I wasn't talking about everyday sheeples, but instead about people on forums that keep saying Windows Defender has now become a top AV.
That i totally agree and experienced it...
Example: set Windows SRP restriction as "basic user" with dll enforcements , it blocks right away Windows Defender to show up (no more Security Center tray icon, WD whole settings disappeared, etc...) LOL
The results were good indeed. But for some samples, the results were inconclusive and would require a special investigation. WD is hard to test against never seen samples, especially when the malware uses multistage techniques.
People keep saying this but it isn't true. Nobody sees Windows Defender as any kind of real threat to their product.This will push other vendors to work hard to improve 3rd party AVs.
Windows is a kind of thing like cars, democracy, and health care. Most people can see that they are far from being perfect, but no one did find something better so far.Interesting thread, but I'm going to say that maybe it's an aberration, but reading you who know Windows in depth, I realize that Windows has no solution.
Because I know what people in the industry think. I certainly know what Avira, Kaspersky, DrWeb, Bitdefender and Symantec\Norton think. Heck, even people at Webroot do not think very highly of Windows Defender. They have made their positions on Microsoft, Windows and Windows Defender public for the most part so it isn't speculation.It is strange that you have so much confidence without asking them all.
Please, think objectively. Why should anyone believe you? Would you believe if I would say that I know what people in the industry think?Because I know what people in the industry think.
Well to be fair, Windows is MS property and for better, or worse, they can do as they please with it. In all fairness, the way I see it, since Windows is MS property, they really should be the ones shouldering the burden of keeping it safe. Others have profited by doing this for MS, due to their stupidity over the years. Thing is, for MS to properly lock things down, it will block what 3rd parties can do, or have access to. 3rd parties also do create problems, so it really isn't only MS as some claim. What about issues with HTTPS and browsers, slow web page laoading, FP of critical system files, causing issues with games and such? These aren't issues that MS created, these are issues that 3rd parties created due to the way they hook into things, etc...But I will tell you what is happening... Microsoft is annoying paid vendors and paying customers for putting in protection features that cause problems with their products or cause cross-product conflicts. Microsoft will point the finger at the other party and won't take responsibility for the problems that it creates.
Well of course they will say/think that. Let's cut the BS, these companies are making money on this, so let's be realistic here. If anything cuts into their margins, including MS and WD/ATP, of course they wont be happy. They may have some truth to the matter, but at the end of the day it's still a business for them.Because I know what people in the industry think. I certainly know what Avira, Kaspersky, DrWeb, Bitdefender and Symantec\Norton think. Heck, even people at Webroot do not think very highly of Windows Defender. They have made their positions on Microsoft, Windows and Windows Defender public for the most part so it isn't speculation.
But they should, because Microsoft is the market share leader in business endpoints and has the biggest market share in the consumer segment too.People keep saying this but it isn't true. Nobody sees Windows Defender as any kind of real threat to their product.
But I will tell you what is happening... Microsoft is annoying paid vendors and paying customers for putting in protection features that cause problems with their products or cause cross-product conflicts. Microsoft will point the finger at the other party and won't take responsibility for the problems that it creates.
It isn't a matter of publishers trying harder. It is a matter of people paying, and paying well.
Source:Microsoft is unique in the EPP space, as it is the only vendor that can provide built-in endpoint protection capabilities tightly integrated with the OS. Windows Defender Antivirus (known as System Center Endpoint Protection in Window 7 and 8) is now a core component of all versions of the Windows 10 OS, and provides cloud-assisted attack protection. Microsoft Defender Advanced Threat Protection (ATP) provides an EDR capability, monitoring and reporting on Windows Defender Antivirus and Windows Defender Exploit Guard (“Exploit Guard”), vulnerability and configuration management, as well as advanced hardening tools. The Microsoft Defender ATP incident response console consolidates alerts and incident response activities across Microsoft Defender ATP, Office 365 ATP, Azure ATP and Active Directory, as well as incorporates data sensitivity from Azure information protection.
Microsoft is much more open to supporting heterogeneous environments and has released EPP capabilities for Mac. Linux is supported through partners, while native agents are on the roadmap.
Microsoft has been placed in the Leaders quadrant this year due to the rapid market share gains of Windows Defender Antivirus (Defender), which is now the market share leader in business endpoints. In addition, excellent execution on its roadmap make it a credible replacement for competitive solutions, particularly for organizations looking to reduce complexity.
- Defender provides malware protection using a range of techniques including behavioral, emulation, script analysis, memory scanning, network monitoring signatures and heuristics on the client, along with cloud protection engines to detect newer malware. Microsoft Defender ATP can work alongside some other vendors’ EPP or EDR agents or will step up to protect clients automatically if a third-party EPP engine fails, is out of date or is disabled.
- Microsoft Defender ATP combines advanced EDR functionality with management and monitoring of Exploit Guard, Defender and other Microsoft products, critically Active Directory, to enable a common alert and incident response console. ATP leverages Azure infrastructure to store six months of data at no extra charge.
- Microsoft has one of the better out-of-the-box SOAR capabilities to integrate with Microsoft and partner products and to automate repetitive tasks. Conditional access rules enable a continuous adaptive risk and trust assessment (CARTA) architecture.
- ATP adds threat and vulnerability management, attack surface reduction (such as hardware-based isolation, application control, network protection and attack surface reduction rules) and threat analytics’ contextual threat intelligence reports. Microsoft Secure Score and vulnerability and configuration information provide weighted recommendations and actions to improve endpoint hardening, and compare the current posture with the industry and global peers for benchmarking. This score gives admins and chief information security officers (CISOs) an excellent understanding of the overall security posture relative to peers and shows improvements over time.
- Microsoft recently launched a service called Microsoft Threat Experts to support customers’ incident response and alert analysis.