App Review Windows Defender vs Ransomware! (Shocking Results?)

[Trident]

Some people will not learn good habits, similarly to those who will never learn mathematics. Even if you spend much time learning them, they cannot fully rely on good habits. The same can be true with "Layered protection". It cannot protect someone who cannot resist running shady stuff and turns off the protection.

The human brain has much more processing power so a user who developed “natural heuristics” may recognise malicious site based on its poor quality or malicious file based on icon (for example pixelated or does not correspond to what the file claims to be), size (for example it claims to be Norton installer but it is 700MB), name and others.
These are very difficult to explain to a machine even with ML models.

Imagine a scenario where a developer wants to implement a password-grabbing parser so they can scan password-protected archives. User will see the password (wherever it is) in seconds and will even be able to solve a challenge for it.
For a machine-based parser, most likely thousands of pages and archives will have to be classified and fed into an ML model so the system can identify passwords and it still won’t be 100% efficient.
That’s just one example of machine vs human intelligence.

Static analysis on the other side will look at usually over 4000 features, most of which a human won’t understand. Combined together, the “user heuristics“ and additional checks + technology will have greater visibility.

Problem is not everyone can develop the “natural heuristics” mentioned above, a lot of people are just not interested in all that.

 

[Practical Response]

Back to the topic.
I do not think that one can prove the superiority of "Layered protection" over "Good habits" (and vice versa). For example, I prefer "Good habits" for me, and "Layered protection" for my family and friends.
It is like a confrontation in the court when one party says "I am innocent" and the second "You are guilty", with no witnesses.
Simply, there is no sufficient research about "Layered protection" and "Good habits", and personal experience can always be questioned.

Speaking of on topic. These tests much like POCs are not accurate. There is no route of infection displayed. Most POCs are not in the wild but as the name suggests a concept. Most of these "infections" are distributed via phishing campaigns, which literally means good habits could stop them. Recognizing and not clicking that link in a scam email. Backing up personal items externally and having images of the system will do the same, as in this case if ransomware were to just literally jump on the computer and be executed from the desktop.

As I stated in an earlier post, ask the user now seeking help to decrypt his files if good habits should have been administered.

 

[Practical Response]

Problem is not everyone can develop the “natural heuristics” mentioned above, a lot of people are just not interested in all that.

I keep reading from others "not you" that its too much work to learn/deploy habits. I'm curious how much work they think deploying layered security is, and how much it takes to maintain it, learn it properly to be effective and to not misconfigure it so as to expose in a wider attack surface.

The very word habit means "to do often in a repeated way".

 

[Andy Ful]

If I could advise something to MT readers (security-aware users), it would be something like that:
Use popular AV, inspect your habits, and then adjust the protection to cover bad habits.

 

[Practical Response]

If I could advise something to MT readers (security-aware users), it would be something like that:
Use popular AV, inspect your habits, and then adjust the protection to cover bad habits.

Again I would disagree, as when a user has bad habits, and expects the security to save him from himself, it will fail at some point.

 

[Andy Ful]

Again I would disagree, as when a user has bad habits, and expects the security to save him from himself, it will fail at some point.

I do not say that it is a perfect solution. Anyway, some people are terribly unhappy without some bad habits.
I also do not say that you are wrong, but only that it is impossible to convince your opponent that he is wrong.

 

[Practical Response]

I do not say that it is a perfect solution. Anyway, some people are terribly unhappy without bad habits.
I also do not say that you are wrong, but only that it is impossible to convince your opponent that he is wrong.

I will divert attention back to post 103, and digress from that point forward.

 

[monkeylove]

I'm not sure specifically what you are referring to when you mention the second one. Anyway no matter what the context is, the 5% means absolutely nothing in my specific case, as I'm not getting infected. I've visited hundreds or thousands of random websites without getting infected. Not because of an antivirus stopping me from getting infected, but because it is very rare to get infected just by visiting a website on a patched PC. I don't need to prove anything to a random person on the internet. I speak based on years of experience and have no reason to mislead anyone, but if you choose not to believe me I couldn't care less. Particularly when it seems you are unsure of what you're saying. As an example you said "I think it's possible for malware to reside on systems without the user knowing it." You bizarrely think you know best, yet you weren't even sure about an obvious thing like that.

My reading of the thread is a 5 pct chance of infection. And my point isn't that: it's that reports were used from AV Comparatives, which is why they're meaningful. Your anecdotes, OTOH, can't be verified and are likely not representative of the population, which makes them meaningless.

 

[monkeylove]

1. You stated above habits were not enough and what about a legitimate website infection, I listen two things one can change easily if they felt that habits were not enough but of course you twist this.

2. Do you check your bank every few hours, probably not, so really not a serious reply, just another attempt much like your accusations of attacking while you carry this on. Keep in mind anyone reading this is now being derailed from good advice by your attempts to cause problems.

3. If you wish to be lazy without habits that is your choice, if you wish to have your 3rd party app try to protect you from yourself, again, your choice. Is it a wise choice, well you determine that and hopefully the readers see through your attempts here as I do.

There's nothing to twist because you just proved my point.

Of course, you don't, which is why the point about having "good habits" makes no sense. The best you can do is to let the security program scan the site that you visit even though it's legit. I think your point is that the security program might fail, so you need to enter the URL in another site to check it against various security systems. Thus, the definition of "good habits" starts with going only to "legit" sites, but now because the same sites might be infected, then they should be checked, too. And since one's security app might fail, then use secondary scanners and submit the URL to another site for checking.

Your third point is notable: if you don't do those three things, then does that make one "lazy"? And then you make it appear in the last part of your post that "hopefully the readers see through [my] attempts here as I do". What attempts are those?

 

[monkeylove]

Exactly the point I've been trying to make you claim is not correct.

I was not claiming that that was wrong. What is is your belief that "good habits" suffice. Review our discussion and you will see my point.

 

[monkeylove]

Let's get back on topic shall we, the discussed video that started this, was because I stated that with imaging personal backups stored off line would have negated this particular issue. Let's get down to the malware removal forum and ask the latest user to post a ransomware infection about the security they had, how it got bypassed and why they are desperately trying to to find a way to decrypt all their important files now.

Then tell me again how "habits" would not of saved the day, this time try not deflecting with infostealers and other scenarios that have not happened in the video. Try placing advice that would help a user in this scenario as obviously the security they had in place failed, just as it did for the user in the help section.

Restoring from backups don't negate data theft.

 

[monkeylove]

The discussion about which is better (or more important) resembles a great audition (slightly satiric) from Polish radio: "About the superiority of Easter over Christmas" (O wyższości świąt Wielkiejnocy nad świętami Bożego Narodzenia).

Back to the topic.
I do not think that one can prove the superiority of "Layered protection" over "Good habits" (and vice versa). For example, I prefer "Good habits" for me, and "Layered protection" for my family and friends.
It is like a confrontation in the court when one party says "I am innocent" and the second "You are guilty", with no witnesses.
Simply, there is no sufficient research about "Layered protection" and "Good habits", and personal experience can always be questioned.

Some people will not learn good habits, similarly to those who will never learn mathematics. Even if you spend much time learning them, they cannot fully rely on good habits. The same can be true with "Layered protection". It cannot protect someone who cannot resist running shady stuff and turns off the protection.

Exactly. If everyone had the same amount of time and resources available, they'd follow "good habits," too. And the phrase refers to tweaking the system, investigating the internals, reading the logs to see if anything is amiss, and so on. That's what techies do.

Some people will not learn that because they're learning other things. And they have little time and resources for that because they use it for other things. In short, they're not techies but something else.

Lastly, from what I've been reading in this forum, you no longer need to run "shady stuff" or even turn off protection for problems to happen. That is, malware can also be found in "non-shady" stuff and protection used might not be enough.

 

[roger_m]

My reading of the thread is a 5 pct chance of infection. And my point isn't that: it's that reports were used from AV Comparatives, which is why they're meaningful. Your anecdotes, OTOH, can't be verified and are likely not representative of the population, which makes them meaningless.

Yet again you've provided no context. You truly are clueless if you keep repeating 5% over and over again and you don't know what specifically the 5% refers to. Since you don't believe it's possible to visit thousands of random websites without getting infected, can you tell me the last time you were infected just by visiting an infected website? Not by opening any downloads which came from the site, but just from visiting it.

 

[monkeylove]

It's a agree to disagree at this point.

Balanced good habits with security has been my position here. Layered security not properly configured leads to vulnerability aka expanding the attack surface. While you as a truly advanced person could implement such security for your family and maintain it, most here could not.

Trying to convince users here to use Windows as it was designed, simply setting a admin account with several "standard user accounts for family" seems to be too daunting for most.

So recommending contingencies should something happen coupled with habits to minimize with no matter what security they are running seems the best viable solution. Encouraging users not to over lap security, expand their attack surface with more bugs, vulnerabilities, misconfurarions, but bolster habits of taking time to verify things, and always keep things backed up seems to me the better way.

Again, the ave. user needs to "[take] time to verify things," but that's not what happens in the real world. Go back to our discussions and you'll see what I mean. You say let a downloaded file sit it out for several days (or longer), but what if it's needed for work right away? You say check it via secondary scanners first and even sites like Virustotal to be sure. Again, what happens if it's needed for work right away, and the user has so many other things to do? Will he remember? Will he have the time to do such?

You are working on the premise that the average user is like you. That is, you have a lot of free time to verify things and even study logs to see what's going on.

 

[monkeylove]

The human brain has much more processing power so a user who developed “natural heuristics” may recognise malicious site based on its poor quality or malicious file based on icon (for example pixelated or does not correspond to what the file claims to be), size (for example it claims to be Norton installer but it is 700MB), name and others.
These are very difficult to explain to a machine even with ML models.

Imagine a scenario where a developer wants to implement a password-grabbing parser so they can scan password-protected archives. User will see the password (wherever it is) in seconds and will even be able to solve a challenge for it.
For a machine-based parser, most likely thousands of pages and archives will have to be classified and fed into an ML model so the system can identify passwords and it still won’t be 100% efficient.
That’s just one example of machine vs human intelligence.

Static analysis on the other side will look at usually over 4000 features, most of which a human won’t understand. Combined together, the “user heuristics“ and additional checks + technology will have greater visibility.

Problem is not everyone can develop the “natural heuristics” mentioned above, a lot of people are just not interested in all that.

It's not that they're not interested in it. Rather, they have other things to do.

 

[monkeylove]

Speaking of on topic. These tests much like POCs are not accurate. There is no route of infection displayed. Most POCs are not in the wild but as the name suggests a concept. Most of these "infections" are distributed via phishing campaigns, which literally means good habits could stop them. Recognizing and not clicking that link in a scam email. Backing up personal items externally and having images of the system will do the same, as in this case if ransomware were to just literally jump on the computer and be executed from the desktop.

As I stated in an earlier post, ask the user now seeking help to decrypt his files if good habits should have been administered.

Good grief. It's like advice given to people who are encouraged to tweak their systems and then discover that they lead to unintended consequences.

"Well, you shouldn't have done that, then."

 

[monkeylove]

I keep reading from others "not you" that its too much work to learn/deploy habits. I'm curious how much work they think deploying layered security is, and how much it takes to maintain it, learn it properly to be effective and to not misconfigure it so as to expose in a wider attack surface.

The very word habit means "to do often in a repeated way".

The problem isn't that it's too much work but that users have many other things to do. And "learning [things] properly" don't necessarily help because the "habits" tend to shift considerably given failures:

"Did you let it sit for seven days?"

"Yes, and my work was delayed because of that. I did open it after eight days, and I still got infected. What happened?"

"They found out that it was infected on Day 8."

"What should have I done?"

"You should have waited eight days."

 

[monkeylove]

If I could advise something to MT readers (security-aware users), it would be something like that:
Use popular AV, inspect your habits, and then adjust the protection to cover bad habits.

Exactly. Advice to be security-aware applies to those who are security-aware.

 

[monkeylove]

Again I would disagree, as when a user has bad habits, and expects the security to save him from himself, it will fail at some point.

You use the site of your bank regularly, and you've been working with the bank for many years, and you know it to be safe. Still, you have standard protection, and something that Practical Response supports. Then you get infected, and it turns out that the bank site was attacked and the bank itself didn't know until later. Your Practical Response software didn't save you from yourself. The last point implies that it was your fault for trusting a bank whose site you've been using for many years.

Apparently, your good habits weren't enough.

 

[monkeylove]

Yet again you've provided no context. You truly are clueless if you keep repeating 5% over and over again and you don't know what specifically the 5% refers to. Since you don't believe it's possible to visit thousands of random websites without getting infected, can you tell me the last time you were infected just by visiting an infected website? Not by opening any downloads which came from the site, but just from visiting it.

If I can find the thread in this forum, I'll let you know. For now, all I can say is that I consider reports from AV Comparatives and others as verifiable and representative, and thus meaningful, and your personal anecdotes not.