Advice Request Why are we even messing with anything other than WD these days?

Please provide comments and solutions that are helpful to the author of this topic.

truefacts

Level 1
Jun 9, 2020
12
WD free is great

WD truly is great and out performs other security software. Nobody can definitively prove or establish that any user needs to install a 3rd party software. WD with BAFS and SmartScreen have been shown many times to be solid protection without installing a third party solution that needlessly adds complexity and over burdens the user. When my brother helps family members and friends, time and again he finds that the users can't handle security, that anything that requires the user to make a decision is a burden and leads to the wrong choices. The solution that completely removes the user from the equation is always the best solution. This is know since Unix and Windows 95.

Default deny solutions are only the answer to a tiny miniscule audience. The user base is almost non existent. Default deny has virtually no appeal to the greater end user community. The ultra low demand for default deny is the reason that entire space is relegated to simple specialty niche products.
 
Last edited:
F

ForgottenSeer 72227

WD is a nice freebie for basic protection, without phishing protection and with some old performance issues.

I would add the the phishing protection is a bit of yes no. If you use Edge (original, or new chromium version) that part is covered by smartscreen. If you use a 3rd party browser, then yes WD doesn't really have that per say. However, you could always add an extension (netcraft, BDTL, Emsisoft, etc...) to gain that protection, while not having to go above and beyond the built in security if that's what one wants to use.:unsure::)
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
WD truly is great and out performs other security software. Nobody can definitively prove or establish that any user needs to install a 3rd party software. WD with BAFS and SmartScreen have been shown many times to be solid protection without installing a third party solution that needlessly adds complexity and over burdens the user. When my brother helps family members and friends, time and again he finds that the users can't handle security, that anything that requires the user to make a decision is a burden and leads to the wrong choices. The solution that completely removes the user from the equation is always the best solution. This is know since Unix and Windows 95.

Default deny solutions are only the answer to a tiny miniscule audience. The user base is almost non existent. Default deny has virtually no appeal to the greater end user community. The ultra low demand for default deny is the reason that entire space is relegated to simple specialty niche products.
Interesting... your brother's brother was a big fan of deny-by-default. ;)

Edit: Unix / Linux is deny-by-default... you have to sudo to do anything. This is not removing the user from the equation.
 
Last edited:

truefacts

Level 1
Jun 9, 2020
12
Ha, ha. You have made a smart manipulation of my post.

No manipulation. Just re-stating Microsoft's official position on WD. All one need do is read what they say in their statements about WD. Also based upon real world observations and use experiences of people that install third party software.

Interesting... your brother's brother was a big fan of deny-by-default. ;)

No one in my family ever used default deny. Causes too many problems . Have always used just WD. Greatest Windows compatibility with the least amount of problem for user is first priority. Third party softwares cause too many problems.
 
  • Like
Reactions: oldschool

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
@danb,

Generally, I agree with you about the weaknesses of the standard security solutions (in the home or in the enterprises). If I would think otherwise, I would not develop several security tools. :)
But, I think that some of your statements might be misunderstood by readers.


Yes, you are right. It was not evident from the short article you posted, but it is clear after reading the full reference report "infocyte-Q2_2019_mid-market_threat_IR_report.pdf".
Thanks for pointing it out - I corrected my previous post.


In fact, the report shows that popular commercial solutions (AVs + ATP) are not especially efficient to protect enterprises. Of course, one can easily deduce that WD free cannot be a sufficient solution too.


The home users are immune to most of the enterprise attacks for several reasons:
  1. Most enterprise attacks use exploits, that are already patched by Windows Updates on the home computers.
  2. Many enterprise attacks propagate via the enterprise network, which is absent in the home environment.
  3. Many home users do not use MS Office.
  4. Many attacks on enterprises are targetted.
Anyway, some malwares that are used in the attacks on enterprises can be also (re)used in the widespread attacks (spam campaigns). So you are right - home users are not immune to them. Furthermore, the chances of nasty infections are much greater on not updated systems.


We agree with the conclusion. I just tried to explain that the assumption about SmartScreen was not precise and might be misguiding for many people. Simply the most popular and dangerous attacks are not related to SmartScreen protection. The SmartScreen does not cover (and never was intended to cover) exploits, scripts (except .jse, .vbe) and fileless attacks.:) (y)
I am happy we are in agreement, although I find your first 3 points on home immunity somewhat silly, and I will explain why.

1. I would disagree that most enterprise attacks use exploits. Especially considering how everyone says how rare exploits are, but then claims that they are prevalent when it fits their case ;).​
2. Absolutely, but there is still patient zero on the network. This does not change anything.​
3. I have never seen stats on MS Office home use, but then again, I rarely see a computer without MS Office.​
4. Absolutely!​

The info about SMB was in the article I posted, all you had to do was read it ;).
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
No manipulation. Just re-stating Microsoft's official position on WD. All one need do is read what they say in their statements about WD. Also based upon real world observations and use experiences of people that install third party software.



No one in my family ever used default deny. Causes too many problems . Have always used just WD. Greatest Windows compatibility with the least amount of problem for user is first priority. Third party softwares cause too many problems.
I recently performed a Windows 10 2004 clean install on my main computer. For the same reason you do not lock the doors to your house when you are moving in, I relied solely on WD while downloading and installing the various software on my system. Once I was finished installing software, it was time to lock the system down, so I installed VS. WLC immediately found and infection, and it turned out to be a particularly difficult infection to remove (it took me a couple of hours to figure it out).

This is not an isolated incident. Our users (including MT members) have experienced similar situations. I was just shocked that it happened so quickly, over a span of a day or so, which is why I posted on this thread.

WD is great and has come a very long way, but it is not as perfect as some people lead you to believe. At the very least, second opinion scans should be performed weekly.

Also, I agree that fulltime deny-by-default is overkill, especially for home users. But when a user is about to click on a questionable link and the hair is standing up on their neck, they are probably going to wish they had the peace of mind knowing that their computer is locked.
 

Freki123

Level 16
Verified
Top Poster
Aug 10, 2013
753
WLC immediately found and infection, and it turned out to be a particularly difficult infection to remove (it took me a couple of hours to figure it out).
Sorry but why bother with hours of trouble shooting during an new install (while never be 100% sure you got all removed) and not just say f... it and do a proper clean install to be sure?
To stay on topic: When choosing MSDefender as main AV I think taking the time to install configure defender and press the button for "high" or "max" setting would be 2 minute well spend :D
 

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
No one in my family ever used default deny. Causes too many problems . Have always used just WD. Greatest Windows compatibility with the least amount of problem for user is first priority. Third party softwares cause too many problems.
If no one in your family have ever used 'default deny' how do you know it causes to many problems? - As for 'third party software causes to many problems' - Again in your opinion., KIS, ESET, F-Secure, Emsisoft etc has rarely if ever caused me any problems on multiple systems/people - As for me I use very few built in MS modules regarding, search, ripping, disc maintainable, all audio-visual & Office for starters - My reason, most third party programs are far less complex, faster, and generally less hassle & in the case of Office vastly easier to maintain - WD comes in to the category above - I have 26 years experience in Windows to come to these conclusions - But still my opinion only.
 

Bryan320

Level 8
Oct 11, 2019
293
Microsoft defender offers great download protection against EXE files especially if you use Microsoft edge as well. Microsoft edge sucks big time when it comes to phishing pages. If you are trying to use this as a default.... please supplement it with another add-on. Microsoft edge is horrible horrible with phishing sites and if it's the only thing your going to use on an inexperienced users system..... You are setting them up to crash and burn!!
 
L

Local Host

Microsoft defender offers great download protection against EXE files especially if you use Microsoft edge as well. Microsoft edge sucks big time when it comes to phishing pages. If you are trying to use this as a default.... please supplement it with another add-on. Microsoft edge is horrible horrible with phishing sites and if it's the only thing your going to use on an inexperienced users system..... You are setting them up to crash and burn!!
There no software that is going to protect you from the major of phishing pages, they take less than 5 min. to create, and the majorly of pages are taken down in less than a day.

Common sense is what you need for phishing pages.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
Sorry but why bother with hours of trouble shooting during an new install (while never be 100% sure you got all removed) and not just say f... it and do a proper clean install to be sure?
To stay on topic: When choosing MSDefender as main AV I think taking the time to install configure defender and press the button for "high" or "max" setting would be 2 minute well spend :D
I had already spent around 15 or so hours installing software and configuring my system, and I had it "just right". The last thing I wanted to do was to reformat again.

Edit: Yeah, then I would have had to deal with all of the ridiculous WD prompts that are impossible to respond to, and besides, odds are I still would have been infected.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,604
I am happy we are in agreement, although I find your first 3 points on home immunity somewhat silly, and I will explain why.

1. I would disagree that most enterprise attacks use exploits. Especially considering how everyone says how rare exploits are, but then claims that they are prevalent when it fits their case ;).
Are you serious? Do you know that the exploits from ten years ago can still work against many enterprises? Do you know that WannaCry family ransomware (based on the old EternalBlue exploit) was one of the most detected ransomware in the last year?

2. Absolutely, but there is still patient zero on the network. This does not change anything.​
3. I have never seen stats on MS Office home use, but then again, I rarely see a computer without MS Office.​
...
I am sorry that you cannot see the difference between silly arguments and valid arguments. Let's look at statistics:
  1. ...
  2. It does if the network has many computers. Let's say that the network has 100 computers, then one person can easily infect 100 computers. So, you have 100 times greater probability of infection as compared to the home users.
  3. My family and many friends do not use MS Office. It is hard to say how many home users use MS Office. Let's say 30%, so you have three times smaller probability to be infected.
 
Last edited:

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
I am not here to argue, people can read and decide for themselves.

BTW, I thought you were joking about not being about the create a .vba file a couple of weeks ago. If you need an MS Office license for testing, please let me know, I might have an extra one you can have.

From the article you posted “While consumer ransomware targets Windows and Adobe vulnerabilities, enterprise ransomware targets high-value assets like servers, application infrastructure, and collaboration tools since they contain an organization’s critical business data,”

I would have to read the article to be sure, but I believe they are discussing exploits and vulnerabilities specifically. From what I have read, most attacks are simple attachments (91% if memory serves). If true, these are two very different things.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,604
I am not here to argue, people can read and decide for themselves.

BTW, I thought you were joking about not being about the create a .vba file a couple of weeks ago. If you need an MS Office license for testing, please let me know, I might have an extra one you can have.
Yes, I do not have any license. It would be easier for me to have one (instead of installing a trial several times). You know my email. Thank you.:)(y)
...
I would have to read the article to be sure, but I believe they are discussing exploits and vulnerabilities specifically. From what I have read, most attacks are simple attachments (91% if memory serves). If true, these are two very different things.
Enterprises have many more vectors of attack as compared to home users.
Nowadays, most attacks start from emails with phishing links. The second initial vector is related to email attachments. Both vectors often use documents as payloads. One popular method uses the MS Office old equation editor exploit. But, there are several exploiting possibilities too, because many enterprises do not update properly MS Office.
.

But it seems that exploits in Enterprises are especially popular in successful attacks on servers. Here is the useful report (not new):
Such malware is not used to attack home users. Servers use different Windows editions (often different OS too, like Linux servers) and different software as compared to home users. Furthermore, the attacks are often targetted to enterprise servers and not home users. Here is a useful reference for Windows Server 2008:

The cybercriminals are not stupid. Using well known (not new) exploits is the simplest way to bypass enterprise security and obtain persistence, so they are often used in attacks. The popularity of the WannaCry ransomware family is the simplest example of it.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top