App Review Windows 10 Windows Defender (Warball Communauty)

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Nestor said:
Very weak in default settings,almost a disaster.
Click to expand...
Windows Defender is designed to work as part of Windows. That means Smart Screen is an integral part of the protection. These testers download samples in zipped formats that bypass Smart Screen. But in real life, that is not how malware is delivered -- with one exception. Torrented cracks.
If you download cracks by torrent, I can guarantee you that Windows Defender will have 0% success rate -- because you will surely turn WD off before you run the file.
 
  • Like
  • Applause
Reactions: plat, oldschool, stefanos and 6 others
Nestor

Nestor

Level 9
Verified
Well-known
Apr 21, 2018
397
shmu26 said:
Windows Defender is designed to work as part of Windows. That means Smart Screen is an integral part of the protection. These testers download samples in zipped formats that bypass Smart Screen. But in real life, that is not how malware is delivered -- with one exception. Torrented cracks.
If you download cracks by torrent, I can guarantee you that Windows Defender will have 0% success rate -- because you will surely turn WD off before you run the file.
Click to expand...
Good to know,thanks.In fact,that was my question,how they bypassed so easily smartscreen.
 
  • Like
Reactions: oldschool, stefanos, Andy Ful and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,513
Nestor said:
Good to know,thanks.In fact,that was my question,how they bypassed so easily smartscreen.
Click to expand...
In the video, the SmartScreen for applications was simply turned OFF.
All threats downloaded from the internet (EXE files) were blocked by 'Block at first sight' . One of the phishing pages was blocked and 4 were allowed by SmartScreen for Edge.
If I saw correctly the malware numbering there were initially about 250 malware samples, and most of them were removed by WD during uncompressing the ZIP archive. About 7-10 threats could infect the system (96% detected/blocked). One of them was for sure a PUA with many entries in Hitman Pro.

The problem with such a test is that we cannot say anything about the effectiveness of WD default protection, because no other AVs were tested. Furthermore, we do not know how fresh were the samples. If they were fresh, then WD did very well. If not, then the protection was average.
 
  • Like
  • Thanks
  • Applause
Reactions: brambedkar59, oldschool, shmu26 and 5 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Nestor said:
That's not fair.It's like a car without fuel.
Click to expand...
The problem is that smartscreen is too good. It spoils the tests, so they need to turn it off.
However, smartscreen has three weaknesses:
1 script files are not checked
2 files unpacked from rar and some other compressed formats are not checked
3 detection is weak for fresh digitally signed malware.

Number one is indeed a problem, so you need some kind of script protection, whether it is syshardener or OSArmor or whatever.
Number two is a problem mainly for software pirates who live on torrents
Number three is not much of a problem for home users, because they rarely encounter such malware, and also because most good AVs block such malware pretty fast.
 
  • Like
Reactions: harlan4096, ForgottenSeer 72227, Andy Ful and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,513
shmu26 said:
The problem is that smartscreen is too good. It spoils the tests, so they need to turn it off.
However, smartscreen has three weaknesses:
1 script files are not checked
2 files unpacked from rar and some other compressed formats are not checked
3 detection is weak for fresh digitally signed malware.

Number one is indeed a problem, so you need some kind of script protection, whether it is syshardener or OSArmor or whatever.
Number two is a problem mainly for software pirates who live on torrents
Number three is not much of a problem for home users, because they rarely encounter such malware, and also because most good AVs block such malware pretty fast.
Click to expand...
This is generally true, but with some additional notes. (y):giggle:
SmartScreen will block most fresh digitally signed malware too, except when the digital certificate is a special EV code signing certificate or the certificate was stolen from the popular software that had a good reputation in SmartScreen. Also some scripts are blocked by SmartScreen (.jse, .vbe) but most scripts are not checked (.ps1, .js, .vbs, .wsf, .wsh, python scripts, etc.).

The good thing is that WD 'Block at first sight' feature can block also non-portable executable files (such as JS, VBS, or macros). That is not a common feature among AVs. Generally, WD has better anti-script protection than most AVs, especially with ASR rules.
 
  • Like
Reactions: oldschool, shmu26, Nestor and 2 others
F

ForgottenSeer 72227

I'll have to watch the video later, but when it comes to WD, testing it is a little different than most other products IMO. I'm not making excuses or disregarding the results, but I think we have to remember that with W10, MS has placed various security measures through out all of W10. WD is just one part of it and when you take a look at everything, WD, smartscreen, ASR, BAFS, etc... It's more comprehensive. Sure things like smartscreen are also available when using 3rd parties, but Imo, it's more important for WD than 3rd parties, because you are essentially relying not only on WD, but the OS as a whole to protect you.


Now granted for home users many things are left disabled and are not easy to configure, but if one wanted to, they could take advantage of the various settings within W10/WD to make it more secure, or just use configure defender. ;)
 
  • Like
Reactions: oldschool, bribon77, harlan4096 and 3 others

Similar threads

Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Microsoft Defender Antivirus + Windows 11 Smart App Control (SAC)
Replies
44
Views
3,322
Video Reviews - Security and Privacy
tofargone
tofargone
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Microsoft Defender Antivirus (Default Settings + DefenderUI Recommanded Settings)
Replies
34
Views
3,270
Video Reviews - Security and Privacy
lokamoka820
lokamoka820
L
    • Like
App Review Windows Defender Controlled Folders bypassed by ransomware
Replies
1
Views
366
Video Reviews - Security and Privacy
oldschool
oldschool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top