Advice Request Security Software obselete on Windows 10?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
media mass infection
There really is people that click facebooks ads, and those spammails gets spreading and infects people as funny it is

I dont think any of mt members is really needing top tier security, because they wont ever be infected. 10 years old me torrenting music throught limewire would get infected, but nowadays i would have to do research to find something really malicious

If you can build 100% secure system or set some kind of lockdown, firewall , av combo why not to use that if you can. Everyone here is looking for better alternatives even they dont really need it


Ublock medium mode and spam click everything, nothing will ever pop up, good luck getting infected :sleep:
 
  • Like
Reactions: oldschool

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,042
2 Questions about WD:
- does he have a anti-phishing-protection without the Internet Explorer/Edge?
I not sure if WDEG 'Network Protection' (anti-phishing protection) can be called weak. It is not well tested, and generally, anti-phishing protection is hard to test, because of many false positives and dead links.
For example, when testing the samples which include false positives, you cannot say that the protection A is better than B, because the A blocks more links. The opposite can be true if B does not block as many false positives as A (this is the case of 'Network Protection').
Anyway, there are objective reasons for using anti-phishing extensions in the web browser, even when it gives many false positives. But In my opinion, the more important security would be the good ad-blocker.
Personally, I use the safe DNS + WDEG 'Network Protection' as the security layer independent of the web browser.
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
@Evjl's Rain have you tested WD with the ASR rule for "Block executable... unless they meet a prevalence, age or trusted list criteria"?
How well does this rule perform?
I already tested it by using Andy's configuredefender high settings in the hub
you can see some here
https://malwaretips.com/threads/17-08-2018-15.86079/#post-757928
https://malwaretips.com/threads/10-08-2018-17.85864/#post-756226
https://malwaretips.com/threads/6-08-2018-16.85757/#post-755188
https://malwaretips.com/threads/3-08-2018-21.85688/#post-754757
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,042
@Evjl's Rain have you tested WD with the ASR rule for "Block executable... unless they meet a prevalence, age or trusted list criteria"?
How well does this rule perform?
This ASR rule is an enigma to me. It can block the newly compiled program on my PC, but could not stop the malware (https://malwaretips.com/threads/python-ransomware.86483/) downloaded from the malicious URL. Did someone see any test or any documentation about it? The Microsoft information in ASR articles is close to nothing.
That would be great to see some tests with malware samples.
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
I not sure if WDEG 'Network Protection' (anti-phishing protection) can be called weak. It is not well tested, and generally, anti-phishing protection is hard to test, because of many false positives and dead links.
For example, when testing the samples which include false positives, you cannot say that the protection A is better than B, because the A blocks more links. The opposite can be true if B does not block as many false positives as A (this is the case of 'Network Protection').
sorry but I kind disagree with this because when I test, I only pick verified phishing links, which are obviously phishing such as paypal and american bank replicas and most of them don't have https
it's weak because it fails to block those obviously phishing links
regardless of the format of the url, if the page appears to be a phishing, it should be a miss

there is only 1 problem in my test, that I don't have time to update windows, but I do update WD
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Thanks, @Evjl's Rain. Do you think that configuredefender high settings have a particular weakness, for instance, script files? Or is it just all around weak?
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Thanks, @Evjl's Rain. Do you think that configuredefender high settings have a particular weakness, for instance, script files? Or is it just all around weak?
I think it's very good in general. I can't find any significant weakness in it besides the poor signatures
it just randomly misses some malwares but can block many malwares that the others miss

missing random malwares is its weakness, mostly exe
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I think it's very good in general. I can't find any significant weakness in it besides the poor signatures
it just randomly misses some malwares but can block many malwares that the others miss

missing random malwares is its weakness, mostly exe
Thanks again, @Evjl's Rain. So if it is missing exe files, then a complete protection plan should include SRP, or some other default/deny solution.
@imuade suggested OSArmor, but if WD is missing exe files, then OSArmor will need some of the advanced settings enabled, to make up for that.
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Thanks again, @Evjl's Rain. So if it is missing exe files, then a complete protection plan should include SRP, or some other default/deny solution.
@imuade suggested OSArmor, but if WD is missing exe files, then OSArmor will need some of the advanced settings enabled, to make up for that.
windows smartscreen or runbysmartscreen can be a good addition (y) but they not automatic for non-downloaded files
 

Quassar

Level 12
Verified
Well-known
Feb 10, 2012
585
Thanks again, @Evjl's Rain. So if it is missing exe files, then a complete protection plan should include SRP, or some other default/deny solution.
@imuade suggested OSArmor, but if WD is missing exe files, then OSArmor will need some of the advanced settings enabled, to make up for that.

Exacly that why always core suplement for security should be: Firewall / HIPS + SRP
Unfortunly windows defneder dont have HIPS, however i liked old meta in windows XP SUA/LUA but configureation with SRP was painfull.
And i liked SuRun for this job :) if smb yet remeber it ^^
 
  • Like
Reactions: oldschool

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
windows smartscreen or runbysmartscreen can be a good addition (y) but they not automatic for non-downloaded files
Good idea.
Maybe "Block executable... unless they meet a prevalence, age or trusted list criteria" is optimized to work together with Smartscreen. I mean, maybe it is relying partially on Smartscreen, and that is why it misses some samples? Just throwing out a possibility.
 
D

Deleted Member 3a5v73x

I lost in this thread. Imo security software is not obsolete for Windows 10, yet, but prediction is that it might get close to that point with all improvements to Windows Defender out of the box, but you know that, whenever there are some security module improvements, there are malware coders who follow all development and create new bypass techniques, this digital era battle cycle between good and bad has been going for decades, Chromebooks will only slow down this war until more users jump on them.
 
5

509322

Technically, no one needs 3rd-party security softs IF you can figure Windows hidden, little documented security all out and, more importantly, get it right and make everyone using the systems put security first. Otherwise, and we all know it to be true, 3rd-party security softs are still very much in demand. They have been despite all of Microsoft's best efforts. And the reasons why that is reality should be patently obvious.
 
  • Like
Reactions: Tiny and shmu26

Windows_Security

Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
Maybe I am just lucky, but WD feels faster than other free AV's on my ASUS Transformer T100 with a weak z3740 Atom chip. I have tried Avast, Bitdefender, Panda free, Sophos Free ad Kaspersky free. On my wife's Lenov Yoga520 (Home 64 bits) WD also runs like a charm (with alll enabled, also protected folder access)
 

In2an3_PpG

Level 18
Verified
Top Poster
Content Creator
Well-known
Nov 15, 2016
867
Maybe I am just lucky, but WD feels faster than other free AV's on my ASUS Transformer T100 with a weak z3740 Atom chip. I have tried Avast, Bitdefender, Panda free, Sophos Free ad Kaspersky free. On my wife's Lenov Yoga520 (Home 64 bits) WD also runs like a charm (with alll enabled, also protected folder access)

You and me both. Been running with WD for a year now and have not felt any serious performance issues. Compared with the other 3rd party AV's I have tried.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,042
sorry but I kind disagree with this because when I test, I only pick verified phishing links, which are obviously phishing such as paypal and american bank replicas and most of them don't have https
...
Yes, that is the point we disagree. Such web pages can be totally blocked in many ways:
hxxp://abc.com/def/xxx/yyy/index.php
hxxp://online.bankofamerica.com.abc.de.fg/favicon.ico
hxxp://paypal-update.abc.com/favicon.ico
hxxp://abc.nxt/index.html
etc.
The above examples are taken from Pfishtank and were blocked by WDEG 'Network Protection'. If the paypal and american bank replicas were not blocked, then they were simply missed. But generally, they are blocked if recognized on the blacklist.
it's weak because it fails to block those obviously phishing links
regardless of the format of the url, if the page appears to be a phishing, it should be a miss
You know that this argument is weak, because all web blockers based on the blacklists will miss the obvious phishing web page if it is not on the blacklist.:giggle:
Furthermore, it is not true that opening the phishing website, especially the legal but hacked website is a miss. Here is the example from the Phishtank:

hxxp://xyz-baseball.com/cn/abcdefghijk/?login=&.verify?service=mail&data:text/html;charset=utf-8;base64,PGh0bWw%20DQo8c3R5bGU%20IGJvZHkgeyBtYXJnaW46IDA7IG92ZXJmbG93OiBoaWRkZW47IH0gPC9zdHlsZT4NCiAgPGlmcmFt

If the shortened link hxxp://xyz-baseball.com/cn/ to the legal website will be blocked, then all its users will not be able to login there. Yet, If it will be blocked by the full URL, then only hacked logins will be blocked.
That is why I made a special test (only 100% validated phishing links included) that you already know, and it does not prove that WDEG 'Network Protection' is weak. But, of course, this is only one such test so who knows. More such tests are required to prove something.
Q&A - [Updated 6/9/2018] Browser extension comparison: Malwares and Phishings
 
Last edited:

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Personal I get a bit confused from reading the topic title and then the post itself. Is the topic Windows 10 or Windows Defender?
Adding to your confusion.. According to this article, Windows Defender Security Centre (WDSC) may be called Windows Security in RS5.

Windows Defender would be perfect if:
1) It had faster scan speed
2) It didn't use 100% CPU and disk

Some factors to consider:
  • Chosen Power/Battery power plan.
  • Age and Type of CPU
  • SSD vs HDD
  • Other background activities
  • Number of items to scan
Quick scan took 2 minutes tops.
1537295567921.png

Image: During a scan. [Specs below]

Realistically, yes, WDA does use CPU/Disk when you perform tasks, but so does every security product with real-time scanning. Let's not go overboard with the BS claims.

1537294643371.png

Image: Task Manager [CPU - Memory - Disk]

I understand basic computer hygiene is not common practice, BUT the Downloads folder should be cleansed every so often. Hoarding redundant installers is not healthy, but if you insist on keeping them, archive and store externally.

Your results may vary due to the large variations in hardware type, hardware age and other factors that make no single PC identical. Some computers have more faults than others.
CPU - Intel Core i7-4700HQ CPU @ 2.40GHz, 4 Core(s), 8 Logical Processor(s)
Memory - 8.00 GB
Storage - SanDisk SD6SF1M128G (SSD)
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top