shmu26

Level 83
Verified
Trusted
Content Creator
Very weak in default settings,almost a disaster.
Windows Defender is designed to work as part of Windows. That means Smart Screen is an integral part of the protection. These testers download samples in zipped formats that bypass Smart Screen. But in real life, that is not how malware is delivered -- with one exception. Torrented cracks.
If you download cracks by torrent, I can guarantee you that Windows Defender will have 0% success rate -- because you will surely turn WD off before you run the file.
 

Nestor

Level 8
Windows Defender is designed to work as part of Windows. That means Smart Screen is an integral part of the protection. These testers download samples in zipped formats that bypass Smart Screen. But in real life, that is not how malware is delivered -- with one exception. Torrented cracks.
If you download cracks by torrent, I can guarantee you that Windows Defender will have 0% success rate -- because you will surely turn WD off before you run the file.
Good to know,thanks.In fact,that was my question,how they bypassed so easily smartscreen.
 

Andy Ful

Level 48
Verified
Trusted
Content Creator
Good to know,thanks.In fact,that was my question,how they bypassed so easily smartscreen.
In the video, the SmartScreen for applications was simply turned OFF.
All threats downloaded from the internet (EXE files) were blocked by 'Block at first sight' . One of the phishing pages was blocked and 4 were allowed by SmartScreen for Edge.
If I saw correctly the malware numbering there were initially about 250 malware samples, and most of them were removed by WD during uncompressing the ZIP archive. About 7-10 threats could infect the system (96% detected/blocked). One of them was for sure a PUA with many entries in Hitman Pro.

The problem with such a test is that we cannot say anything about the effectiveness of WD default protection, because no other AVs were tested. Furthermore, we do not know how fresh were the samples. If they were fresh, then WD did very well. If not, then the protection was average.
 

shmu26

Level 83
Verified
Trusted
Content Creator
That's not fair.It's like a car without fuel.
The problem is that smartscreen is too good. It spoils the tests, so they need to turn it off.
However, smartscreen has three weaknesses:
1 script files are not checked
2 files unpacked from rar and some other compressed formats are not checked
3 detection is weak for fresh digitally signed malware.

Number one is indeed a problem, so you need some kind of script protection, whether it is syshardener or OSArmor or whatever.
Number two is a problem mainly for software pirates who live on torrents
Number three is not much of a problem for home users, because they rarely encounter such malware, and also because most good AVs block such malware pretty fast.
 

Andy Ful

Level 48
Verified
Trusted
Content Creator
The problem is that smartscreen is too good. It spoils the tests, so they need to turn it off.
However, smartscreen has three weaknesses:
1 script files are not checked
2 files unpacked from rar and some other compressed formats are not checked
3 detection is weak for fresh digitally signed malware.

Number one is indeed a problem, so you need some kind of script protection, whether it is syshardener or OSArmor or whatever.
Number two is a problem mainly for software pirates who live on torrents
Number three is not much of a problem for home users, because they rarely encounter such malware, and also because most good AVs block such malware pretty fast.
This is generally true, but with some additional notes. (y):giggle:
SmartScreen will block most fresh digitally signed malware too, except when the digital certificate is a special EV code signing certificate or the certificate was stolen from the popular software that had a good reputation in SmartScreen. Also some scripts are blocked by SmartScreen (.jse, .vbe) but most scripts are not checked (.ps1, .js, .vbs, .wsf, .wsh, python scripts, etc.).

The good thing is that WD 'Block at first sight' feature can block also non-portable executable files (such as JS, VBS, or macros). That is not a common feature among AVs. Generally, WD has better anti-script protection than most AVs, especially with ASR rules.
 

Raiden

Level 13
Verified
Content Creator
I'll have to watch the video later, but when it comes to WD, testing it is a little different than most other products IMO. I'm not making excuses or disregarding the results, but I think we have to remember that with W10, MS has placed various security measures through out all of W10. WD is just one part of it and when you take a look at everything, WD, smartscreen, ASR, BAFS, etc... It's more comprehensive. Sure things like smartscreen are also available when using 3rd parties, but Imo, it's more important for WD than 3rd parties, because you are essentially relying not only on WD, but the OS as a whole to protect you.


Now granted for home users many things are left disabled and are not easy to configure, but if one wanted to, they could take advantage of the various settings within W10/WD to make it more secure, or just use configure defender. ;)