Question Is the improved performance of Microsoft Defender a myth? Should we necessarily be using a 3rd party AV?

monkeylove

Level 7
Well-known
Mar 9, 2014
337
94% of malware arrives trough email, so the end user has to download, lets say, an document, open it, and manually enabling editing/macros and will still not suspect anything or notice any red flags, if that isnt the fault of the user then I dont know what is, also, its the users job to keep their system up to date, so how is it not their fault if they get malware that exploits an vulnerability that has already been patched (i.e Bluekeep, log4j, etc)?

Yes, and I read somewhere that some malware no longer involve even user interaction, go for firmware, can be embedded in "safe" websites, and so on. So how is it now the user's fault all of the time?
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top poster
Developer
Well-known
Dec 23, 2014
7,244
Thankfully we don't need to go far to find evidence of my claims, MT own MalwareHub has all the evidence everyone needs on how WD protection is bypassed even with High Security settings.

The tests on MH can show that you will be significantly stronger in the Himalayas (my bones do not like such low temperatures and I fear snow panthers). These tests do not say much if you will be significantly stronger when living at home.
We have strong and reliable evidence from professional AV testing labs, that at home the Windows built-in default protection (Defender + Edge) does not significantly differ from top AVs (home versions).
There is no contradiction between MH tests and the tests made by AV-Test, AV-Comparatives, and SE Labs.
Still, there is no reliable evidence for your claims.

Claiming Windows Defender is flawless is ridiculous at best, ...

Does anyone claim this? You are fighting with ghosts.

Same way I don't care what others use on their PC, I simply have nausea by now of everyone claiming Windows Defender is perfect and there no need for third-party AVs.

Still, no one claims such a thing. Anyone knows that Defender free is far from being perfect (like any free AV).

Despite recommending Kaspersky often, at least I'm not a blind fanboy and acknowledge the weaknesses of it, same way I acknowledge it doesn't fit everyone needs, but never in my right mind I'll claim Windows Defender makes third-party AVs obsolete.

So do I. But, it does not mean that Defender is obsolete, as you constantly repeat.
 
Last edited:

Kongo

Level 30
Verified
Top poster
Well-known
Feb 25, 2017
1,983
AV's have come a long way the last few years, and while there is some security theater, there is no security theater that compares to SRP. SRP was not designed to mitigate modern threats. Period.
So you are basically saying that Simple Windows Hardening and Hard-Configurator are pretty much useless? Even tho I normally value your opinions I have to disagree on this one.
 

SeriousHoax

Level 43
Verified
Top poster
Well-known
Mar 16, 2019
3,243
Dec 12, 2021
245
Yes, and I read somewhere that some malware no longer involve even user interaction, go for firmware, can be embedded in "safe" websites, and so on. So how is it now the user's fault all of the time?
If you properly harden your system to combat vulnerabilities, even supposedly safe sites hijacked by malware can still be defended against, like with Edge's web security enhancements, an adblocker, noscript, etc, and I never claimed you shouldnt use an antivirus, I am simply saying 100% of malware relies on the human factor to target users, so its always the users fault, directly and indirectly, and to never completely rely on an antivirus, nor common sense, completely alone, and to always use layers of protection.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top poster
Developer
Well-known
Dec 23, 2014
7,244
AV's have come a long way the last few years, and while there is some security theater, there is no security theater that compares to SRP. SRP was not designed to mitigate modern threats. Period.

You have never been to this theater.(y)
If you are looking for evidence then look at the tests on Malware Hub. Even without any AV (only properly configured SRP) the results were like in (almost) perfect theater. You can compare them with the test results of VS, if you need a reference point.

Anyway, you are right that classic SRP was not designed to mitigate modern threats in the business environment. The danger comes from the attacks with admin rights via lateral movement. Furthermore, SRP and Windows policies are not well designed to stop the highly targeted attacks. Lastly, most people do not know how to configure SRP for optimal protection (you are not the only one).

Properly configured SRP + simple hardening (like blocking SMB protocols and remote features) is still very efficient when a few computers are connected to the home router (no lateral movement).
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top poster
Developer
Well-known
Dec 23, 2014
7,244
... Some even panicked when popups in Kaspersky showed up telling them to consider installing this or updating that, even though I already disabled as many info notifications I could find. So, you can imagine what mayhem can take place if I even try something like a default-deny feature, or using something other than an admin account (they call me and complain that this or that can't be installed), or UAC turned on, or what I experienced when I tried using advanced features in Defender (they call and complain that they can't load this or that file).

In such a situation, the preferred Windows built-in setup would be Defender with ConfigureDefender HIGH settings + Simple Windows Hardening. This config is very silent. You probably used ConfigureDefender MAX settings that apply some noisy ASR rules and can block non-prevalent applications/updates.

So, now I had Avast free installed in their machines in silent mode for the past few weeks, and no complaints so far. Probably, at worst, they will encounter one site that they can't access, and they'll only know when they actually look at the system bar and wonder what that blue dot means in the Avast icon. LOL.

It is also a good setup for adults. You can try Simple Windows Hardening to strengthen the protection against scripting/fileless attacks. Nowadays, the applications use scripting methods extremely rare, so this setup should be also silent. On the contrary, cybercriminals like scripting malware very much.
 
Last edited:
F

ForgottenSeer 92963

SRP has its flaws (like living in the wrong ring), but Andy has tackled some known problems of SRP (the UAC user access holes in Windows folder and LNK troubles) in the predefined settings, but .....

... with Andy' s predefined SRP rules blocking file extensions misusing the windows build-in command execution binary's (LoLbins) AND
... Simple Windows and Firewall Hardening adding some additional hurdles to misuse LolBins AND
... Controlled folder acces blocking write access to user land folders AND
... Configure Defender adding ASR and stronger cloud protection AND
... Windows Smart Screen blocking unknown executables with MOTW AND
... Edge Smart Screen having the best Malware and URL protection AND
... Edge Browser having the strongest sandbox of all Chromium browsers on Windows AND
... simple router partitioning and hardening (all IOT devices in Guest Network, phones and visitors in 2.4 network and only trusted devices in 5Ghz) AND
... using a DNS which also blocks Malware and an ISP which also checks my e-mail on malware AND
... common sense safehex practices

I am not using a HIPS and Outbound FireWall anymore, because I am confident those additional hurdles are good enough protection for the average home use (I am also not wearing a bullet proof vest when I do my shopping, better use this great advice for life: link)
 
Last edited by a moderator:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top poster
Developer
Well-known
Dec 23, 2014
7,244
Guys, we should stop talking about SRP because @danb usually uses SRP to provoke discussion about VS. So, I can help out and sincerely admit that VS is also very good, and it is probably even better in the business environment.

There is no need to start the fight: SRP against VS.
Who is better: Japanese ninja or American bodyguard?:unsure:
It would be better to focus on Defender.(y)

Post edited.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top poster
Developer
Well-known
Dec 23, 2014
7,244
SRP, along with all the logging capabilities in Windows, handles modern threats quite well in the enterprise space.
The classic SRP can be still very useful to prevent the malware started by the user on the uninfected computer. But it cannot protect well computers in the already infected networks in Enterprises.
For example, It cannot fight any malware (on the already infected environment) that uses malicious drivers or malicious .NET DLLs.
Even AppLocker is not sufficient to protect against some modern attack vectors. According to Microsoft, the security boundary that can support/replace SRP and Applocker is Microsoft Defender Application Control. Of course, even if one uses SRP + AppLocker + MDAC, this is still not bulletproof protection in Enterprises. The recommended security strategy in Enterprises is using Microsoft Defender + MDAC with "Zero Trust" security model. Of course, there are several paid versions of Defender with different capabilities.
 
Last edited:
L

Local Host

Just a thought, but maybe even not talk about the Enterprise security environment too, as it probably just muddies the waters of this thread. Compared to the Home security environment, it's mostly apples to oranges anyway.
This is a waste of time, he always goes in circles and brings off topic stuff like that to defend Windows Defender.

He says I haven't provided no evidence for my claims, when I was pretty clear on what I said, anyone can grab a malware a sample and test it and Malware Hub has more than enough tests showing where Windows Defender lacks.

Then he goes back on his words when he keeps saying everywhere third-party AVs are obsolete in light of Windows Defender at home environments, making Windows Defender look like the perfect fit for everyone when it's not.

At least I'm not delusional, Windows Defender might me good for MT Members, but I sure as hell wouldn't rely on it for average users around my family, unless I wanna get a call about issues.

I never claimed Windows Defender hasn't improved, but is still not good enough.
 
Dec 12, 2021
245
This is a waste of time, he always goes in circles and brings off topic stuff like that to defend Windows Defender.

He says I haven't provided no evidence for my claims, when I was pretty clear on what I said, anyone can grab a malware a sample and test it and Malware Hub has more than enough tests showing where Windows Defender lacks.

Then he goes back on his words when he keeps saying everywhere third-party AVs are obsolete in light of Windows Defender at home environments, making Windows Defender look like the perfect fit for everyone when it's not.

At least I'm not delusional, Windows Defender might me good for MT Members, but I sure as hell wouldn't rely on it for average users around my family, unless I wanna get a call about issues.

I never claimed Windows Defender hasn't improved, but is still not good enough.
So why not use ConfigureDefender or Group Policy Editor to harden it so you dont have to worry about your family running it?
 

plat

Level 28
Verified
Top poster
Well-known
Sep 13, 2018
1,689
So why not use ConfigureDefender or Group Policy Editor to harden it so you dont have to worry about your family running it?

Indeed! Defender augmented by the well-known free (or paid) helper (ConfigureDefender, OSArmor, etc) can outshine the best of free and many paid antivirus solutions provided you set things up properly, don't get reckless, and have some patience.

We are beating a dead something or other here. Everyone makes at least one good point--c'mon, you can't dispute that.

Not saying this isn't a productive discussion but I've seen one too many of these eventually blunder into "locked for further replies" territory one way or another. 🥳🌺🥂✨<------holiday spirit.
 

JasonUK

Level 5
Apr 14, 2020
211
Has Defender improved.. it would be hard to argue that it hasn't. There's a whole host of test results over recent years showing the improvement. Can it be improved further by the use of 3rd-party configuration tools and by enabling certain features left disabled by a standard Windows setup? Again an obvious yes but should an average Joe have to do so? Many users on this and other similar forums (who could be argued to be more security aware) either use a 3rd-party AV or an augmented version of Defender which perhaps answers the second part of the thread heading.... a third party AV or at least third party hardening tools is still desirable :)
 

wat0114

Level 8
Verified
Well-known
Apr 5, 2021
363
..., but I sure as hell wouldn't rely on it for average users around my family, unless I wanna get a call about issues.
Then no one can reasonably dispute you on this. Only you can know what is best to use in your situation, and you have unequivocally determined that a 3rd-party product is best to use.
I never claimed Windows Defender hasn't improved, but is still not good enough.
Not good enough in your situation, and no doubt for many others. But for a great many others, it is good enough.
 

Shadowra

Level 23
Verified
Top poster
Malware Tester
Well-known
Sep 2, 2021
1,299
There is no need to put additional tools, except DefenderUI if you are lazy to put your hands in the engine.

That's what I just did on my brother's PC (I'm talking to you about it ^^ ), he had Kaspersky which made him slow down horribly (it was expiring, might as well throw it away).
I made him a combo Microsoft Defender + DefenderUI from Voodooshield .
Some settings, anti-ransom (he is a streamer, you never know), rules on unknown files (he tends to download ##### in files like crack, keygen etc) and NextDNS .

His PC is much better.
 
Dec 12, 2021
245
There is no need to put additional tools, except DefenderUI if you are lazy to put your hands in the engine.

That's what I just did on my brother's PC (I'm talking to you about it ^^ ), he had Kaspersky which made him slow down horribly (it was expiring, might as well throw it away).
I made him a combo Microsoft Defender + DefenderUI from Voodooshield .
Some settings, anti-ransom (he is a streamer, you never know), rules on unknown files (he tends to download in files like crack, keygen etc) and NextDNS .

His PC is much better.
Its almost exactly how I setup my little brothers PC security, ConfigureDefender set on High and NextDNS, he never goes to shady sites so WD is more than enough for him, especially with NextDNS set to Block Newly Registered Domains.
 
Top