Advice Request Is the improved performance of Microsoft Defender a myth? Should we necessarily be using a 3rd party AV?

[ForgottenSeer 92963]

Is the improved performance of Microsoft Defender a myth?​

Looking at the steady improvement of Defender on AV-Comparatives and AV-Test in the last decade I would say no.​

Should we necessarily be using a 3rd party AV?​

For years I have been keeping Windows/Microsoft Defender with Configure Defender on HIGH without protected folders on relatives PC's and have not heard of any problems or infections. So in my limited experience I would say no, not necessarily. On the other hand since Avast introduced hardened mode, I put Avast on every second PC in a household. Avast hardened mode also gave no problems or infections, so with that limited experience I would say yes (assuming that using different AV's in the same household statistically reduces the chance of all PC's being infected at the same time).​

 

[ForgottenSeer 92963]

Is extremely simple, all this tests are useless, is extremely easy to write lines of codes to pass testing, that would make the program useless in the real world.

Pretty much how all those AD-Blocker tests work, they simply block the testing page, same applies to malware testing in this case, they using simple malware that in no way replicates how Home Users get infected.

When it is so easy to write malware code which passes Microsoft Defender, with the market share Defender has, it would be hard to find a not-infected PC. So when your claim is true more than half of the Windows PC's would be infected.

fact remains third party AVs are superior to WD still,

My firsts language is not English, but what you state above is not a fact but an opinion (your opinion). What are the facts you are referring to?

 

[motox781]

No offense to anyone, but I tend to put more weight towards advice coming from someone who created an excellent free app, designed for Windows Defender (Configure Defender). Thank you @Andy Ful

 

[Digmor Crusher]

No offense to anyone, but I tend to put more weight towards advice coming from someone who created an excellent free app, designed for Windows Defender (Configure Defender). Thank you @Andy Ful

Amen to that.

 

[Andy Ful]

Is extremely simple, all this tests are useless, is extremely easy to write lines of codes to pass testing, that would make the program useless in the real world.

Pretty much how all those AD-Blocker tests work, they simply block the testing page, same applies to malware testing in this case, they using simple malware that in no way replicates how Home Users get infected.

Nowadays most people just get their browser hijacked, and there's nothing WD will do prevent that (Kasperksy on the other hand can detect and rollback the changes).

Cars are constantly compared, but they don't compare to one another, either way, even car testing is optimized for specific scenarions, and there's a good chunk of cars out there that will kill you in a crash.

I never claimed anywhere video testing is the holy grail, nor that they aren't biased either, if anything I claimed exactly the opposite, and I not wasting time arguing on that.

Simple, always using the home environment excuse for WD short comings and saying is enough, fact remains third party AVs are superior to WD still,

I give up. We are singing very different songs and even in different languages.

 

[oldschool]

"The End"

 

[ChoiceVoice]

since i updated to win 11, defender freezes and won't finish a demand scan. i toughed it out for a couple months but began wondering what else it might be failing at so i had to switch to f-secure.

 

[oldschool]

since i updated to win 11, defender freezes and won't finish a demand scan.

Maybe the issue is W11, not Defender!

 

[ScandinavianFish]

I dont think Windows Defender is bad, but I dont trust these independent lab tests giving an product 100% or near 100% detection ratio, as if that was truly the case malware would not be an issue, and yet its an bigger issue than ever.

Malware bypassing WD are very specific scenarios, its utilizing some kind of vulnerability, ive seen it happen to a couple of people ive helped clean their system, an malicious file in the exclusions or restoring/allowing itself upon detection, though it can be easily mitigated by keeping your system up to date and hardening your system by disabling unneeded features like Powershell, and Windows Defender has always had issues with powershell scripts.

IMO, Windows Defender has the among the best post-execution protection, alongside Kaspersky.

 

[Andy Ful]

I dont trust these independent lab tests giving an product 100% or near 100% detection ratio, as if that was truly the case malware would not be an issue, and yet its an bigger issue than ever.
...

This should not worry you.
For example, in the AV-Comparatives tests the best AV of the year 2020 was Kaspersky. It missed in Malware Protection tests 22 samples in the year 2019, 4 samples in the year 2020, and 10 samples in the year 2021 (approximately 10000 samples in each of 6 tests ---> on average 6 missed samples per 10000 tested samples).
In the AV-Comparatives Real-World tests, Kaspersky missed 6 samples in the year 2019, 3 samples in the year 2020, and 5 samples in the year 2021 (approximately 750 samples in each of 6 tests ---> on average 3 missed samples per 1000 tested samples, or 30 missed samples per 10000 samples).

If you would like to compare this with video malware tests, then in the 8 last PC Channel malware tests (over 10000 samples from the period 2018-2020) Kaspersky neutralized all tested malware (protection miracle).

So, choose carefully which tests should not be trusted.

 

[ScandinavianFish]

This should not worry you.
For example, in the AV-Comparatives tests the best AV of the year 2020 was Kaspersky. It missed in Malware Protection tests 22 samples in the year 2019, 4 samples in the year 2020, and 10 samples in the year 2021 (per approximately 10000 samples in each test).

If you would like to compare this with video tests, then in the 8 last PC Channel tests (over 10000 samples) Kaspersky neutralized all tested malware (detection miracle).

So, choose carefully which tests should not be trusted.

I dont trust videos either as they arent showcasing realistic scenarios, though unlile independent lab tests they show the tests taking place.

And what about AV-TEST and VirusBulletin? I know every lab does their tests differently, but for example here Test Microsoft Windows Defender 4.18 for Windows 10 (194015) one month WD gets 97.9% detection ratio of zero day malware, the next month, 100%, whats with these inconsistent scores? Test antivirus software Protected.net Between October and december 2019, TotalAV, which has always only used the avira engine, went from 57.4% to 97.4%, how is an 40% detection even possible? And whats the chance of it happening to an AV owned by an marketing/advertising company known for deceptive practicies?

VirusBulletin just claims every single AV, every single time, got 100% detection ratio.

Ive lost my trust in the cybersecurity industry because of lab tests like these, and the marketing strategies AV companies are doing, they are becoming what they swore to destroy, its the same case for the internet as a whole, how is it possible to tell fact from fiction anymore with out of control disinformation campaigns?

 

[RoboMan]

I still have encountered feelings with WIndows Defender's performance issue. I always get cocky with it, specially when browsing local folders and files. All I need to do is open the Downloads folder and see it load for a good couple of seconds before even showing my files. That's it. That's gets me. It's irritating. At least in my computers, doesn't matter if it's 1809, 1909, 2004, same performance. The fact they don't even include the possibility to disable scan on access or an option to just enable scan on execution... Please Miky, give us something.

 

[Andy Ful]

I still have encountered feelings with WIndows Defender's performance issue. I always get cocky with it, specially when browsing local folders and files. All I need to do is open the Downloads folder and see it load for a good couple of seconds before even showing my files. That's it. That's gets me. It's irritating. At least in my computers, doesn't matter if it's 1809, 1909, 2004, same performance. The fact they don't even include the possibility to disable scan on access or an option to just enable scan on execution... Please Miky, give us something.

Put the older files to the subfolder and leave the files from the few last months.

 

[show-Zi]

I've been using Defender(SWH+DUI+VS). We performed regular second opinion scans and found no infections. I have been troubled several times by quarantining online software due to false positives.
Another pc uses emisi. This is also used in the same way, but there were almost no false positives.
I think they both did the same job in terms of detection. However, this is influenced by how the user uses the pc. I don't do very adventurous web patrols. Office software is not installed, and most emails are checked on a smartphone.
Organize my opinion.
Even a defender can provide sufficient protection. However, the defender was inferior to emishi in other aspects than detection, such as false positives, subsequent actions, and download speed.
Detection is a pillar of security software, but I think we should consider other aspects such as false positives, subsequent processing, and deceleration by checking when downloading files. In such cases, the Defender is not always the best.

Search for a heavy sword in preparation for a battle with a beast you never meet.
While reading the topic of security software, I sometimes think so.

 

[Andy Ful]

You use Defender and VS. Both use cloud backend to scan files. This can sometimes have an impact on performance.

 

[roger_m]

Excluding the Downloads folder does not work?

This would not be a good idea in my opinion, in case you download a malicious file, and it is not detected, because files in the Downloads folder are not scanned.

 

[ForgottenSeer 92963]

I dont think Windows Defender is bad, but I dont trust these independent lab tests giving an product 100% or near 100% detection ratio, as if that was truly the case malware would not be an issue, and yet its an bigger issue than ever.

How many people you know have had NO infection and how many have had an INFECTION in 2021?

 

[Gandalf_The_Grey]

How many people you know have had NO infection and how many have had an INFECTION in 2021?

The question is, do you really know there is no infection...

 

[danb]

You use Defender and VS. Both use cloud backend to scan files. This can sometimes have an impact on performance.

VS has an Offline Mode if this is a concern. But blocking a file without providing any file insight is never a good idea, especially for average or novice computer users.

 

[danb]

The question is, do you really know there is no infection...

EXACTLY! With dwell times of 30-240 days, NO ONE knows they are infected... including the cybersecurity provider.

It's like saying "I do not know anyone with a serious covid issue, so covid must not be a problem".

Private equity and venture capital firms do not invest billions on a non-issue.