App Review Windows Defender Review - Default Protection good enough?

  • Thread starter MalwareBlockerYT
  • Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
D

Deleted member 178

Thread author
reboot said:
So it is probably fair to say that this is more of a 'real test' than the average security hobbyist could ever produce. Correct?
Click to expand...
Yes and No, what is a real test?
to me , it is :

1- Take several average users
2- teach them the basis of how works the native security as you would give the driving license learning book to wannabe drivers
3- let them surf as they do at home.
4- sometimes send them some phishy emails with malicious links/samples.
5- observe the behaviors of the users and how respond the software. this is the most important point.

Security softwares always reacts after the user behavior.

That is real world test and no labs could ever produce it because it is lot of time and wasted resources. What youtesters/labs does is an extrapolation of this test , so it is inherently inaccurate by design. Average users won't encounter hundreds of samples in their life , and surely not 5 in less than 10mn...

Some labs are using methodolgies that seems more professional and neutral than others, on the test i provided you; if you read carefully, engineers evaluate the legitimacy of the samples used and adapt this volatility into the test.

But remember this test (as all tests) were made in an specific point in time. So just take it as information not as a forever rule because as you know things are always evolving.
I find funny some people bashing products by pointing tests months/years old...
 
Last edited by a moderator:
  • Like
Reactions: Zar_, reboot and Evjl's Rain
Av Gurus

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
Umbra said:
Not for Windows' native security , because it would be difficult to find a malware that bypass it on its own.

if i would make a basic guideline, it would be:

3- click "no" to every Smartscreen & UAC prompts
Click to expand...

UAC has three color warnings, whether all the color block, or just some?
How to install this apps if a UAC as in the picture?

Clipboard02.jpg Clipboard03.jpg Clipboard01.jpg
 
Last edited:
  • Like
Reactions: Andy Ful
reboot

reboot

Level 3
Verified
Well-known
Jan 27, 2017
139
Umbra said:
Yes and No, what is a real test?
to me , it is :

1- Take several average users
2- teach them the basis of how works the native security as you would give the driving license learning book to wannabe drivers
3- let them surf as they do at home.
4- sometimes send them some phishy emails with malicious links/samples.
5- observe the behaviors of the users and how respond the software. this is the most important point.

Security softwares always reacts after the user behavior.

That is real world test and no labs could ever produce it because it is lot of time and wasted resources. What youtesters/labs does is an extrapolation of this test , so it is inherently inaccurate by design. Average users won't encounter hundreds of samples in their life , and surely not 5 in less than 10mn...

Some labs are using methodolgies that seems more professional and neutral than others, on the test i provided you; if you read carefully, engineers evaluate the legitimacy of the samples used and adapt this volatility into the test.

But remember this test (as all tests) were made in an specific point in time. So just take it as information not as a forever rule because as you know things are always evolving.
I find funny some people bashing products by pointing tests months/years old...
Click to expand...

Your post is absolute gold! I hope it doesn't get lost in this thread or the content goes right over people's heads and they totally miss your point.
 
  • Like
Reactions: Deleted member 178
D

Deleted member 178

Thread author
Av Gurus said:
UAC has three color warnings, whether all the color block, or just some?
How to install this apps if a UAC as in the picture?
Click to expand...

all three seems signed executables (doesn't mean they are safe , just signed) so UAC advise to allow the elevation if you were the initiator of the execution (UAC is just an elevation blocker, not an anti-malware).
If you are not the initiator of the execution, deny the elevation.

UAC colors code :

- blue signed
- orange : unsigned
- red: blocked by admin

UAC Processes and Interactions

shouldn't be much different on Win10
 
  • Like
Reactions: Andy Ful, silversurfer and Av Gurus
D

Deleted member 178

Thread author
reboot said:
Your post is absolute gold! I hope it doesn't get lost in this thread or the content goes right over people's heads and they totally miss your point.
Click to expand...

i will create a thread so people like you will find it. thx ;)
 
  • Like
Reactions: Andy Ful
Handsome Recluse

Handsome Recluse

Level 23
Verified
Top Poster
Well-known
Nov 17, 2016
1,242
Umbra said:
LOOOOOOOOOOOOOOL flawed videos as usual ... you clicked yes on UAC with every unknown files then " oh i got Cerber !!!," come on gimme a break.... pff....youtesters....same crap over and over...
i stopped watching.

oh by the way, how those malware sample comes from ? downloaded from internet on the testing system? because if not, smartscreen won't detect them.

Smartscreen detect only files downloaded in the current system because they will have the current system 's tag "mark of the web" If coming from another system , they won't.

you can replicate this by downloading the file by the VM-ed browser and the same file on the real system. Then disable internet (blocking Smartscreen reputation check) , and run each of them separately on the VM.
result: the exe downloaded from the real system and imported in the VM won't be blocked.

My conclusion: you want compare fairly WD ? compare it with just the scanner module of other products , not with the HIPS/BB/webfilters enabled. and most of all, learn the basic of security.

only amateur...




WD and all native security was made to give to the average user basic protection without any hassle and incompatibilities. Not to backup idiots happy clickers.



this videos is exactly the essence BS of youtesters. They do in videos what they will never do on their system...and don't even understand security.

serious and skilled IT don't care of youtesters, they have their skills.



Happy clickers are lost cause, because they don't even try to use their brain when it comes to computer...ask your mother if she would drink from an opened bottle some strangers gave her , surely not...

If you mother is an happy clicker and can't follow 3 safe habits , then you should enforce SUA or guest account with passworded UAC, disable elevation of unsigned files , etc... then put a system-wide virtualization software like Shadow Defender or an some Software Restriction Policy because even with the best security soft she will manage to be infected somedays.
Click to expand...
@Umbra Maybe it's not suppose to be fair. Microsoft has to deal with basically every security company out to get them while still trying to provide users the most security as is usable.
 
  • Like
Reactions: Andy Ful and Deleted member 178
D

Deleted member 178

Thread author
TerrakionSmash said:
@Umbra Maybe it's not suppose to be fair. Microsoft has to deal with basically every security company out to get them while still trying to provide users the most security as is usable.
Click to expand...
Those Vendors should be glad that MS just don't lock them out Windows. After all MS allow them to live and get incomes :p
 
D

DC47561

Level 3
Verified
Feb 3, 2017
102
As would a lot of other security enthusiasts/testers - including myself. We would all have to find a different hobby/profession! ;)
 
  • Like
Reactions: Andy Ful
Av Gurus

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
Umbra said:
all three seems signed executables (doesn't mean they are safe , just signed) so UAC advise to allow the elevation if you were the initiator of the execution (UAC is just an elevation blocker, not an anti-malware).
If you are not the initiator of the execution, deny the elevation.

UAC colors code :

- blue signed
- orange : unsigned
- red: blocked by admin

UAC Processes and Interactions

shouldn't be much different on Windows 10
Click to expand...

This means that your rule "click NO to every SmartScreen & UAC prompts" is not exactly the most accurate?

Clipboard02.jpg
 
D

Deleted member 178

Thread author
Av Gurus said:
This means that your rule "click NO to every SmartScreen & UAC prompts" is not exactly the most accurate?
Click to expand...

you do the same mistake as many people, you take on line out of context , read carefully all the sentences.

"If you are not the initiator of the execution, deny the elevation."

You got it now? ;)
 
  • Like
Reactions: Av Gurus

Similar threads

Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Microsoft Defender Antivirus (Default Settings + DefenderUI Recommanded Settings)
Replies
34
Views
3,284
Video Reviews - Security and Privacy
lokamoka820
lokamoka820
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Microsoft Defender Antivirus + Windows 11 Smart App Control (SAC)
Replies
44
Views
3,333
Video Reviews - Security and Privacy
tofargone
tofargone
oldschool
    • Like
    • +Reputation
    • Thanks
New Update Enhanced Phishing Protection in Microsoft Defender SmartScreen
Replies
11
Views
905
Windows 11
simmerskool
simmerskool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top