Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Microsoft Defender
Windows Defender disabled by malware
Message
<blockquote data-quote="Andy Ful" data-source="post: 938723" data-attributes="member: 32260"><p>It seems that the discussion here has temporarily focused on what [USER=32260]@Andy Ful[/USER] thinks or said. So, I am going to present my view again because it has been apparently misunderstood.</p><p>I have a request to [USER=3]@Spawn[/USER]. It would be good to move the off-topic posts (mine and other people) about what I think in relation to Defender to another thread. I already made a thread for that:</p><p>[URL unfurl="false"]https://malwaretips.com/threads/the-truth-about-windows-defender-on-windows-10-home-pro.88142/[/URL]</p><p>But, it can be another appropriate thread, too.</p><p></p><p>So, here is my view (If one is really interested):</p><ol> <li data-xf-list-type="ol">Defender (on default) has only mediocre anti-script protection. The same is true for all popular Home AVs. There are objective reasons to think that Defender anti-script protection is one of the best among Home AVs. Also, the ASR rules can make the anti-script protection much better and comparable to the commercial Business AVs. Still, such a protection can be bypassed in many ways by a hacker.</li> <li data-xf-list-type="ol">If the Home User uses Defender + Edge with SmartScreen and PUA protection then the protection is so close to the commercial Home AVs, that there is no reason to change the AV. The same is true for any popular AV installed on the computer in the home environment. The reason is not that the protection is bulletproof, but that the difference in protection is very small - many times smaller compared to infections caused by user's habits and behavior.</li> <li data-xf-list-type="ol">Any single AV test is a weak argument to see the differences in the protection between AVs. Simply, these differences are usually too small and the results have too big random noise. I never use such an argument. I made a cumulative summary of the tests (for Home AVs) made by the three biggest and trusted AV testing Labs (AV-Test, AV-Comparatives, SELabs). These results are statistically significant because they include all available tests from the period of two last years. Furthermore, the comparison makes sense only when all AVs participated in all tests - this criterium is usually not fulfilled in the homemade tests. It would be extremely difficult to make reliable conclusions about differences in protection between AVs, even when analyzing hundreds of homemade videos.</li> <li data-xf-list-type="ol">It is true that Microsoft wants people to use Applocker and Defender Application Control. But, it is also clear that they cannot be used effectively on Windows Home. Also, SRP was never officially supported on Windows Home. So, in fact, SRP is depreciated by Microsoft from the XP era many years ago and still works well (tested also on the upcoming Windows 21H1). Applocker uses the same Safer APIs as SRP, so it is very improbable that SRP will stop working soon. It is probable that some AV vendors will disappear until this will happen. It is also probable that there will not be support for SRP on the new Windows like Windows 10X.</li> <li data-xf-list-type="ol">The auto protection design of Defender has some weak points, that are better protected in some other AVs. Kaspersky could be probably a good example of that. In my opinion, Microsoft tries only to make the life of attackers harder and make such attacks rare, instead to solve the problem. Tamper Protection in the current design, does not solve the problem for sure.</li> <li data-xf-list-type="ol">My personal choice for AV family solution (non-security-oriented people) is Kaspersky Internet Security. I already presented my view here:<br /> [URL unfurl="false"]https://malwaretips.com/threads/malware-and-antivirus-needed.106771/post-930270[/URL]<br /> The security-oriented people can choose other solutions to protect the family computers (many solutions are discussed on MT). My personal choice is still Windows built-in security. The second choice would be probably tweaked KIS or Norton with SWH. For unknown reasons, Comodo Firewall does not work well on my computers. Otherwise, I could choose it with CS settings, too. There are many solutions for everybody.</li> </ol><p>I hope that the above points are sufficiently clear.<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite130" alt="(y)" title="Thumbs up (y)" loading="lazy" data-shortname="(y)" /></p><p></p><p>Post edited for more clarity.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 938723, member: 32260"] It seems that the discussion here has temporarily focused on what [USER=32260]@Andy Ful[/USER] thinks or said. So, I am going to present my view again because it has been apparently misunderstood. I have a request to [USER=3]@Spawn[/USER]. It would be good to move the off-topic posts (mine and other people) about what I think in relation to Defender to another thread. I already made a thread for that: [URL unfurl="false"]https://malwaretips.com/threads/the-truth-about-windows-defender-on-windows-10-home-pro.88142/[/URL] But, it can be another appropriate thread, too. So, here is my view (If one is really interested): [LIST=1] [*]Defender (on default) has only mediocre anti-script protection. The same is true for all popular Home AVs. There are objective reasons to think that Defender anti-script protection is one of the best among Home AVs. Also, the ASR rules can make the anti-script protection much better and comparable to the commercial Business AVs. Still, such a protection can be bypassed in many ways by a hacker. [*]If the Home User uses Defender + Edge with SmartScreen and PUA protection then the protection is so close to the commercial Home AVs, that there is no reason to change the AV. The same is true for any popular AV installed on the computer in the home environment. The reason is not that the protection is bulletproof, but that the difference in protection is very small - many times smaller compared to infections caused by user's habits and behavior. [*]Any single AV test is a weak argument to see the differences in the protection between AVs. Simply, these differences are usually too small and the results have too big random noise. I never use such an argument. I made a cumulative summary of the tests (for Home AVs) made by the three biggest and trusted AV testing Labs (AV-Test, AV-Comparatives, SELabs). These results are statistically significant because they include all available tests from the period of two last years. Furthermore, the comparison makes sense only when all AVs participated in all tests - this criterium is usually not fulfilled in the homemade tests. It would be extremely difficult to make reliable conclusions about differences in protection between AVs, even when analyzing hundreds of homemade videos. [*]It is true that Microsoft wants people to use Applocker and Defender Application Control. But, it is also clear that they cannot be used effectively on Windows Home. Also, SRP was never officially supported on Windows Home. So, in fact, SRP is depreciated by Microsoft from the XP era many years ago and still works well (tested also on the upcoming Windows 21H1). Applocker uses the same Safer APIs as SRP, so it is very improbable that SRP will stop working soon. It is probable that some AV vendors will disappear until this will happen. It is also probable that there will not be support for SRP on the new Windows like Windows 10X. [*]The auto protection design of Defender has some weak points, that are better protected in some other AVs. Kaspersky could be probably a good example of that. In my opinion, Microsoft tries only to make the life of attackers harder and make such attacks rare, instead to solve the problem. Tamper Protection in the current design, does not solve the problem for sure. [*]My personal choice for AV family solution (non-security-oriented people) is Kaspersky Internet Security. I already presented my view here: [URL unfurl="false"]https://malwaretips.com/threads/malware-and-antivirus-needed.106771/post-930270[/URL] The security-oriented people can choose other solutions to protect the family computers (many solutions are discussed on MT). My personal choice is still Windows built-in security. The second choice would be probably tweaked KIS or Norton with SWH. For unknown reasons, Comodo Firewall does not work well on my computers. Otherwise, I could choose it with CS settings, too. There are many solutions for everybody. [/LIST] I hope that the above points are sufficiently clear.(y) Post edited for more clarity. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
