App Review Windows Defender vs Ransomware! (Shocking Results?)

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
NB InfoTech

monkeylove

Level 13
Verified
Top Poster
Well-known
Mar 9, 2014
617
That's quite the rollercoaster ride of "you cant protect users from themselves".

Under this same roof with me is a windows 11 laptop with nothing but default security and unlock origin in Edge and a copy of portable keepass on the desktop. Nothing is stored on the machine, everything backed up externally and accessed as needed. It is used daily here and has been set up that way for a year and a half now, no infections, breaches or data loss has occured from this machine.

That said, I want to give reason to ponder, how many folks you think out there have nothing but default security in their machines because they are not "computer" people, yet they some how get by and function. If it was seriously so prevalent out there the whole fabric of society would have came to a stand still long ago.

Fear drives most of this as I stated before, the industry does have a habit of producing it. How many products you see nagging users well before the expire date is set to hit that they will be unprotected and end up losing everything if they don't resubscribe soon. Fear keeps users here in this forum from enjoying their systems because their too busy switching security every few days then fixing their systems from all that damage it causes.

You asked about the fear installing with bad guys, well look at social engineering and most scams that nail elderly and the uninformed. The pop up on the desktop claiming the system is infected please call this number, then bring coherce into allowing someone into their system or giving up credit card information because "fear" will motivate them to do so.

Good habits and being diligent will carry users far, farther then any amount of security switching and fear ever will.

Not just users but even developers, tweakers, and techies. And not so much a rollercoaster ride but a description of what's taking place.

How is the laptop used? If it's meant only for browsing a few sites an hour a day, then it can be used in default mode for a very long time. Do or demand more, and you get more complications.

That's also what gives many meanings to "get by". One user loads a page at a time; no performance problem. Another eagerly reads threads in a forum and tries to load all of them at the same time using addons like Snap Links (the user just mentioned might say, "what's that" or "why should I care" while another will say, "wait a minute? you mean there are addons that allow me to do that? where can I find it?"). Use something like Adguard for Windows, and many of the pages won't load; no problem with uBlock Origin. But can the latter be used with Ferdium? (The first user asks: "what's that?" The second: "wait, I don't have to leave several messenging apps open and instead just use that?")

And then something in those pages in "legit" sites leads to malware infection. What happens next? Oh, you didn't follow "good habits". User: but the site was legit! Techie: well, you should have done this or that. User: why didn't you tell me in the first place? Techie: Because I didn't want to scare you.
 

monkeylove

Level 13
Verified
Top Poster
Well-known
Mar 9, 2014
617
I think the fear is perpetuated by users who have some semblance of computer security, such as users on this forum. They know what's out there, the data stealers, ransomware, phishing etc, some overcompensate to try to mitigate these. But for the most part I would say the majority of computer users ( total guess 60%) have no idea or no interest in computer security or good habits, their just happy banging away on their social media accounts. Sure a lot get by and function, but nobody at all has any idea how many are infected, any inferences that they do is just opinion. There are 5 billion computer users in the world, if 1% of the happy users are infected that's 50 million, thats a lot and I'm sure the number is much higher than 1%. I've seen numbers that range from 10-50%.

I think that's what experts in various fields say: people are just happy to drive cars, operate machinery, etc., as long as they "get by and function." And in several cases, several complain that these experts are simply overcompensating.

In which case, one should balance the two: don't rely too much on "good habits" and similar, like letting the user play the role of security app and choose what to allow or deny. Instead, get better set-and-forget security. The same applies to backups. Why? Because these non-experts in computer security might be too busy being experts in other things.
 

monkeylove

Level 13
Verified
Top Poster
Well-known
Mar 9, 2014
617
That's it, shut down the net, up to half the worlds computer populace has lost all their finances.

I'm not trying to be rude as much as I'm trying to get people to use their eyes and not just for reading what they are told in articles. Look around, the system would crash if those type of numbers were realistic.

Above I asked for a solution because all I read here is fear talk or users piling rediculous amounts of security in their systems as you said overcompensating.

How are good habits and being diligent not enough, and if not enough, what's the answer, quick someone share it before the matrix folds.

I'm going to walk into the next persons house that asks for help, segment their network, place one system on one portion, this is your banking segment, use it for nothing else, place another, this is your social segment use it for nothing else and so on.

See how rediculous that sounds.

Create system images, store offline, back up personal stuff, do this externally, keep nothing stored on the machine. Use ad blockers in the browser, clear cookie sessions when through, use a password manager if need be, set 2fa, use authentication apps if needed, limit sharing the devices, use diligence in checking downloads before executing, check web addresses and links in emails and apps via virus total.

This, this is good habits and diligence. I have seen it put into practical use, and it works. I'm not saying it's bullet proof, but guess what, none of these apps and combined security enthusiast set ups are either, no matter how much you try, someone will show you it's vulnerable.

But if you monitor what's on the system, what's introduced, have contingency in place, and be diligent about it, you lesson this chance greatly.

It's not hard, it's just not convenient which bothers some, they want a do it for them solution.

If it's not bullet-proof, then it doesn't work.

As for monitoring, try saying that to overworked experts (in other things) in corporations. Why do you think they have to hire technical staff?
 
F

ForgottenSeer 109138

Not just users but even developers, tweakers, and techies. And not so much a rollercoaster ride but a description of what's taking place.

How is the laptop used? If it's meant only for browsing a few sites an hour a day, then it can be used in default mode for a very long time. Do or demand more, and you get more complications.

That's also what gives many meanings to "get by". One user loads a page at a time; no performance problem. Another eagerly reads threads in a forum and tries to load all of them at the same time using addons like Snap Links (the user just mentioned might say, "what's that" or "why should I care" while another will say, "wait a minute? you mean there are addons that allow me to do that? where can I find it?"). Use something like Adguard for Windows, and many of the pages won't load; no problem with uBlock Origin. But can the latter be used with Ferdium? (The first user asks: "what's that?" The second: "wait, I don't have to leave several messenging apps open and instead just use that?")

And then something in those pages in "legit" sites leads to malware infection. What happens next? Oh, you didn't follow "good habits". User: but the site was legit! Techie: well, you should have done this or that. User: why didn't you tell me in the first place? Techie: Because I didn't want to scare you.
Good habits includes not loading your browser down with junk extensions, much like toolbar days are long gone, remember those and how much fun they cause.

Yes good habits include using your head.

The laptop is used for everything from personal to home business and fairs quite well, although it's not used to experiment with every junk application in the net.

Your really stretching and grabbing here in what appears to either be a mellow smear or peeing contest. If either, please take your time, grab up a pencil, put some thoughts into it, make it more suspenseful.
 

monkeylove

Level 13
Verified
Top Poster
Well-known
Mar 9, 2014
617
Good habits includes not loading your browser down with junk extensions, much like toolbar days are long gone, remember those and how much fun they cause.

Yes good habits include using your head.

The laptop is used for everything from personal to home business and fairs quite well, although it's not used to experiment with every junk application in the net.

Your really stretching and grabbing here in what appears to either be a mellow smear or peeing contest. If either, please take your time, grab up a pencil, put some thoughts into it, make it more suspenseful.

What about non-junk extensions that turn out to be junk extensions? Or legit apps that have been unknowingly compromised with people finding out too late? Or legit sites? Or updates that have been compromised?

If good habits are all that's needed then one wouldn't need security apps at all.

Again, it's an anecdote that could have been made up, and might not even represent laptop usage.

Finally, peeing contest? You must be kidding. Everything I've said so far is based on common sense.
 
F

ForgottenSeer 109138

What about non-junk extensions that turn out to be junk extensions? Or legit apps that have been unknowingly compromised with people finding out too late? Or legit sites? Or updates that have been compromised?
Oh you mean applications or extensions that basically have been whitelisted and would slide right past most security applications.

If good habits are all that's needed then one wouldn't need security apps at all.
Dont seem to recall stating to disable all security and just using good habits. Just stated over lapping ridiculous redundant and restricting security is not necessary.
Again, it's an anecdote that could have been made up, and might not even represent laptop usage.
Again your stretching and just looking to cause issue at this point or have a serious ego problem.

Finally, peeing contest? You must be kidding. Everything I've said so far is based on common sense.
It seems we have different definitions of common sense, because what you are suggesting does not apply to average users, but advanced ones. I asked you to leave a solution and again nothing but continuous reasons why your right, I'm wrong and the world needs tons of security.

Now provide a solution that average users can use to get by safely on the net while keeping their systems usable, I'm waiting.
 
Last edited by a moderator:
F

ForgottenSeer 109138

im shocked with these comments
Think this is fun, then say something about one of the products directly here and watch how fast you get mobbed. In a forum full of enthusiast trying to state one can get by with good habits and diligence is mocked, because you need to be very afraid of the internet, run ridiculous amounts of security that most of them do not understand how to use properly in order to survive. So when a user comes along trying to reinforce using habits that will save them headaches in the long run, you would think it would be met with more gratitude then constant badgering.
 

monkeylove

Level 13
Verified
Top Poster
Well-known
Mar 9, 2014
617
Oh you mean applications or extensions that basically have been whitelisted and would slide right past most security applications.


Dont seem to recall stating to disable all security and just using good habits. Just stated over lapping ridiculous redundant and restricting security is not necessary.

Again your stretching and just looking to cause issue at this point or have a serious ego problem.

It seems we have different definitions of common sense, because what you are suggesting does not apply to average users, but advanced ones. I asked you to leave a solution and again nothing but continuous reasons why your right, I'm wrong and the world needs tons of security.

Now provide a solution that average users can use to get by safely on the net while keeping their systems usable, I'm waiting.

I'm referring to legit software and sites that are infected later.

I'm not talking about disabling all security but the claim that good habits can make up for that. One good habit is to stick to legit software. After that, news emerges that the company was attacked weeks ago, they only realized now, and software downloaded or updated those weeks have been compromised.

Why continued labeling, e.g., "serious ego problem"? Don't take this personally.

My suggestions actually apply to average users, i.e., set-and-forget. Advanced users would search the web, participate in forums, do tests on their own machines, etc.

Finally, I provided a solution here:


I think you've wasted enough of my time.
 
F

ForgottenSeer 107474

Number 1 rule in safe-hex is (for Windows) run as standard user (only few MT members practice this).

Number 2 rule in safe-hex is wait a few days after downloading software before installing it (solves most zero day risks, security hobbiest want to design the perfect third party layered protection against).

Number 3 is "when in doubt, don't let the user decide" (reason why HIPS & UAC prompts are stupid and SAC & WDAC-ISG are smart).

Above is only an opinion, not based on A-B field test
 
Last edited by a moderator:

Nevi

Level 12
Verified
Top Poster
Well-known
Apr 7, 2016
568
Number 1 rule in safe-hex is (for Windows) run as standard user (only few MT members practice this).

Number 2 rule in safe-hex is wait a few days after downloading software before installing it (solves most zero day risks, security hobbiest want to design the perfect third party layered protection against).

Number 3 is "when in doubt, don't let the user decide" (reason why HIPS & UAC prompts are stupid and SAC & WDAC-ISG are smart).

Above is only an opinion, not based on A-B field test
Good advice about using a standard account. I have started with it again the last year, and I keep doing it this time. Another thing I have made a habit, is to have Kasperskys free KVRT, and MBAM free ready. WHEN I download things (not very often) I always scan it with these 2 scanners. They are both free, and will take 95% of the crud. I'm using Eset NOD 32 AV. MD is not good enough IMO. :)
 
F

ForgottenSeer 109138

Good advice about using a standard account. I have started with it again the last year, and I keep doing it this time. Another thing I have made a habit, is to have Kasperskys free KVRT, and MBAM free ready. WHEN I download things (not very often) I always scan it with these 2 scanners. They are both free, and will take 95% of the crud. I'm using Eset NOD 32 AV. MD is not good enough IMO. :)
Standard account is very good advice. So are the other two listed especially number 2.

Allowing a download to sit for a couple days inert allows time if it is indeed a zero day to be discovered in the wild and signatures formed for it.

They are both free, and will take 95% of the crud.

Whats also free is virus Total, and no need to download two 3rd party applications to your system. Even if applying number 2 good advice above, I would scan it with VT to ensure before executing it.

If you combine all the "good habits", you have minimized the chances to such a low percentage of anything happening in a realistic world. Microsoft Defender is more then enough, part of the OS, best compatibility, and does not extend the attack surface by adding more bugs.
 

monkeylove

Level 13
Verified
Top Poster
Well-known
Mar 9, 2014
617
Don't look for what's perfect but what's better, and that includes security programs that can make decisions for users.

Don't assume that they'll wait for a few days before downloading something, or that updates will be done delayed, etc., or that they will always remember to scan everything with two additional apps, etc. The first will have to be kept secure and the second done automatically, too.
 
  • Like
Reactions: Nevi
F

ForgottenSeer 109138

Don't look for what's perfect but what's better, and that includes security programs that can make decisions for users.

Don't assume that they'll wait for a few days before downloading something, or that updates will be done delayed, etc., or that they will always remember to scan everything with two additional apps, etc. The first will have to be kept secure and the second done automatically, too.
This here is exactly why I have been pushing the "good habits" so much lately, as users here think that if they throw a more robust solution on their system then they can be lax about their habits and are covered, its a false sense of security. They can actually be safer using Windows default securities and good habits " the word habit means to do until it becomes second nature" then using a product they most likely will not understand how to use properly which could actually cause them to be more vulnerable then they already were from misconfiguration and or from bugs they may introduce with the product that expands their attack surface.
 
Last edited by a moderator:

monkeylove

Level 13
Verified
Top Poster
Well-known
Mar 9, 2014
617
This here is exactly why I have been pushing the "good habits" so much lately, as users here think that if they throw a more robust solution on their system then they can be lax about their habits and are covered, its a false sense of security. They can actually be safer using Windows default securities and good habits " the word habit means to do until it becomes second nature" then using a product they most likely will not understand how to use properly which could actually cause them to be more vulnerable then they already were from misconfiguration and or from bugs they may introduce with the product that expands their attack surface.

"Good habits" involve having the same time and knowledge as tweakers. That's not likely for most.

Why? Because they're too busy to understand what they need to use. It's like people who drive cars but don't know how they work.
 

monkeylove

Level 13
Verified
Top Poster
Well-known
Mar 9, 2014
617
Standard account is very good advice. So are the other two listed especially number 2.

Allowing a download to sit for a couple days inert allows time if it is indeed a zero day to be discovered in the wild and signatures formed for it.



Whats also free is virus Total, and no need to download two 3rd party applications to your system. Even if applying number 2 good advice above, I would scan it with VT to ensure before executing it.

If you combine all the "good habits", you have minimized the chances to such a low percentage of anything happening in a realistic world. Microsoft Defender is more then enough, part of the OS, best compatibility, and does not extend the attack surface by adding more bugs.

Until something doesn't run and you have to drive over to find out what went wrong. As for letting something to sit a coiple of days, how long? You let it sit for five days and then they report on the sixth that it's infected. Meanwhile, you have to run it before work ends at 5.

You can upload to VT to check. How many users know how to do that? And if most report that it's safe and a few not, what to do? Search some more online to see what's going on. Meanwhile, you have more work to do.

Tweakers live in a fantasy world where they think everyone has as much time and effort as they do.
 
  • Like
Reactions: Jan Willy
F

ForgottenSeer 109138

"Good habits" involve having the same time and knowledge as tweakers. That's not likely for most.

Why? Because they're too busy to understand what they need to use. It's like people who drive cars but don't know how they work.
It's like people who drive cars but know how they work. I'm not sure why you chose that analogy because it's exactly like that.

Like how to put it in gear, or use the gas pedal, or brake, how to signal when they turn, how to start it or shut it off. Like that?

Or as they gain experience and learn to be safer on the road by knowing how to slow down on rainy days, how not to hydroplane, merge in out of traffic at highway speeds things they learn over time to keep safer as they learn to navigate. How to take precautions like checking air tire pressure, fluids in their vehicles so not to break down or cause accidents.

Your right, we should not encourage that or even have lessons required before a license, we should just weld bush guards all mad Max style and turn em loose, what's the worst that could happen.
 
Last edited by a moderator:

monkeylove

Level 13
Verified
Top Poster
Well-known
Mar 9, 2014
617
It's like people who drive cars but know how they work. I'm not sure why you chose that analogy because it's exactly like that.

Like how to put it in gear, or use the gas pedal, or brake, how to signal when they turn, how to start it or shut it off. Like that?

Or as they gain experience and learn to be safer on the road by knowing how to slow down on rainy days, how not to hydroplane, merge in out of traffic at highway speeds things they learn over time to keep safer as they learn to navigate. How to take precautions like checking air tire pressure, fluids in their vehicles so not to break down or cause accidents.

Your right, we should not encourage that or even have lessons required before a license, we should just weld bush guards all mad Max style and turn em loose, what's the worst that could happen.

Right, and then something goes wrong, and you'll need a repair man. Unless you want fix the car yourself. The damage could have been caused by wear-and-tear, wrong driving, a defect in the vehicle, or force majeure. (You'll need insurance for the latter.)

Getting a license involves correcting one of those. For the rest....

That's why the meaning of "good habits," together with security program features, keeps changing.

First, it's just making sure you visit "safe" websites and software. Now, it's putting adblockers and security add-ons, plus getting security programs that go beyond just signature-checking in case "safe" is no longer safe.

Meanwhile, there are always chances that one will forget, especially in a rush (and in a 24-7 world where customers want goods and services pronto that'll always take place: you gotta do things better and faster), so things better be automated and done quickly, like having something run automatically in a virtual box instead of doing it manually or letting it sit for days (as if every job in the world essentially involves doing that), or using cloud detection instead of doing things manually and sending what's downloaded for various sites to be tested, and so on. Meanwhile, it turns out there's a reason why certain features are turned off in various apps, including built-in ones.

Reminds me of Microsoft telling users to turn off virtualization (in case they turned it on) in case of a slowdown, and then remember to turn it on again after.

Again, my point isn't that "good habits" aren't needed (similar to advice about common sense and using backups) but that it's not enough, and the fact that one keeps adding to its meaning (download only "safe" software, but in case it isn't safe, you better not run it until someone tells you that it's safe, or send it to someone to test it; visit only "safe" websites, but in case they're not safe, you better contact others and ask them if it's safe, or install something that looks at the website to see if it's really safe and/or ask others who visited the site and see what happened to them, and so on) shows that it's not sufficient advice.

It gets worse when one counters this by saying that one is just be paranoid, or that one is simply overreacting, and that there are only an x percent chance that you'll be infected, so don't worry, or just backup because everyone knows that as long as you restore your data you'll be fine (just imagine that it wasn't stolen).
 
  • Like
Reactions: Nevi

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top