Windows Defender further improves it's protection ability

Do you use Windows Defender?


  • Total voters
    50
Status
Not open for further replies.

ExploitBlocker10

Level 1
Thread author
Verified
Sep 4, 2015
40
AV-Test has released the June 2016 test results of antivirus software, including Windows Defender. Windows Defender v4.9 has further improved protection against 0-day malware compared to v4.8 by about 9% from 88% to 97% protection. Overall since April 2016 when they last tested Defender v4.8 on Windows 10 the overall protection score has increased from 3 points in April to 4.5 points out of a full 6 in June. These test show a big improvement and I can only imagine the latest Defender 4.10 in the Anniversary update will further improve upon these scores. It seems Microsoft finally is taking Windows Defender seriously.

AV-TEST – The Independent IT-Security Institute
 
H

hjlbx

It is impossible to know from the test results whether the "improvement" is simply due to greater signature detection (Microsoft has made their signature creation process more efficient = faster - or - the increased detection is due to improved features.

Improvement of signature detection by making the signature creation process more efficient is not really a technical improvement - but instead a process improvement.
 

Logethica

Level 13
Verified
Top Poster
Well-known
Jun 24, 2016
636
I do not use Windows Defender as I consider there to be better options..

It is worth noting though that WD is building to do more than just rely on "Signature Based" definitions,...but it may be at a cost.

Windows Defender- Advanced Threat Protection (ATP)
(Article March 1st 2016)
Microsoft is beefing up Windows Defender, the anti-malware program that ships with Windows 10, to give it the power to tell companies that they've been hacked after the fact.

Attacks that depend on social engineering rather than software flaws, as well as those taking advantage of unpatched zero-day vulnerabilities, can evade traditional anti-malware software. Microsoft says that there were thousands of such attacks in 2015 and that on average they took 200 days to detect and a further 80 days to contain, giving attackers ample time to steal data and incurring average costs of $12 million per incident. The catchily named Windows Defender Advanced Threat Protection is designed to detect this kind of attack, not by looking for specific pieces of malware, but rather by detecting system activity that looks out of the ordinary.

For example, a social engineering attack might encourage a victim to run a program that was attached to an e-mail or execute a suspicious-looking PowerShell command. The Advanced Persistent Threat (APT) software that's typically used in such attacks may scan ports, connect to network shares to look for data to steal, or connect to remote systems to seek new instructions and exfiltrate data. Windows Defender Advanced Threat Protection can monitor this behavior and see how it deviates from normal, expected system behavior. The baseline is the aggregate behavior collected anonymously from more than 1 billion Windows systems. If systems on your network start doing something that the "average Windows machine" doesn't, WDATP will alert you.

The system also strives to understand malicious behavior, too. More than 1 million suspicious files are automatically executed and examined within sandboxed environments in the cloud to build a better picture of the abnormal activities that malware and hacks can cause. All this data is crunched and analyzed using machine learning techniques to build models of normal and abnormal system activity. This means that not only can unusual PC behavior be identified, it can also be cross referenced against particular malware.

When errant system behavior is found, WDATP alerts administrators and gives them a view not just of a machine's current activities, but also historic information about network usage, files accessed, and processes run. That an intrusion has occurred may not be detected immediately, but this information should make it easier to determine when machines were compromised and just how far into an organization's systems the intruder managed to penetrate.

As is increasingly the way with Microsoft's software, the whole thing is cloud-based with no need for any on-premises server. A client on each endpoint is needed, which would presumably be an extended version of the Windows Defender client.

While announced today, WDATP is currently being tested on about half a million systems in a private beta. WDATP will become more broadly available in a public preview later the year. Microsoft has yet to decide on what kind of pricing model it will have.
 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
They should think on Developing some Proactive Protection Techniques(like HIPS, Behavior Blocker etc.).
A sandbox maybe, but they mess up a lot of stuff with just updates, could you imagine the damage they could do to a system with improperly coded HIPS or
HIPS based software. It could get very messy lol
 
D

Deleted member 178

They should think on Developing some Proactive Protection Techniques(like HIPS, Behavior Blocker etc.).

A sandbox maybe, but they mess up a lot of stuff with just updates, could you imagine the damage they could do to a system with improperly coded HIPS or
HIPS based software. It could get very messy lol

no need:

- Sandbox? all Win10 Apps run under a "sandbox" already, it is called Appcontainer.
- HIPS: some people can't even stand UAC, I don't even think about an HIPS.
 

NekoHr

Level 3
Verified
Well-known
Feb 5, 2016
139
- Sandbox? all Win10 Apps run under a "sandbox" already, it is called Appcontainer.
- HIPS: some people can't even stand UAC, I don't even think about an HIPS.

Bear in mind that Appcontainer is only available for Universal Windows apps not regular win32 programs.
I don't know how much people use these, I have used Calculator few times and that's it.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top