
- Sep 2, 2021
- 2,582
Here's the test. MS Defender with recent banking trojans.
@bazang , I look forward to your comment
(Yes, it's my new VM, I've just inaugurated it )
@bazang , I look forward to your comment
(Yes, it's my new VM, I've just inaugurated it
)
- Dec 23, 2014
- 8,458
I suspect that @bazang could have in mind that Microsoft Defender on default settings does not protect against banking trojans which already infected the system. Such protection usually includes a dedicated web browser and Network Protection to prevent anti-keyloggers, anti-screenloggers, connections to C2 servers, etc.
This kind of protection is necessary for Enterprises because of the high probability of breaches and lateral movement. The banking protection tests are usually performed for the business versions of AVs, for example:
(MRG Effitas 360° Assessment & Certification Programme Q2 2024):
(MRG Effitas 360° Assessment & Certification Programme Q3 2023):
This kind of protection is necessary for Enterprises because of the high probability of breaches and lateral movement. The banking protection tests are usually performed for the business versions of AVs, for example:
(MRG Effitas 360° Assessment & Certification Programme Q2 2024):
(MRG Effitas 360° Assessment & Certification Programme Q3 2023):
Last edited:
bazang
Level 6
- Jul 3, 2024
- 265
Really? Which one?He's a fanboy of a particular antivirus
No. It will not be enough. I am not talking about grabbing some malware samples and Microsoft Defender detects them by either via signature or reputation. I am talking about when it does not detect by signature or by reputation.I'll do a few tests later today as an answer, I think that'll be enough
What really matters is what the security solution does - or more importantly what it does not do - in a case where it is bypassed.
It is true to some extent to all of them. Some more than others. Microsoft Defender is only a top signature detection solution. To provide truly effective security, Windows must be hardened. Microsoft Defender is not nearly enough. It is decent for "I download a file now-and-then" types of users.
People here fail to grasp the reality. The reality is that Windows - and Microsoft Defender - are the most targeted systems in userland. Daily, tens of thousands of threat actors are able to defeat Microsoft Defender. Even hardened systems get borked if they are not configured properly.
AVLab.pl has consistently shown that Microsoft Defender is not very good against banking trojans that get past the signatures. The evidence is irrefutable.
AVLab.pl has shown it to be true of both consumer and enterprise versions of Microsoft Defender. Same has been done by MRG Effitas and others.
Making a distinction between home and enterprise users is not helpful. It is a distraction from the fact that when it comes to banking trojans, Microsoft Defender is not as good as other solutions. That is because Microsoft never intended - by design - for Microsoft Defender to ever effectively deal with such malware. Defender is a limited-scope solution that is meant to be supplemented by fully integrating it into the full suite of Microsoft's other security. At the consumer\home user level, Microsoft makes Microsoft Defender the bare minimum baseline. It does not even want home users to tinker with it.
If the user is paranoid about doing financial transactions on their Windows system - as it appears the OP is, then Microsoft Defender is not sufficient. Period. It has been proven. Now whether or not the user will ever download and execute a banking trojan - nobody can say and therefore it is irrelevant. If it is possible, no matter how small the probability, then it matters to someone who has a heightened concern about "What could potentially happen?"
I work in regulated industries such as the financial and defense sectors. Nobody that I know of has ever used Bitdefender SafePay or Kaspersky SafeMoney. Not even enterprise versions. Those kinds of solutions cannot even satisfy the security requirements of the applicable regulations.
Yeah. So what? Detection by signature. Microsoft Defender is known to provide decent signature detection. That is not what I was ever talking about. I was talking about when it does not detect.@bazang , I look forward to your comment
You do realize that thousands of malware get past Microsoft Defender every single day out in the real world, right? Do you know how to simulate such a real world scenario without disabling any protections?
Learn how to code your own banking trojan, then test it. You will see what I am talking about.
- Dec 23, 2014
- 8,458
This test was done in the year 2019 so the results are outdated. Anyway, it shows several techniques used by banking trojans on already infected systems. Defender free has insufficient features to protect against such techniques.
AVLab did not test the Defender Enterprise version. The results in MRG Effitas tests are average (not best and not bad).
It would be welcome if you could distinguish between Microsoft free on default settings and Microsoft Defender Enterprise. The banking protection of both products against banking trojans is very different. Also, making a distinction between home and enterprise users is important. As you can see most professional tests are done separately for home and enterprise users.
True for Microsoft Defender free version when fighting the actions of banking malware that already infected the system. Many banking trojans are detected by Microsoft Defender free or SmartScreen just like other malware.
In some way, all known by me banking tests can be questionable. I mean that the test results can be better than in reality. Nowadays, many malware are executed filelessly by Loaders, and this is not the way of execution used in tests.
Let's agree on it. I can also add that any AV for home users cannot be sufficient, too.
Now I understand your point about Microsoft Defender.
I am afraid that the opposite is true, for example (the first two colums):
Malware Protection Test September 2024
The Malware Protection Test September 2024 assesses program’s ability to protect a system against malicious files before, during or after execution.
www.av-comparatives.org
Microsoft has decent behavior-based detections (due to advanced Machine learning) via the cloud backend. It has also very good post-infection detection due to extensive telemetry and behavior monitoring.
It has also one of the best protection against scripting and macros (based on AMSI). This can be seen in professional tests (SE Labs) and @Shadowra can probably confirm this from practice.
Similar threads
- Rob Lefferts
- Microsoft Defender
