- Mar 9, 2014
- 438
Yes, and I read somewhere that some malware no longer involve even user interaction, go for firmware, can be embedded in "safe" websites, and so on. So how is it now the user's fault all of the time?
Is the improved performance of Microsoft Defender a myth? Should we necessarily be using a 3rd party AV?
- Thread starter geek166
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
Yes, and I read somewhere that some malware no longer involve even user interaction, go for firmware, can be embedded in "safe" websites, and so on. So how is it now the user's fault all of the time?
- Dec 23, 2014
- 7,773
The tests on MH can show that you will be significantly stronger in the Himalayas (my bones do not like such low temperatures and I fear snow panthers). These tests do not say much if you will be significantly stronger when living at home.
We have strong and reliable evidence from professional AV testing labs, that at home the Windows built-in default protection (Defender + Edge) does not significantly differ from top AVs (home versions).
There is no contradiction between MH tests and the tests made by AV-Test, AV-Comparatives, and SE Labs.
Still, there is no reliable evidence for your claims.
Does anyone claim this? You are fighting with ghosts.
Still, no one claims such a thing. Anyone knows that Defender free is far from being perfect (like any free AV).
So do I. But, it does not mean that Defender is obsolete, as you constantly repeat.
Last edited:
- Feb 25, 2017
- 2,410
So you are basically saying that Simple Windows Hardening and Hard-Configurator are pretty much useless? Even tho I normally value your opinions I have to disagree on this one.
- Dec 23, 2014
- 7,773
It is perfectly fine to use PowerShell.
Also, It is perfectly fine to read Bible from Codex Vaticanus (joke).
- Mar 16, 2019
- 3,545
You can use this one. Disable Tamper protection and run this.
AdvancedRun-MD Protection History Remover.7z
drive.google.com
If you properly harden your system to combat vulnerabilities, even supposedly safe sites hijacked by malware can still be defended against, like with Edge's web security enhancements, an adblocker, noscript, etc, and I never claimed you shouldnt use an antivirus, I am simply saying 100% of malware relies on the human factor to target users, so its always the users fault, directly and indirectly, and to never completely rely on an antivirus, nor common sense, completely alone, and to always use layers of protection.
Last edited:
- Dec 23, 2014
- 7,773
You have never been to this theater.
If you are looking for evidence then look at the tests on Malware Hub. Even without any AV (only properly configured SRP) the results were like in (almost) perfect theater. You can compare them with the test results of VS, if you need a reference point.
Anyway, you are right that classic SRP was not designed to mitigate modern threats in the business environment. The danger comes from the attacks with admin rights via lateral movement. Furthermore, SRP and Windows policies are not well designed to stop the highly targeted attacks. Lastly, most people do not know how to configure SRP for optimal protection (you are not the only one).
Properly configured SRP + simple hardening (like blocking SMB protocols and remote features) is still very efficient when a few computers are connected to the home router (no lateral movement).
Last edited:
- Dec 23, 2014
- 7,773
In such a situation, the preferred Windows built-in setup would be Defender with ConfigureDefender HIGH settings + Simple Windows Hardening. This config is very silent. You probably used ConfigureDefender MAX settings that apply some noisy ASR rules and can block non-prevalent applications/updates.
It is also a good setup for adults. You can try Simple Windows Hardening to strengthen the protection against scripting/fileless attacks. Nowadays, the applications use scripting methods extremely rare, so this setup should be also silent. On the contrary, cybercriminals like scripting malware very much.
Last edited:
SRP has its flaws (like living in the wrong ring), but Andy has tackled some known problems of SRP (the UAC user access holes in Windows folder and LNK troubles) in the predefined settings, but .....
... with Andy' s predefined SRP rules blocking file extensions misusing the windows build-in command execution binary's (LoLbins) AND
... Simple Windows and Firewall Hardening adding some additional hurdles to misuse LolBins AND
... Controlled folder acces blocking write access to user land folders AND
... Configure Defender adding ASR and stronger cloud protection AND
... Windows Smart Screen blocking unknown executables with MOTW AND
... Edge Smart Screen having the best Malware and URL protection AND
... Edge Browser having the strongest sandbox of all Chromium browsers on Windows AND
... simple router partitioning and hardening (all IOT devices in Guest Network, phones and visitors in 2.4 network and only trusted devices in 5Ghz) AND
... using a DNS which also blocks Malware and an ISP which also checks my e-mail on malware AND
... common sense safehex practices
I am not using a HIPS and Outbound FireWall anymore, because I am confident those additional hurdles are good enough protection for the average home use (I am also not wearing a bullet proof vest when I do my shopping, better use this great advice for life: link)
... with Andy' s predefined SRP rules blocking file extensions misusing the windows build-in command execution binary's (LoLbins) AND
... Simple Windows and Firewall Hardening adding some additional hurdles to misuse LolBins AND
... Controlled folder acces blocking write access to user land folders AND
... Configure Defender adding ASR and stronger cloud protection AND
... Windows Smart Screen blocking unknown executables with MOTW AND
... Edge Smart Screen having the best Malware and URL protection AND
... Edge Browser having the strongest sandbox of all Chromium browsers on Windows AND
... simple router partitioning and hardening (all IOT devices in Guest Network, phones and visitors in 2.4 network and only trusted devices in 5Ghz) AND
... using a DNS which also blocks Malware and an ISP which also checks my e-mail on malware AND
... common sense safehex practices
I am not using a HIPS and Outbound FireWall anymore, because I am confident those additional hurdles are good enough protection for the average home use (I am also not wearing a bullet proof vest when I do my shopping, better use this great advice for life: link)
Last edited by a moderator:
- Dec 23, 2014
- 7,773
Guys, we should stop talking about SRP because @danb usually uses SRP to provoke discussion about VS. So, I can help out and sincerely admit that VS is also very good, and it is probably even better in the business environment.
There is no need to start the fight: SRP against VS.
Who is better: Japanese ninja or American bodyguard?
It would be better to focus on Defender.
Post edited.
There is no need to start the fight: SRP against VS.
Who is better: Japanese ninja or American bodyguard?
It would be better to focus on Defender.
Post edited.
Last edited:
- Dec 23, 2014
- 7,773
The classic SRP can be still very useful to prevent the malware started by the user on the uninfected computer. But it cannot protect well computers in the already infected networks in Enterprises.
For example, It cannot fight any malware (on the already infected environment) that uses malicious drivers or malicious .NET DLLs.
Even AppLocker is not sufficient to protect against some modern attack vectors. According to Microsoft, the security boundary that can support/replace SRP and Applocker is Microsoft Defender Application Control. Of course, even if one uses SRP + AppLocker + MDAC, this is still not bulletproof protection in Enterprises. The recommended security strategy in Enterprises is using Microsoft Defender + MDAC with "Zero Trust" security model. Of course, there are several paid versions of Defender with different capabilities.
Last edited:
- Apr 5, 2021
- 493
Just a thought, but maybe even not talk about the Enterprise security environment too, as it probably just muddies the waters of this thread. Compared to the Home security environment, it's mostly apples to oranges anyway.
This is a waste of time, he always goes in circles and brings off topic stuff like that to defend Windows Defender.
He says I haven't provided no evidence for my claims, when I was pretty clear on what I said, anyone can grab a malware a sample and test it and Malware Hub has more than enough tests showing where Windows Defender lacks.
Then he goes back on his words when he keeps saying everywhere third-party AVs are obsolete in light of Windows Defender at home environments, making Windows Defender look like the perfect fit for everyone when it's not.
At least I'm not delusional, Windows Defender might me good for MT Members, but I sure as hell wouldn't rely on it for average users around my family, unless I wanna get a call about issues.
I never claimed Windows Defender hasn't improved, but is still not good enough.
So why not use ConfigureDefender or Group Policy Editor to harden it so you dont have to worry about your family running it?
Are you saying you are not a MT member? or that MT members are delusional?
- Sep 13, 2018
- 1,822
Indeed! Defender augmented by the well-known free (or paid) helper (ConfigureDefender, OSArmor, etc) can outshine the best of free and many paid antivirus solutions provided you set things up properly, don't get reckless, and have some patience.
We are beating a dead something or other here. Everyone makes at least one good point--c'mon, you can't dispute that.
Not saying this isn't a productive discussion but I've seen one too many of these eventually blunder into "locked for further replies" territory one way or another.
<------holiday spirit.Has Defender improved.. it would be hard to argue that it hasn't. There's a whole host of test results over recent years showing the improvement. Can it be improved further by the use of 3rd-party configuration tools and by enabling certain features left disabled by a standard Windows setup? Again an obvious yes but should an average Joe have to do so? Many users on this and other similar forums (who could be argued to be more security aware) either use a 3rd-party AV or an augmented version of Defender which perhaps answers the second part of the thread heading.... a third party AV or at least third party hardening tools is still desirable
- Apr 5, 2021
- 493
Then no one can reasonably dispute you on this. Only you can know what is best to use in your situation, and you have unequivocally determined that a 3rd-party product is best to use.
Not good enough in your situation, and no doubt for many others. But for a great many others, it is good enough.
- Sep 2, 2021
- 2,051
There is no need to put additional tools, except DefenderUI if you are lazy to put your hands in the engine.
That's what I just did on my brother's PC (I'm talking to you about it ^^ ), he had Kaspersky which made him slow down horribly (it was expiring, might as well throw it away).
I made him a combo Microsoft Defender + DefenderUI from Voodooshield .
Some settings, anti-ransom (he is a streamer, you never know), rules on unknown files (he tends to download ##### in files like crack, keygen etc) and NextDNS .
His PC is much better.
That's what I just did on my brother's PC (I'm talking to you about it ^^ ), he had Kaspersky which made him slow down horribly (it was expiring, might as well throw it away).
I made him a combo Microsoft Defender + DefenderUI from Voodooshield .
Some settings, anti-ransom (he is a streamer, you never know), rules on unknown files (he tends to download ##### in files like crack, keygen etc) and NextDNS .
His PC is much better.
Its almost exactly how I setup my little brothers PC security, ConfigureDefender set on High and NextDNS, he never goes to shady sites so WD is more than enough for him, especially with NextDNS set to Block Newly Registered Domains.
Similar threads
