App Review Microsoft Defender vs Top 100 Malware Sites (TPSC)

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
The PC Security Channel

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,448
Windows Defender
Frustrated Star Trek GIF


It's named Microsoft Defender since 2019 and today it's 2023. C'mon Leo, wake up and try to at least read the popup messages! :rolleyes:
 
F

ForgottenSeer 103564

Seems legit! Im sure everyone slams their system with 100 malicious links at once via a python script when they do get infected, you know, the go big or go home effect, the whole operating system was screaming for mercy, that little squeaking noise i heard in my speakers.

On a serious note, if you are going to test something like this, wouldnt it be better to test one sample at a time, using analysis tools watching in real time anything that made it past the defenses, where it did, how it did, ect. One could learn more from that than this 1 in a million chances of happening kind of infection.

Edit: I guess i should specify. When a sample drops onto the system or is executed on the system, using more than just one tool to see a process was started is helpful. Autoruns for example, did the malicious item create a start up entry, tcpview after dropping or executing on the system did it call out and drop other items onto the system. Where in user space did it drop and anchor itself, how did the tested product handle these individual aspects/stages, you know, useful information.

This type of testing method above is really no different than the old right click context scan method, it is pointless.
 
Last edited by a moderator:

oldschool

Level 80
Verified
Top Poster
Well-known
Mar 29, 2018
6,962
Seems legit! Im sure everyone slams their system with 100 malicious links at once via a python script when they do get infected, you know, the go big or go home effect, the whole operating system was screaming for mercy, that little squeaking noise i heard in my speakers.
Absolutely priceless, especially the last bit "... the whole operating system was screaming for mercy, that little squeaking noise i heard in my speakers." :ROFLMAO::ROFLMAO: :ROFLMAO: :ROFLMAO: :ROFLMAO:
 

Lymphocyte

Level 2
Thread author
Verified
Jul 22, 2014
59
So Microsoft Defender is not as bad as some people make it out to be. You just have to configure it correctly and that makes me wonder why it isn't like that by default?

My recommendation: GitHub - simeononsecurity/Windows-Defender-Hardening: Take advantage of some more advanced Windows Defender settings.
I think the reason is to avoid falses positives, for example ransomware proteciton is disabled by default and it generates many false posotives if you enable it.
 

Inzingor

Level 1
Oct 15, 2023
29
I think the reason is to avoid falses positives, for example ransomware proteciton is disabled by default and it generates many false posotives if you enable it.


But that depends on what you do, I didn't have any problems with the settings, but I only use official and well-known stuff like:

UiPath, Office, Mysql, DBeaver, Visual Studio Code, Cmake, Git etc. and only a single game (World of Warcraft). Just as an example.
 
F

ForgottenSeer 97327

For intrusion detection, Telemetry and SIEM I can understand that a security products generates warnings.When a system makes automated decisions, you might as well suppress these warnings also. Ransomware Protection generates some confusing messages for the average home user. It is simply bad UX-practices to throw a warning which the user can ignore.
 
F

ForgottenSeer 103564

So Microsoft Defender is not as bad as some people make it out to be. You just have to configure it correctly and that makes me wonder why it isn't like that by default?

My recommendation: GitHub - simeononsecurity/Windows-Defender-Hardening: Take advantage of some more advanced Windows Defender settings.

Almost all security software "i say almost as im sure there is an exception out there somewhere" are set with balanced settings of protection and usability for average users. Windows is no exception it can be tweaked for stronger protections even the firewall can be set with custom rules to harden. If one has the Pro version you can extend upon this with Windows built in tools via gpedit. This last part though im going to keep mentioning, as eventually it will be understood at some level, is for instance the attack avenue Leo used above with his scripts, the urls. You have to ask yourself a very simple but profound question, how do i access a URL on the internet. Wouldn't that be the first line of defense i should be concerned with. From finding extensions such as ublock with its online malicious block list ect, to understanding how to look at URL addresses and question them if they are legit, to checking such URLs on sites like VIrustotal before proceeding to them if unsure. Back to the basics of looking before clicking.

Absolutely priceless, especially the last bit "... the whole operating system was screaming for mercy, that little squeaking noise i heard in my speakers." :ROFLMAO::ROFLMAO: :ROFLMAO: :ROFLMAO: :ROFLMAO:

In my best Elvis voice "why thank you, thank you very much" and he bows :)
 

SimeonOnSecurity

New Member
Oct 26, 2023
6
So Microsoft Defender is not as bad as some people make it out to be. You just have to configure it correctly and that makes me wonder why it isn't like that by default?

My recommendation: GitHub - simeononsecurity/Windows-Defender-Hardening: Take advantage of some more advanced Windows Defender settings.
That is actually my script. Thanks for sharing!
Yeah I found it odd as well. Many of those configuration options do cause some annoyances. But we took strides in minimizing those.
Some features actually are enabled by default on Enterprise versions of windows. Others are only available on Pro and Enterprise, but aren't enabled by default.
Things like credential guard, ASLR, sub process protections, etc are recommended for most people. But they can cause issues. For instance if you're a developer, a debugger can trip aslr and memory protections. This is why we have a recommended reading section and warnings plastered across our repos.
We will say, however, out of all of our repos and various scripts, we've yet to have anyone report issues with this repo. If you find anything, we'll do our best to fix it or help you fix it on your system. Most scripts online you shouldn't just be randomly running. Always verify. And when in doubt, ask questions. You did things correctly by discussing things here and we applaud you.
 

mlnevese

Level 26
Verified
Top Poster
Well-known
May 3, 2015
1,528
That's basically the standard test method from most Youtube testers... I watch this kind of video for entertainment but do no take the results seriously. I actually think the lack of knowledge of some Youtubers hilarious, some even struggle to turn off real time protection to unzip the small army of supposed malware.

Most don't even check if the leftovers are malicious or were just harmless stuff that whatever product being tested was right in not detecting.

I remember one that complained the product being tested kept killing and blocking the python script itself as malicious :)
 

monkeylove

Level 10
Verified
Well-known
Mar 9, 2014
458
Reviewers can't rely on users to do what they want the latter to do. At the same time, malware can now show up in what reviewers argue are safe sites and software (especially those with newly discovered vulnerabilities). In several cases, they can even run without user interaction, or stay hidden for a long time, go straight for embedded software, and so on.

Given that, "not as bad," "it's the user's fault," "just practice common sense," "use legit software," etc., no longer cut it.

Meanwhile, more careful analysis is preferred, and that means more expensive testing, which most can't afford to pay for.

Add more protection features, and there may be a performance hit. Let the user decide what to block or allow, and he may end up doing more harm than good. Harden the system and some features may malfunction, with the user trying to figure out what he tweaked and how to undo it. (At that point, the user realizes why the hardening wasn't enabled by default in the first place.)
 
  • Like
Reactions: simmerskool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top