Advice Request Why are we even messing with anything other than WD these days?

Please provide comments and solutions that are helpful to the author of this topic.

avstor

Level 1
Jun 6, 2020
17
offending others while doing it that is a problem and will get you kicked out of most places

And who is to decide what is offensive and what isn't, when in fact what was posted wasn't offensive. It just happened to irritate or upset some people. Hmm ?

There are many instances where nothing offensive was said or done. The thing that gets people banned across the internet are their points of view. They make posts that aren't offensive whatsoever, yet the content of the message offends someone or they just don't like it. That someone uses a downvote button, report button or complains to forum admins, and then that person gets banned. It happens across the internet.

There no rules here that prevent you from formulating your own opinion

Formulating an opinion is not freedom of expression. The actual expression of that opinion, as one sees fit, is the central issue. We're not talking about mind and thought control here.

even outside the Internet (in more severe cases even cops can be called).

Really ? Where I live as long as I don't touch you and threaten you with physical harm , I can say anything I want to you or about you. If you get so upset that you call the police, they aren't going to do a single thing. In my country, the notion of "words hurt" and "fighting words" and nobody can upset you, well that is preposterous here. You will be mocked by society.

a Staff Member banning cause he doesn't like a specific opinion would be abuse of power.

This happens routinely.
 

avstor

Level 1
Jun 6, 2020
17
That's fair, but to be totally honest, it goes the other way as well. Someone with a strong opinion one way or another, sometimes will cry foul and say your censoring me when they are told to be nice. There's a big difference between censorship (not being able to speak freely) and being utterly rude and condescending. Rules are in place to allow free speech, but they are also there to guide discussions to be civil and respectful. Everyone has differing opinions on this or that . Not everyone will agree with everything and that's totally fine. It's all about conduct, it doesn't matter if you agree, or disagree, as long as it's done respectfully. That's what the rules are for, about creating a respectful environment. More often than not people are banned because of their conduct, not because they are not being allowed to share their opinion. IMHO the internet has created more problems than good in this regard. It's great that it allows free speech, but on the flipside, it also allows them to conduct themselves in a way that they never would if they were talking face to face. Mostly because they can hide behind a persona. You can express yourself freely, just do it in a respectful manner.

How many times have threads been shut down only because people got upset just because they didn't like completely civil, wholesome, non-offensive content ? Hmm ?
In the history of this place literally hundreds upon hundreds, if not thousands, of threads.

You people are the ones that keep bringing up rude, condescending, and offensive behaviors. I never said a word about that. Not once did I say that anyone should be over the top offensive. Yet, I do believe that people should be allowed to be as forceful and as argumentative as they wish. Once again, to my point, people interpreting and ascribing meaning to posts that is not even there.

Free exchange is going to upset people. That is the very nature of free and open debate. Censoring because people are merely upset is total cringe. If you are going to ban people just because they've upset someone else... that's total cringe. That is censorship plain and simple and it has nothing to do with breaking rules or behaving badly.
 

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
No, it's not. Look up the definition of censorship. There are many recognized forms and types of censorship. Just because various forms of censorhsip might be legal doesn't make it right.
But you don’t have the right to be disruptive on someone else’s platform when the rules were laid out from the start and agreed to. That is not censorship. But you are right, by definition I was wrong.
Edit: Sorry @harlan4096 , wrote that before I saw your posts.
 
Last edited:

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
WD is great but it relies HEAVILY on SmartScreen which is far from perfect and quite easy to bypass. I see it every day in the WLC results.

Besides, you are then relying solely on literally the most attacked security software on the market, without the benefit of third party “incognito” protection.

In other words, the attacker should not have the benefit of knowing what security software you are running.
 

avstor

Level 1
Jun 6, 2020
17
But you don’t have the right to be disruptive on someone else’s platform when the rules were laid out from the start and agreed to. That is not censorship. But you are right, by definition I was wrong.
Edit: Sorry @harlan4096 , wrote that before I saw your posts.

Well then, if open and constructive debate is considered "disruptive" here, then that says everything that anybody needs to know.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,604
OK. That will be the rule to kill this extremely important discussion taking place here.
@harlan4096 is not killing the discussion. You can freely open a separate thread to discuss it - this can be an interesting thread. But, your love for freedom is an obstacle here to discuss the right topic about WD. (y)

Most people here can see the difference between the censorship and rules that are made to put some order and direction to the discussion. Some order and direction are needed because it is hard to find useful information about something when the discussion is about everything.
If you like to name it censorship, that is OK we like it here.:)(y)

Edit.
The posts about the censorship can be moved from this thread to your thread about censorship.
 
Last edited:

avstor

Level 1
Jun 6, 2020
17
@harlan4096 is not killing the discussion.

I never said @harlan4096 was killing the discussion. I know @harlan4096 and while he is a moderator here, he is also a person that spends the time to read and consider the points being made - if he is interested. He's just doing his job as a staff member. I get that.

@Raiden made a post involving a lot of the subject matter being discussed. He's the one that introduced the discussion to this thread, and all I did was respond, yet somehow I'm being called disruptive, off-topic and needing to move "my discussion" to another thread.

Go back and follow the discussion and the logic behind the replies.

If a member brings up a sub-topic within a thread, then it is ridiculous for another member not to be able to fork the discussion. The sub-discussion shall run its course, and then fade out. It does not harm nor detriment to the original thread.

The notion that branched discussions should not be permitted is as ridiculous as the "formatting" rules here where a member can be warned and banned for using all capital letters or some vague, nebulous rule about formatting content.

Most people here can see the difference between the censorship and rules that are made to put some order and direction to the discussion.

Listen, please don't insult my intelligence. The "off topic" rule has been used many times on this forum to kill or terminate discussions. The other tactic is just to lock a thread. Rules are applied willy-nilly with no respect for any participants other than those that advance the hive agenda and its tribalism. Treating participants like children instead of adults that are within their rights to forcefully be argumentative just shows the overall attitude here. Catering to sensitive emotional people demeans and degrades the very reason that forums exist - which is to foster open debate - no matter how much it upsets people.

There is a rather large amount of tribalism here with the sole agenda to run people off the forum. Upset a few key members, and then you are targeted. It's a long-standing problem at this place.

I don't think you are intending to be rude or argumentative, but advancing the notion that the rules are serving the community as a whole (and the voice of the many should prevail over the voice of the few) is the very basis that those rules are used to silence people. You upset a couple influential members without even breaking a single forum rule, or enough people use the report button, and you get warning points. It's just a matter of time before they ban you. That attitude and tactic is used across the web daily.

The minority voice and perspective is absolutely the most important voice on any public exchange or platform. Tribalism is just mob mentality where the mob imposes its will upon the minority and then oppresses them via various methods. Happens every day across the web. The very basis of this are rules that are twisted and applied to silence dissent.

Mine and others' posts in this thread are not going to mess up anybody's search for WD infos. The fact of the matter is that the infos discussed here have already been discussed ad nauseum in countless threads. Nobody searches forums for infos. If they did, it would return literally hundreds of WD threads here containing not a single post by me nor the very important discussion at hand.

Censorship is censorship. The subject of forum and internet rules is a serious subject. There is a rising voice across the internet about the plague of using various rules and "curated content" to silence people - for whatever reason.

You yourself know many people have been banned here for only a single reason - not that they broke any forum rules. Their only "sin" was that they upset some people. I don't know about the rest of you, which most of you seem OK with this. But that is really messed up. Like I keep saying, it might be legal but it is both morally and ethically wrong. It is a black and white issue and no one, no amount of hive mentality, no tribalism, there is no argument or justification that can topple this truth.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,604
WD is great but it relies HEAVILY on SmartScreen which is far from perfect and quite easy to bypass. I see it every day in the WLC results.
Such a statement can be misguiding for many people. WD free is great when SmartScreen is triggered, but can be also very good without SmartScreen. The most important protection comes from the Block of First Sight (BAFS) feature and AMSI. BAFS is triggered when the executable is downloaded via the web browser or another application that can add the MOTW to the file. Such protection is as good as for any AV without ATP.

If the executable is downloaded & executed without the MOTW, then the protection is worse (SmartScreen and BAFS are not triggered), but still comparable with free AVs due to cloud-delivered protection (slightly worse than top free AVs). Such a situation usually can happen for files shared via flash drives. The files can be also executed without the MOTW as the payloads. Although this can pass-by the protection based on SmartScreen, It is not strictly the SmartScreen bypass, and such events you probably can see in the WLC. The SmartScreen bypass can happen when the malware with MOTW can be executed - it is a possible but very rare event in the wild.

If WD is used as offline protection, then its detection is significantly worse than for good free AVs.

Besides, you are then relying solely on literally the most attacked security software on the market, without the benefit of third party “incognito” protection.

In other words, the attacker should not have the benefit of knowing what security software you are running.
Yes, that can be an issue in enterprises. One has to use Microsoft Defender with ATP or whitelisting (default-deny) approach, or some third-party solutions.
 
Last edited:
L

Local Host

@Andy Ful Downloaded files through scripts will not preserve MOTW, which will make the entire WD defense crumble to most basic malware nowadays (as seen by the results in the hub).

AMSI is also poor in terms of detecting malicious scripts, as already stated by Emisoft itself.

Overall WD protection to common zero day is non-existent (ATP being vastly superior due to it's behaviour monitor), but is more than enough for people with common sense (I only don't use it, due to being a resource hog).

For people without common sense, Kaspersky Free is the way to go.
 
Last edited:

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
Such a statement can be misguiding for many people. WD free is great when SmartScreen is triggered, but can be also very good without SmartScreen. The most important protection comes from the Block of First Sight (BAFS) feature and AMSI. BAFS is triggered when the executable is downloaded via the web browser or another application that can add the MOTW to the file. Such protection is as good as for any AV without ATP.

If the executable is downloaded & executed without the MOTW, then the protection is worse (SmartScreen and BAFS are not triggered), but still comparable with free AVs due to cloud-delivered protection (slightly worse than top free AVs). Such a situation usually can happen for files shared via flash drives. The files can be also executed without the MOTW as the payloads. Although this can pass-by the protection based on SmartScreen, It is not strictly the SmartScreen bypass, and such events you probably can see in the WLC. The SmartScreen bypass can happen when the malware with MOTW can be executed - it is a possible but very rare event in the wild.

If WD is used as offline protection, then its detection is significantly worse than for good free AVs.


Yes, that can be an issue in enterprises. One has to use Microsoft Defender with ATP or whitelisting (default-deny) approach, or some third-party solutions.

If you want to discuss BAFS, it is probably important to discuss the average dwell time of 800 days (43 to 895 days).


BAFS is probably useless when the malware that has been approved by SS and is already on hundreds or thousands of endpoints. Which is exactly my initial point... WD is great but it relies HEAVILY on SmartScreen which is far from perfect and quite easy to bypass.

I really wish people would stop claiming that certain malware only targets the enterprise and somehow completely eludes SMB and home endpoints without showing some evidence that this is the case.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,604
@Andy Ful Downloaded files through scripts will not preserve MOTW, which will make the entire WD defense crumble to most basic malware nowadays (as seen by the results in the hub).

AMSI is also poor in terms of detecting malicious scripts, as already stated by Emisoft itself.

Overall WD protection to common zero day is non-existent (ATP being vastly superior due to it's behaviour monitor), but is more than enough for people with common sense (I only don't use it, due to being a resource hog).

For people without common sense, Kaspersky Free is the way to go.
Generally, it is true. I suspect that for files without MOTW, the protection of WD free on default settings can be slightly worse than for Kaspersky Cloud free. I can deduce it because Kaspersky uses KSN which works kinda similar to WD BASF, but files do not have to have MOTW. Anyway, WD free can be easily configured via ConfigureDefender to be stronger than Kaspersky Cloud free.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,604
If you want to discuss BAFS, it is probably important to discuss the average dwell time of 800 days (43 to 895 days).

...
It is an example of how dangerous are kernel exploits. Such malware could bypass any reasonable protection you know including all AVs + ATP. So, following your line of thinking, all reasonable security would be useless.

I really wish people would stop claiming that certain malware only targets the enterprise and somehow completely eludes SMB and home endpoints without showing some evidence that this is the case.
This article is about not patched SMB vulnerabilities in the mid-enterprises networks. It has nothing to with home users. There is no evidence that any home user with updated Windows was ever infected via such vulnerabilities, and there are known reasons for that.
I misunderstood the term SMB in the article. 😕
My corrected answer is there:
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,604
I am not sure If my post might be understood as a promotion of WD free. That was not my intention. From what I know, WD free can replace any free AV when the user uses Edge Chromium (with enabled PUA protection) and remember to make backups. If the user can apply the Delay Protection habit, then it could probably replace many commercial AVs in the home environment.

There are known free and paid solutions to support WD on the computer of casual or inexperienced user, but all of them would require occasional help from a more experienced user. In other cases, still the most effective method is installing a good commercial AV with a family license.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
It is an example of how dangerous are kernel exploits. Such malware could bypass any reasonable protection you know including all AVs + ATP. So, following your line of thinking, all reasonable security would be useless.


This article is about not patched SMB vulnerabilities in the mid-enterprises networks. It has nothing to with home users. There is no evidence that any home user with updated Windows was ever infected via such vulnerabilities, and there are known reasons for that.
No, that article is not about kernel exploits at all. When the article mentions SMB, it is not referring to SMB vulnerabilities, it is referring to Small and Medium Sized Businesses.

Besides, I posted that article to demonstrate that BAFS is great in theory, but less useful in practice. If you want to talk kernel exploits, I will suggest that it is better to be capable of interrupting the attack chain as opposed to being completely blind to them. Either way, there are tons of articles on dwell time, just google it and you will see.

I was simply asking for evidence that supports the claim that home users are immune to enterprise attacks. I have never seen such evidence, so maybe I am missing something, and I would be grateful if someone could provide some evidence, rather than just claiming "home user with updated Windows was ever infected" without any evidence.

And really, I was simply answering the OP's question "Why are we even messing with anything other than WD these days?". And my answer, in a nutshell, is that it is probably a good idea to also have a third party lightweight layer of protection, simply because I have studied SmartScreen's results and they are not quite as perfect as some people think they are.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,604
@danb,

Generally, I agree with you about the weaknesses of the standard security solutions (in the home or in the enterprises). If I would think otherwise, I would not develop several security tools. :)
But, I think that some of your statements might be misunderstood by readers.

No, that article is not about kernel exploits at all. When the article mentions SMB, it is not referring to SMB vulnerabilities, it is referring to Small and Medium Sized Businesses.
Yes, you are right. It was not evident from the short article you posted, but it is clear after reading the full reference report "infocyte-Q2_2019_mid-market_threat_IR_report.pdf".
Thanks for pointing it out - I corrected my previous post.

Besides, I posted that article to demonstrate that BAFS is great in theory, but less useful in practice.
In fact, the report shows that popular commercial solutions (AVs + ATP) are not especially efficient to protect enterprises. Of course, one can easily deduce that WD free cannot be a sufficient solution too.

I was simply asking for evidence that supports the claim that home users are immune to enterprise attacks. I have never seen such evidence, so maybe I am missing something, and I would be grateful if someone could provide some evidence, rather than just claiming "home user with updated Windows was ever infected" without any evidence.
The home users are immune to most of the enterprise attacks for several reasons:
  1. Most enterprise attacks use exploits, that are already patched by Windows Updates on the home computers.
  2. Many enterprise attacks propagate via the enterprise network, which is absent in the home environment.
  3. Many home users do not use MS Office.
  4. Many attacks on enterprises are targetted.
Anyway, some malwares that are used in the attacks on enterprises can be also (re)used in the widespread attacks (spam campaigns). So you are right - home users are not immune to them. Furthermore, the chances of nasty infections are much greater on not updated systems.

And really, I was simply answering the OP's question "Why are we even messing with anything other than WD these days?". And my answer, in a nutshell, is that it is probably a good idea to also have a third party lightweight layer of protection, simply because I have studied SmartScreen's results and they are not quite as perfect as some people think they are.
We agree with the conclusion. I just tried to explain that the assumption about SmartScreen was not precise and might be misguiding for many people. Simply the most popular and dangerous attacks are not related to SmartScreen protection. The SmartScreen does not cover (and never was intended to cover) exploits, scripts (except .jse, .vbe) and fileless attacks.:) (y)
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top