Question Is Defender good against scriptors or malicious pdf and word files?

Please provide comments and solutions that are helpful to the author of this topic.

F

ForgottenSeer 103564

I'm thinking of just set-and-forget software like Bitdefender free. I'm also guessing that anyone who's asking if Defender is good enough can figure out how to install another AV. Otherwise, there's no point in asking.

About PDF readers, I don't think all malware are coursed through only PDFs, so that suggestion is lacking. Rather, one will have to figure out what to turn off in every app that involves scripts, Word files, etc. But what happens if a feature stops working given that? One has to remember what to enable and then disable it after. It's similar to the effects of hardening Defender. As for VMs, VTs, and hex editors, as those are even more complicated, if not weird, because the user now takes on the role of the security program.
The OP asked about scripts with PDFs/Word files not malware in general, VT "Virus Total" there is nothing difficult about uploading a file to Virustotal and scanning it, before anyone states well there is no privacy of my files if i upload them, what do you think most Av's will do based directly on your desktop? The difference is on Virus total it utilizes many engines at once increasing the odds of detection. Does not get any simpler than that.

Those suggestions i provided were to cover beginners to advanced users, so they knew those options exist. VT being among the most easiest. Look at the thumbnail below this, what is difficult about navigating to this website and clicking the upload button?

Screenshot 2023-12-10 10.39.35 PM.png

Could the user just spend money on more security, yes, or better yet, the user could install an advanced application and learn how to lock his system down, or they could learn how to use manual methods of detection, or simply, take a few extra moments to follow this very simple suggestion.
 

Kongo

Level 35
Verified
Top Poster
Well-known
Feb 25, 2017
2,490
I also don't really see what's wrong with uploading scripts to virustotal before running them. The average user doesn't see many scripts in day to day use anyway. So why not taking the extra minute to check if it's actually safe. Especially considering that many AVs have problems detecting scripting malware.
 

monkeylove

Level 11
Verified
Top Poster
Well-known
Mar 9, 2014
536
The OP asked about scripts with PDFs/Word files not malware in general, VT "Virus Total" there is nothing difficult about uploading a file to Virustotal and scanning it, before anyone states well there is no privacy of my files if i upload them, what do you think most Av's will do based directly on your desktop? The difference is on Virus total it utilizes many engines at once increasing the odds of detection. Does not get any simpler than that.

Those suggestions i provided were to cover beginners to advanced users, so they knew those options exist. VT being among the most easiest. Look at the thumbnail below this, what is difficult about navigating to this website and clicking the upload button?

View attachment 280176

Could the user just spend money on more security, yes, or better yet, the user could install an advanced application and learn how to lock his system down, or they could learn how to use manual methods of detection, or simply, take a few extra moments to follow this very simple suggestion.

Actually, the OP was asking if Defender is good enough. It appears that it's not, so the default advice is to get something better.

Why would using VT be unreasonable, as pointed out earlier? Because people tend not to do things manually, especially if they're in a hurry. That's why a better option is a real-time program that can automatically upload the file to VT for checking.

How about using a VM? It's similar: consider security programs that sandbox by default instead of the user having to do things manually and run files in VMs.

How about hex editors? I think the security program, if not sites like VT, should handle analysis as well.

In short, the gist is that people will have to learn how to do this or that or do things manually, but that's not easy if they have many other things to do or forget to do things manually because they're rushing to meet a deadline, etc.
 
  • Applause
Reactions: Dave Russo

monkeylove

Level 11
Verified
Top Poster
Well-known
Mar 9, 2014
536
I also don't really see what's wrong with uploading scripts to virustotal before running them. The average user doesn't see many scripts in day to day use anyway. So why not taking the extra minute to check if it's actually safe. Especially considering that many AVs have problems detecting scripting malware.

There's nothing wrong with that. It's just that in the real world average users don't have the time to do manually what security programs are supposed to do automatically.

That's why in light of the thread title the OP has to use a security program that's good against such, and if it can't detect it, automatically send it to a cloud that can check it against multiple databases while running it in a sandbox.

And if that also costs more time and resources, then pay for better machines and Internet services, too.
 
  • Like
Reactions: Dave Russo
F

ForgottenSeer 103564

Actually, the OP was asking if Defender is good enough. It appears that it's not, so the default advice is to get something better.

Why would using VT be unreasonable, as pointed out earlier? Because people tend not to do things manually, especially if they're in a hurry. That's why a better option is a real-time program that can automatically upload the file to VT for checking.

How about using a VM? It's similar: consider security programs that sandbox by default instead of the user having to do things manually and run files in VMs.

How about hex editors? I think the security program, if not sites like VT, should handle analysis as well.

In short, the gist is that people will have to learn how to do this or that or do things manually, but that's not easy if they have many other things to do or forget to do things manually because they're rushing to meet a deadline, etc.
Well I guess that user who is too busy to take a minute to check or is forgetful, or someone has them at gun point forcing them to hurry, or astroids are dropping and they need to send, better hope that product they chose to rely on does not miss anything that may stem from their lack of time.

If I sound sarcastic it is because I wanted to make sure I had all basis covered before you throw another reason a user can not take their security more seriously instead of unrealistically relying on some AV to do it for them.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top