App Review Windows Defender vs Ransomware! (Shocking Results?)

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
NB InfoTech
F

ForgottenSeer 109138

I think he was referring to data theft from your computer. You download a data miner on your computer and your hooped, backup not going to fix that.
Oh I'm aware, and the type of user that keeps everything backed up offline and not stored on the system, browser cleared after use ect. Nothing on computer, nothing to take, hence what I have divulged is only on a need bases.

This back n forth banter of you will never win if a hacker is determined is not necessary. You do the best you can with off line storage and back ups, keep your system lean and clean, carefully check things you are about to execute before hand and check address legitimacy on the web, it's the best any of us can do in this always volatile environment.
 

monkeylove

Level 13
Verified
Top Poster
Well-known
Mar 9, 2014
617
Usability, if I had to guess. They're fine for us techies that are able to deal with any false positives that crop up, but good luck guiding your 60-year old mother through adding a file path to exclusions via powershell.

And not just 60-year-old mothers but lawyers, surgeons, bankers, etc., who have a lot of work and little time to figure out what went wrong.
 

monkeylove

Level 13
Verified
Top Poster
Well-known
Mar 9, 2014
617
Nope but they ensure you don't lose anything. Data theft is as simple as what you divulge, since no one can guarantee it's safety.

Data theft isn't that simple, as malware can steal data even if you chose not divulge such. The point is that your data remains stolen even as you recover it from a backup and think that you're safe because of that.
 

monkeylove

Level 13
Verified
Top Poster
Well-known
Mar 9, 2014
617
Oh I'm aware, and the type of user that keeps everything backed up offline and not stored on the system, browser cleared after use ect. Nothing on computer, nothing to take, hence what I have divulged is only on a need bases.

This back n forth banter of you will never win if a hacker is determined is not necessary. You do the best you can with off line storage and back ups, keep your system lean and clean, carefully check things you are about to execute before hand and check address legitimacy on the web, it's the best any of us can do in this always volatile environment.

You do your best using backups and better security. Also, more malware may emerge that don't involve user activity, that can operate even in "legitimate" software and websites, etc.
 
F

ForgottenSeer 109138

You do your best using backups and better security. Also, more malware may emerge that don't involve user activity, that can operate even in "legitimate" software and websites, etc.
Yes and I can step outside and get hit by lightning, but just as the odds are of that, have been my infection rate. I have not had an infection in many years using methods I stated above in my post, I'm willing to bet many other members here can claim the same, so it boils down to scare tactics which is what the bad guys do, the good guys should not be using them too.

POCs and possibly scenarios vs what's in the wild and routes of infection "ways to get infected" vastly differ. It's been beaten to death here that this is a forum of "enthusiast" although to be realistic with security one needs to just have good habits and be diligent.
 

BSONE

Level 2
Feb 17, 2024
79
Yes, backups are important, and most home users will probably have some combination of iCloud, Google, or OneDrive cloud backups of their Documents and Photos running in the background without even knowing about it. Will it be the end of the world if their device gets CryptoLockered? Probably not. But what will be close to the end of the world for many an average person is if they get hit buy some sort of Infostealer malware that drains their bank account, steals their identity, and gains access to their primary Email address, exfiltrates their sensitive or compromising documents and photos.
Backups won't help the average user here. AV's with magical rollback schemes wont even help the advanced user who makes a mistake since we are not infallible.
 
F

ForgottenSeer 109138

Yes, backups are important, and most home users will probably have some combination of iCloud, Google, or OneDrive cloud backups of their Documents and Photos running in the background without even knowing about it. Will it be the end of the world if their device gets CryptoLockered? Probably not. But what will be close to the end of the world for many an average person is if they get hit buy some sort of Infostealer malware that drains their bank account, steals their identity, and gains access to their primary Email address, exfiltrates their sensitive or compromising documents and photos.
Backups won't help the average user here. AV's with magical rollback schemes wont even help the advanced user who makes a mistake since we are not infallible.
I do believe it's being widely over looked the part where I stated being diligent about checking executables ect via uploading to virus total, and verifying website addresses ect was mentioned not just backups.

Here it seems the answer is always, pile more security products on it, makes one wonder if a commission is not taking place at times, or if users have really gotten so used to convenience they have become lazy.

As seen in threads like this one, spending $80 on product a,b,or c is not the best solution either, they are all not infallible. Between bugs, exploits, and newer malware they can all have their bad days.

Thread 'The Zone Alarm challenge.' App Review - The Zone Alarm challenge.

So instead of users jumping in threads with scare tactics, of how malware will just magically bypass routes of infection and nail everyone, how about we get from these knowledgeable users that all claim we are doomed, a viable solution instead. If learning tangible habits, creating contingency plans with system images and backs also is not a good method to keep average users safe, please share with us a way too.

I should state this reply here is in general to a few comments not directed at this new user as much.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
I would like to add, that the method used in 'The Zone Alarm challenge' is mostly related to organizations.(y)
For now, a more popular method is modifying the AV exclusions (high privileges required) like in the post-compromise activity carried out by Turla:

But, one can also use the method presented in App Review - The Zone Alarm challenge to invalidate some of the AV features.
 
Last edited:
F

ForgottenSeer 109138

But, one can also use the method presented in App Review - The Zone Alarm challenge to invalidate some of the AV features.
My point is to help average users understand that images and external back ups are extremely important and my adding of the ZA post was simply to state 3rd party apps can fail to protect as well. Everytime I turn around here I'm told if the user just had a different security besides windows they would be ok, and that is false. The users need to be informed, need to learn not to rely solely on a product.

Speaking of based on organizations, a lot of "discussed" targeted attacks in these threads are suited for that area as well and not likely for home users.
 

monkeylove

Level 13
Verified
Top Poster
Well-known
Mar 9, 2014
617
Yes and I can step outside and get hit by lightning, but just as the odds are of that, have been my infection rate. I have not had an infection in many years using methods I stated above in my post, I'm willing to bet many other members here can claim the same, so it boils down to scare tactics which is what the bad guys do, the good guys should not be using them too.

POCs and possibly scenarios vs what's in the wild and routes of infection "ways to get infected" vastly differ. It's been beaten to death here that this is a forum of "enthusiast" although to be realistic with security one needs to just have good habits and be diligent.

You're only giving unproven anecdotes, which is illogical. And the idea that these are merely "scare tactics" from "bad guys" makes even less sense.

Also, "good habits" and being "diligent" is not realistic advice given malware that can now attack without user intervention, that can stem from "legitimate" software and sites, that can remain hidden in systems and steal data, etc., and can even go straight for embedded software.
 
F

ForgottenSeer 109138

You're only giving unproven anecdotes, which is illogical. And the idea that these are merely "scare tactics" from "bad guys" makes even less sense.

Also, "good habits" and being "diligent" is not realistic advice given malware that can now attack without user intervention, that can stem from "legitimate" software and sites, that can remain hidden in systems and steal data, etc., and can even go straight for embedded software.
Its all doom and gloom, nothing you can do can save you, no matter what solutions you present, your done, the malware wins.

What do you call that? How does that not make sense?

Good habits and being diligent is not realistic? Please enlighten me with a solution!
 
Last edited by a moderator:

monkeylove

Level 13
Verified
Top Poster
Well-known
Mar 9, 2014
617
Its all doom and gloom, nothing you can do can save you, no matter what solutions you present, your done, the malware wins.

What do you call that? How does that not make sense?

Good habits and being diligent is not realistic? Please enlighten me with a solution!

On one side is "doom and gloom" and on the other, just follow "good habits," and if something still goes wrong, it's still your fault. I'm looking for something in between:

My advice is dependent on how much time you have to not only tweak but to figure out what to do if something goes wrong. I experienced the latter several times across many years with others' computers, and I was either praised or blamed for advice that I gave:

- a flash drive inserted; Defender didn't detect the trojan but a third-party AV did;

- advised to try ZoneAlarm firewall free, and after some time BSOD;

- tweaked Defender, etc., and some functions stopped working, like some folders no longer loaded;

- tried Ubuntu because it's better but after a while it stopped updating; the solution was found buried in the fourth page of a forum that I only found after several pages of Google results;

- default-deny: "What do I do?" "I dunno, look it up."

- restrictions: "Allow or not?" "I dunno, look it up, or run it in a sandbox." "What's that?"

What do to? Assume that the user is average. Given that, assume that he will follow "good habits" but his system will be infected because he might forget when he's rushing, or the site or app or doc he used is legit but infected, or he did nothing but vulnerabilities, either not fixed automatically or not detected by anyone, led to infection.

With that, still follow "good habits" but back up, and use a set-and-forget system with as much automation as possible, because for the same reason he will forget "good habits" because he's rushing he'll forget to check up on the backups.

Given that point, minimize tweaking or even asking him to do that because it might lead to unexpected consequences. If you need to do that, then do so after it's been tested by many after some time. Assume that the one who made the OS did not turn on the feature tweaked for a good reason.

Don't rely too much on high restrictions and default-deny because very few people will have the time and the effort to figure out how to reverse what was done if something goes wrong. If you have time to receive calls from buddies and relatives asking you what to do because something doesn't run, etc., or if you know a user doesn't need much, then restrict away. Otherwise, accept the fact that users will only get angrier and want to do things right away or with the least convenience.

With that, get the best out-of-the-box and set-and-forget security suite (free or paid is dependent on what the user can afford) that can provide the best protection via behavioral analysis, heuristics, etc. FWIW, I think that's the goal of Microsoft, and hopefully they'll be able to make Defender better in order to fulfill it.

Otherwise, and following my experiences:

Family members use Avast free with everything set in default but any do-not-disturb and gaming mode on, etc., to decrease popups for upgrades. The worst problem I get is something they visit or run doesn't load, and I have to tell them that if there's a blue dot in the Avast icon system tray then it was blocked because it's probably malware. Beyond that, they have uBlock Origin in default mode, automated backups (I had to convince them to buy external drives, etc.).

A friend who can afford to buy lots of software complained about McAfee paid being slow, so I told him to choose between Kaspersky, Bitdefender, etc., by trying the trial versions, but I had to explain to him how to completely uninstall each one. He ended up subscribing to Kaspersky. One family member asked me why I didn't give them paid Kaspersky, too, and I said I can't afford it, LOL (I have to pay for all software).

In my case, I found Avast free slow in some cases, so following advice in this forum and elsewhere I tried Bitdefender, Avira, AVG, the built-in AV (with and without tweaks, core isolation, etc.), decided to do simple benchmark tests in each case, and found Kaspersky the lightest, so I'm sticking to that.

Should I let the family switch to that? I'll keep testing this and see what happens, because I have to consider unexpected consequences if I do (e.g., "What did you do this time? Why is ___ no longer running right?")

As for firewalls, etc., I have to figure that out, too. For now, all I know is that if you block things given advice in forums and something goes wrong, it might be because of something you blocked. With that, one will have to look for free options, like those with learning mode and will have to allow signed apps or something like that. Maybe with more powerful hardware, one can include more features, and preferably set-and-forget.
 
F

ForgottenSeer 109138

On one side is "doom and gloom" and on the other, just follow "good habits," and if something still goes wrong, it's still your fault. I'm looking for something in between:

My advice is dependent on how much time you have to not only tweak but to figure out what to do if something goes wrong. I experienced the latter several times across many years with others' computers, and I was either praised or blamed for advice that I gave:

- a flash drive inserted; Defender didn't detect the trojan but a third-party AV did;

- advised to try ZoneAlarm firewall free, and after some time BSOD;

- tweaked Defender, etc., and some functions stopped working, like some folders no longer loaded;

- tried Ubuntu because it's better but after a while it stopped updating; the solution was found buried in the fourth page of a forum that I only found after several pages of Google results;

- default-deny: "What do I do?" "I dunno, look it up."

- restrictions: "Allow or not?" "I dunno, look it up, or run it in a sandbox." "What's that?"

What do to? Assume that the user is average. Given that, assume that he will follow "good habits" but his system will be infected because he might forget when he's rushing, or the site or app or doc he used is legit but infected, or he did nothing but vulnerabilities, either not fixed automatically or not detected by anyone, led to infection.

With that, still follow "good habits" but back up, and use a set-and-forget system with as much automation as possible, because for the same reason he will forget "good habits" because he's rushing he'll forget to check up on the backups.

Given that point, minimize tweaking or even asking him to do that because it might lead to unexpected consequences. If you need to do that, then do so after it's been tested by many after some time. Assume that the one who made the OS did not turn on the feature tweaked for a good reason.

Don't rely too much on high restrictions and default-deny because very few people will have the time and the effort to figure out how to reverse what was done if something goes wrong. If you have time to receive calls from buddies and relatives asking you what to do because something doesn't run, etc., or if you know a user doesn't need much, then restrict away. Otherwise, accept the fact that users will only get angrier and want to do things right away or with the least convenience.

With that, get the best out-of-the-box and set-and-forget security suite (free or paid is dependent on what the user can afford) that can provide the best protection via behavioral analysis, heuristics, etc. FWIW, I think that's the goal of Microsoft, and hopefully they'll be able to make Defender better in order to fulfill it.

Otherwise, and following my experiences:

Family members use Avast free with everything set in default but any do-not-disturb and gaming mode on, etc., to decrease popups for upgrades. The worst problem I get is something they visit or run doesn't load, and I have to tell them that if there's a blue dot in the Avast icon system tray then it was blocked because it's probably malware. Beyond that, they have uBlock Origin in default mode, automated backups (I had to convince them to buy external drives, etc.).

A friend who can afford to buy lots of software complained about McAfee paid being slow, so I told him to choose between Kaspersky, Bitdefender, etc., by trying the trial versions, but I had to explain to him how to completely uninstall each one. He ended up subscribing to Kaspersky. One family member asked me why I didn't give them paid Kaspersky, too, and I said I can't afford it, LOL (I have to pay for all software).

In my case, I found Avast free slow in some cases, so following advice in this forum and elsewhere I tried Bitdefender, Avira, AVG, the built-in AV (with and without tweaks, core isolation, etc.), decided to do simple benchmark tests in each case, and found Kaspersky the lightest, so I'm sticking to that.

Should I let the family switch to that? I'll keep testing this and see what happens, because I have to consider unexpected consequences if I do (e.g., "What did you do this time? Why is ___ no longer running right?")

As for firewalls, etc., I have to figure that out, too. For now, all I know is that if you block things given advice in forums and something goes wrong, it might be because of something you blocked. With that, one will have to look for free options, like those with learning mode and will have to allow signed apps or something like that. Maybe with more powerful hardware, one can include more features, and preferably set-and-forget.
That's quite the rollercoaster ride of "you cant protect users from themselves".

Under this same roof with me is a windows 11 laptop with nothing but default security and unlock origin in Edge and a copy of portable keepass on the desktop. Nothing is stored on the machine, everything backed up externally and accessed as needed. It is used daily here and has been set up that way for a year and a half now, no infections, breaches or data loss has occured from this machine.

That said, I want to give reason to ponder, how many folks you think out there have nothing but default security in their machines because they are not "computer" people, yet they some how get by and function. If it was seriously so prevalent out there the whole fabric of society would have came to a stand still long ago.

Fear drives most of this as I stated before, the industry does have a habit of producing it. How many products you see nagging users well before the expire date is set to hit that they will be unprotected and end up losing everything if they don't resubscribe soon. Fear keeps users here in this forum from enjoying their systems because their too busy switching security every few days then fixing their systems from all that damage it causes.

You asked about the fear installing with bad guys, well look at social engineering and most scams that nail elderly and the uninformed. The pop up on the desktop claiming the system is infected please call this number, then bring coherce into allowing someone into their system or giving up credit card information because "fear" will motivate them to do so.

Good habits and being diligent will carry users far, farther then any amount of security switching and fear ever will.
 

Digmor Crusher

Level 25
Verified
Top Poster
Well-known
Jan 27, 2018
1,435
That's quite the rollercoaster ride of "you cant protect users from themselves".

Under this same roof with me is a windows 11 laptop with nothing but default security and unlock origin in Edge and a copy of portable keepass on the desktop. Nothing is stored on the machine, everything backed up externally and accessed as needed. It is used daily here and has been set up that way for a year and a half now, no infections, breaches or data loss has occured from this machine.

That said, I want to give reason to ponder, how many folks you think out there have nothing but default security in their machines because they are not "computer" people, yet they some how get by and function. If it was seriously so prevalent out there the whole fabric of society would have came to a stand still long ago.

Fear drives most of this as I stated before, the industry does have a habit of producing it. How many products you see nagging users well before the expire date is set to hit that they will be unprotected and end up losing everything if they don't resubscribe soon. Fear keeps users here in this forum from enjoying their systems because their too busy switching security every few days then fixing their systems from all that damage it causes.

You asked about the fear installing with bad guys, well look at social engineering and most scams that nail elderly and the uninformed. The pop up on the desktop claiming the system is infected please call this number, then bring coherce into allowing someone into their system or giving up credit card information because "fear" will motivate them to do so.

Good habits and being diligent will carry users far, farther then any amount of security switching and fear ever will.
I think the fear is perpetuated by users who have some semblance of computer security, such as users on this forum. They know what's out there, the data stealers, ransomware, phishing etc, some overcompensate to try to mitigate these. But for the most part I would say the majority of computer users ( total guess 60%) have no idea or no interest in computer security or good habits, their just happy banging away on their social media accounts. Sure a lot get by and function, but nobody at all has any idea how many are infected, any inferences that they do is just opinion. There are 5 billion computer users in the world, if 1% of the happy users are infected that's 50 million, thats a lot and I'm sure the number is much higher than 1%. I've seen numbers that range from 10-50%.
 
F

ForgottenSeer 109138

I think the fear is perpetuated by users who have some semblance of computer security, such as users on this forum. They know what's out there, the data stealers, ransomware, phishing etc, some overcompensate to try to mitigate these. But for the most part I would say the majority of computer users ( total guess 60%) have no idea or no interest in computer security or good habits, their just happy banging away on their social media accounts. Sure a lot get by and function, but nobody at all has any idea how many are infected, any inferences that they do is just opinion. There are 5 billion computer users in the world, if 1% of the happy users are infected that's 50 million, thats a lot and I'm sure the number is much higher than 1%. I've seen numbers that range from 10-50%.
That's it, shut down the net, up to half the worlds computer populace has lost all their finances.

I'm not trying to be rude as much as I'm trying to get people to use their eyes and not just for reading what they are told in articles. Look around, the system would crash if those type of numbers were realistic.

Above I asked for a solution because all I read here is fear talk or users piling rediculous amounts of security in their systems as you said overcompensating.

How are good habits and being diligent not enough, and if not enough, what's the answer, quick someone share it before the matrix folds.

I'm going to walk into the next persons house that asks for help, segment their network, place one system on one portion, this is your banking segment, use it for nothing else, place another, this is your social segment use it for nothing else and so on.

See how rediculous that sounds.

Create system images, store offline, back up personal stuff, do this externally, keep nothing stored on the machine. Use ad blockers in the browser, clear cookie sessions when through, use a password manager if need be, set 2fa, use authentication apps if needed, limit sharing the devices, use diligence in checking downloads before executing, check web addresses and links in emails and apps via virus total.

This, this is good habits and diligence. I have seen it put into practical use, and it works. I'm not saying it's bullet proof, but guess what, none of these apps and combined security enthusiast set ups are either, no matter how much you try, someone will show you it's vulnerable.

But if you monitor what's on the system, what's introduced, have contingency in place, and be diligent about it, you lesson this chance greatly.

It's not hard, it's just not convenient which bothers some, they want a do it for them solution.
 

Brahman

Level 18
Verified
Top Poster
Well-known
Aug 22, 2013
892
It's always better to know that your digital footprints are not a one hundred percent secure, so that you can have a plan B or C in place. Accidents happen and nothing can prevent that but it's no excuse not to take necessary precautions to prevent that. If it's proved that MS defender is lacking somewhere and you came to know about it, it's diligent to take some precautions, like having a secure dns (doh) firewall, configure defender/ HC etc. There is nothing wrong in that and I would not call that "paranoid" or "scared", it's just due diligence.
 
F

ForgottenSeer 109138

It's always better to know that your digital footprints are not a one hundred percent secure, so that you can have a plan B or C in place. Accidents happen and nothing can prevent that but it's no excuse not to take necessary precautions to prevent that. If it's proved that MS defender is lacking somewhere and you came to know about it, it's diligent to take some precautions, like having a secure dns (doh) firewall, configure defender/ HC etc. There is nothing wrong in that and I would not call that "paranoid" or "scared", it's just due diligence.
What are we proving with, tests that are not accurate in routes of infection. Secure DNS added would fall in line with good habits like an ad blocker.

Average users that are unaware of such applications or would not know how to respond to a system being locked down by one should probably stick to learning "good habits"

Since I'm finding this exhausting repeating the same thing over and over, I will leave it to those reading to use their own judgement on advice from someone that is advanced enough to run any software mentioned in this forum but finds it unnecessary to do so using good habits and has not been infected using just that in many years like most of you arguing the need for all this rediculous security configurations.
 

Digmor Crusher

Level 25
Verified
Top Poster
Well-known
Jan 27, 2018
1,435
That's it, shut down the net, up to half the worlds computer populace has lost all their finances.

I'm not trying to be rude as much as I'm trying to get people to use their eyes and not just for reading what they are told in articles. Look around, the system would crash if those type of numbers were realistic.

Above I asked for a solution because all I read here is fear talk or users piling rediculous amounts of security in their systems as you said overcompensating.

How are good habits and being diligent not enough, and if not enough, what's the answer, quick someone share it before the matrix folds.

I'm going to walk into the next persons house that asks for help, segment their network, place one system on one portion, this is your banking segment, use it for nothing else, place another, this is your social segment use it for nothing else and so on.

See how rediculous that sounds.

Create system images, store offline, back up personal stuff, do this externally, keep nothing stored on the machine. Use ad blockers in the browser, clear cookie sessions when through, use a password manager if need be, set 2fa, use authentication apps if needed, limit sharing the devices, use diligence in checking downloads before executing, check web addresses and links in emails and apps via virus total.

This, this is good habits and diligence. I have seen it put into practical use, and it works. I'm not saying it's bullet proof, but guess what, none of these apps and combined security enthusiast set ups are either, no matter how much you try, someone will show you it's vulnerable.

But if you monitor what's on the system, what's introduced, have contingency in place, and be diligent about it, you lesson this chance greatly.

It's not hard, it's just not convenient which bothers some, they want a do it for them solution.
First of all, being infected does not mean you have lost all your finances.

Second of all, you give a lot of good advice but 99% of the population won't or can't do them.

And finally, everyone here knows that good habits combined with an updated and robust security posture is the best defense.
 
F

ForgottenSeer 109138

First of all, being infected does not mean you have lost all your finances.

Second of all, you give a lot of good advice but 99% of the population won't or can't do them.

And finally, everyone here knows that good habits combined with an updated and robust security posture is the best defense.
1. I'm quite aware of this, I was being sarcastic up above.
2. Thank you, although I have to disagree with cant do this, because between options of learning security applications/rules, making back ups and using VT to check things is quite simple, if they chose the former of wont do this, then its on them.
3. If everyone here knows this, why do they switch software so often and freak out every time a new POC comes along or they see a test with lack of infection methods presented correctly. Have they not figured out every time they switch software if they are not doing so on a clean system they are causing damage to the file system in the background thus creating possible vulnerability? I mean seriously, if one was to look at the habits here, are they really that "good"?
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top