App Review Microsoft Defender- Hard to Explain

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
cruelsister

TedCruz

Level 5
Aug 19, 2022
176
WSVX and Hard Configurator is my solution for the past several months. I ran CFW for years, then Comodo's apparent lack of interest in free product updates or upgrades kind of soured me. I'm sure CFW is still rock solid, but it's time for me to move on. WiseVector and Hard Configurator so far doing a stellar job of protecting.
I abandoned Comodo when they screwed over Kevin and Nancy of Nsclean when they acquired BOclean and Melih just regaded out of Kevin's contract terms. I haven't touched them since and that was what? 2006?
 

TedCruz

Level 5
Aug 19, 2022
176
you should see my keepass!
(actually i hope you cant!!!):D

no everything is random, ive no idea what they are
Haha good for you. I have few hard coded ones that I keep in a personal safe that are pointed toward personal finances and insurance info. Just in case I suddenly die I want my wife to have access to it without going through the federal red tape.
 
  • Like
Reactions: kC77

kC77

Level 5
Verified
Well-known
Aug 16, 2021
232
Haha good for you. I have few hard coded ones that I keep in a personal safe that are pointed toward personal finances and insurance info. Just in case I suddenly die I want my wife to have access to it without going through the federal red tape.
that makes sense, but if the truly are separate entities... they have separate IT.. separate databases.......
id still have separate PW#s/2fa for each x
 

kC77

Level 5
Verified
Well-known
Aug 16, 2021
232
the thing is as long as YOU are happy with your backup plan.......

WHAT if your computer doesn't switch on? can you get to your most important data? what is the master password to get to that? has it been shared elsewhere?
how do i recover my data? cloud/local/immutable copy... has anyone else ever know these passwords?

go over the scenarios and make sure your ok.. is there internet? can i restore from cloud? or is that password breached?
whats the latest local backup?

for me i'm quite anal on backups both local and cloud and have ran over all scenarios of what if.. when... why
 

TedCruz

Level 5
Aug 19, 2022
176
the thing is as long as YOU are happy with your backup plan.......

WHAT if your computer doesn't switch on? can you get to your most important data? what is the master password to get to that? has it been shared elsewhere?
how do i recover my data? cloud/local/immutable copy... has anyone else ever know these passwords?

go over the scenarios and make sure your ok.. is there internet? can i restore from cloud? or is that password breached?
whats the latest local backup?

for me i'm quite anal on backups both local and cloud and have ran over all scenarios of what if.. when... why
Yeah I was also very anal about my backups that's why I drink fiber.
 
  • Wow
  • Like
Reactions: kylprq and kC77

wat0114

Level 13
Verified
Top Poster
Well-known
Apr 5, 2021
621
We're all aware of home pc security best practices and why it's ill advised to download cracks and such, but the whole point of the video, I believe, was to demonstrate that after a full two months, Defender still does not detect and stop the tested malware variant.
 

EASTER

Level 4
Verified
Well-known
May 9, 2017
159
WSVX and Hard Configurator is my solution for the past several months. I ran CFW for years, then Comodo's apparent lack of interest in free product updates or upgrades kind of soured me. I'm sure CFW is still rock solid, but it's time for me to move on. WiseVector and Hard Configurator so far doing a stellar job of protecting.
Funny you mention that combo- i been monitoring WVSX progress on one of my systems Windows 10 and it sure is a potent interceptor. Dug out an old malware from XP i kept for years that can still reek havoc even on Win 10. Mainly a joke type program but is in the same class as ShellLocker ransomware in that it's full screen lock makes it near impossible to browse around to kill it with task manager etc. I submitted it to WVSX and the next day they already had it johnny-on-the-spot capturing that bug in advance. I mean just the mouse pointer movement of such files (indicative of AV's Real-Time) and WVSX jumped right on it.

Defender just seems so laggy sometimes and of course sports good misses that once skipped (like in @cruelsister 's video test) the endpoint is already compromised and damage done.
 
  • Like
Reactions: roger_m and TedCruz

TedCruz

Level 5
Aug 19, 2022
176
Funny you mention that combo- i been monitoring WVSX progress on one of my systems Windows 10 and it sure is a potent interceptor. Dug out an old malware from XP i kept for years that can still reek havoc even on Win 10. Mainly a joke type program but is in the same class as ShellLocker ransomware in that it's full screen lock makes it near impossible to browse around to kill it with task manager etc. I submitted it to WVSX and the next day they already had it johnny-on-the-spot capturing that bug in advance. I mean just the mouse pointer movement of such files (indicative of AV's Real-Time) and WVSX jumped right on it.

Defender just seems so laggy sometimes and of course sports good misses that once skipped (like in @cruelsister 's video test) the endpoint is already compromised and damage done.
Based on that knowledge could WVSX AI engine be used to fingerprint a user or better yet log a user and their motions and keystrokes? I am being paranoid but assume you are someone high up in the important circles. Could that software be used to intercept your keystrokes and behavior?
 
  • Like
Reactions: kC77

Scirious

Level 2
Feb 22, 2022
91
Based on that knowledge could WVSX AI engine be used to fingerprint a user or better yet log a user and their motions and keystrokes? I am being paranoid but assume you are someone high up in the important circles. Could that software be used to intercept your keystrokes and behavior?
Couldn't this possibility be assumed for every av out there?
 
  • Like
Reactions: TedCruz and kC77

Chuck57

Level 12
Verified
Top Poster
Well-known
Oct 22, 2018
591
Based on that knowledge could WVSX AI engine be used to fingerprint a user or better yet log a user and their motions and keystrokes? I am being paranoid but assume you are someone high up in the important circles. Could that software be used to intercept your keystrokes and behavior?
I run a Microsoft OS. Long ago I gave up worrying about spying. You can't seriously run a Windows OS and wonder about who is spying. WVSX could be, but I'm fairly sure Microsoft IS spying, and has been for years.
 

ErzCrz

Level 23
Verified
Top Poster
Well-known
Aug 19, 2019
1,222
I abandoned Comodo when they screwed over Kevin and Nancy of Nsclean when they acquired BOclean and Melih just regaded out of Kevin's contract terms. I haven't touched them since and that was what? 2006?
I remember that. I think the issue was they were allocated to a team within Comodo but there was some working together issues. Boclean was a great addition to security.
Anyway, these videos often have me going to Comodo even these days but the Hard_Configurator default deny can be just as powerful. I guess we all use what works for us best and our individual kit.
Great video @cruelsister :D
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
We're all aware of home pc security best practices and why it's ill advised to download cracks and such, but the whole point of the video, I believe, was to demonstrate that after a full two months, Defender still does not detect and stop the tested malware variant.
It looks strange, but such unique and old samples are not dangerous in the wild.
They were really dangerous several months ago (for most AVs) when they were never-before-seen malware.
Although similar samples can be still found on a few websites with malware samples, they are used only in malware tests (not reused in real-life attacks).
The tests performed with a delay cannot show the real protection of the AVs. A significant part of the protection is only used to wean the attackers away from reusing the malware samples. Many AVs do it, so the attackers prefer to use new samples, because the older ones are not so efficient. Making a new sample takes a minute, many times quicker than finding the older samples missed by the AV.

Currently, it would be interesting to test how AVs can protect against real-life attacks with modified Magniber MSI samples (delivered from compromised websites including archives, documents, scripts, etc.) without using any signatures.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
I run a Microsoft OS. Long ago I gave up worrying about spying. You can't seriously run a Windows OS and wonder about who is spying. WVSX could be, but I'm fairly sure Microsoft IS spying, and has been for years.
I am afraid that only the "spying" AVs ("spy" = use massive telemetry) can be both user-friendly and effective. The telemetry is required for Machine (Deep) Learning and post-execution detection.
 
  • Like
Reactions: kC77 and Brahman
F

ForgottenSeer 69673

I abandoned Comodo when they screwed over Kevin and Nancy of Nsclean when they acquired BOclean and Melih just regaded out of Kevin's contract terms. I haven't touched them since and that was what? 2006?
With you 1005% on this. I said the same thing back then when Kevin and I exchanged e-mail. Then he went to work for Apple.
 
  • Like
Reactions: kC77

Brahman

Level 18
Verified
Top Poster
Well-known
Aug 22, 2013
892
It's just a test made by the youtuber, let's not generalize and believe blindly, this goes the same with av-test and av-comparatives, all with a grain of salt
What's wrong with her test? She is not "just a youtuber" here, any longtime member of this forum knows that. If you don't want to believe her, it's your choice. Public at large has no say in it. But same logic can also be applied vice versa.
 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,784
Well then that removed all my stops from using WD instead of FSecure. Up until now I was using WD with configure defender to the max but it was suffering performance issues. And I am still too young to be suffering performance issues. So out with the old and in with the new. I have a toss up between ESET or FSecure. I guess I will try them both
Realize if it matters, that ESET cloud detection is only available on Premium version. I have ESET on my win10 and it is light, but annoyed by ESET not provide its LiveGuard to all versions.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
What's wrong with her test? She is not "just a youtuber" here, any longtime member of this forum knows that. If you don't want to believe her, it's your choice. Public at large has no say in it. But same logic can also be applied vice versa.
(y)
Yes, although @cruelsister's videos can be found on YouTube, "just a youtuber" would diminish the importance of her videos in finding security weak points. One should only remember, that some weak points can be covered in real life by other security layers (not tested in the videos).

In the case of Magniber MSI files, I do not think that they could impact in-the-wild many Defender users. But I know that the attack vector used by this malware can be very dangerous for Defender and should not be ignored by Microsoft. The attack was localized, and Korean language users were most impacted, especially those interested in pirated software. That is why the Magniber was not recognized as a serious problem by AV vendors (except maybe 360 AV and AhnLab AV).
 
Last edited:

cruelsister

Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
I'm not on the Dev channel so can't test it at this point and can only give an uninformed opinion. Personally I have reservations about SAC if the preliminary things Microsoft states are true (such as a clean W11 install only and blind blocking of many files types that MSFT deems inappropriate (cmd, vbs, bat, etc.). Plus, if CFA didn't blink at the encryption process why would SAC?
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top