Windows Defender - The worst AV ever?

Discussion in 'Windows 10' started by Windows_Addict, Feb 7, 2020.

  1. Windows_Addict

    Windows_Addict MDL Senior Member

    Jul 19, 2018
    363
    545
    10
    #1 Windows_Addict, Feb 7, 2020
    Last edited: Feb 14, 2020
  2. hamdoullah

    hamdoullah MDL Member

    Oct 27, 2019
    168
    65
    10
    you can have the best AV and you won't be ever 100% secured, it's the responsability of the user to ensure that he won't be infected by doing right and reasonable things such as not clicking on any link that you find on the net, not browse into websites that are suspicious, always scan usb stick that don't belong to you, etc.....
    So it's never- ending discussion and you will always have different opinion about what should be done or shouldn't be done to avoid being infected. Again only the user of the machine and the decisions that he makes can avoid putting him in bad situation.
     
  3. kaljukass

    kaljukass MDL Expert

    Nov 26, 2012
    1,683
    594
    60
    You missed, ie not distinguishing between what is a virus, what is malware, which is PUP, and which is simply an insecure production by home craftsmen so called home-brew.
    You simply forgot, that You are speaking about antivirus, but want it protects You from PUP and malicious people.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Windows_Addict

    Windows_Addict MDL Senior Member

    Jul 19, 2018
    363
    545
    10
    Ahh, guys please, here I'm not arguing that defender is not good as other AV's, or I'm looking for a 100% perfect solution.

    I'm simply talking about how the whole protection of windows defender can be avoided by any program which wants to do any kind of malicious thing, and windows defender will provide you a zero level of protection, (@kaljukass , which includes actual malware and not just PUPs) please read the scenario I mentioned.
     
  5. spedia

    spedia MDL Member

    Jul 13, 2009
    164
    51
    10
    Thread title = Windows Defender - The worst AV ever?

    Waste of time
     
  6. bfoos

    bfoos MDL Guide Dog

    Jun 15, 2008
    569
    460
    30
    And this is what Tamper Protection was designed for. Disabling and logging unauthorized attempts to modify Defenders registry settings.
     
  7. boyonthebus

    boyonthebus MDL Addicted

    Sep 16, 2018
    672
    364
    30
    @hamdoullah has the best reply. Infecting a computer depends on social engineering. A good virus or malware programmer will trick the computer user into downloading, and installing something which is evil. No AV solution can protect against this. Think of the old saying: The most dangerous part of the car is the NUT behind the wheel!
     
  8. bfoos

    bfoos MDL Guide Dog

    Jun 15, 2008
    569
    460
    30
    Yes! 99% of malware infections can be attributed to PEBKAC.
     
  9. Bryn89

    Bryn89 MDL Member

    Dec 8, 2019
    159
    77
    10
    I've been using Defender since I first used Windows 7, and I've never had an issue with it. In fact, I prefer it over anything else especially Security Essentials which had been a deliberate resource hog.

    Maybe your issue might be more legit for the Windows 10 version of it, I don't know.
     
  10. bfoos

    bfoos MDL Guide Dog

    Jun 15, 2008
    569
    460
    30
    The Windows 10 version is vastly superior to the limited version that was bundled into Windows 7. And yes MSE was a horrible resource hog.
     
  11. Windows_Addict

    Windows_Addict MDL Senior Member

    Jul 19, 2018
    363
    545
    10
    I've mentioned it, it doesn't protect you against setting scan exclusions.

    Set exclusions > download s**t in that directory > execute that s**t > Infected system

    This is not something which is the best hacking level stuff, this is dead simple.

    Any good AV does not let such things happen (at least that easily), the windows defender does, that's the whole point of this thread.

    Defender in Windows 7 can be fully disabled with a simple registry change/powershell/etc. What's the point in expecting it to protect the system?
     
  12. bfoos

    bfoos MDL Guide Dog

    Jun 15, 2008
    569
    460
    30
    This thread is useless.
     
  13. Windows_Addict

    Windows_Addict MDL Senior Member

    Jul 19, 2018
    363
    545
    10
    I'm not sure why it is so hard to understand the core points mentioned in the OP, and that is defender does not protect on a very basic level of attack, attack so easy that anyone can easily hack/infect the system with only 4-5 lines of batch script and defender won't do anything.
    Anyway thanks for your feedback.
     
  14. Windows_Addict

    Windows_Addict MDL Senior Member

    Jul 19, 2018
    363
    545
    10
    #15 Windows_Addict, Feb 8, 2020
    Last edited: Feb 8, 2020
    (OP)
    Hmm, so are you implying that once the user has clicked on yes button on admin prompt, the job of AV to protect the system stops there? If not, then why you raise questions like I'm blaming the AV? I shouldn't?

    For your information, you can not do the same (exclude files/folder from scanning with commands without alerts) in other AV's such as symantec/kaspersky/bitdefender, that area is protected but in windows defender, its's not.


    In case if it's not clear, let me reiterate it again.

    A malware is packed in an encrypted file (masquerading itself as legit file) and come with a simple clean script to install it,
    The user scans it with WD and results look clean and following that user executes the script,
    The script simply set an exclusion for the desired folder/file, and extract and execute the malware,
    Who's going to protect the system now?

    The same cannot be done with other mentioned AV's to circumvent the protection. (At least with such mediocre means)

    They don't cover basics even in the latest W10 1909, hence I started this thread.
     
  15. TairikuOkami

    TairikuOkami MDL Addicted

    Mar 15, 2014
    910
    796
    30
    You can easily create a scripted command to click on menus based on the screen resolution.
     
  16. Bryn89

    Bryn89 MDL Member

    Dec 8, 2019
    159
    77
    10
    And I wonder if it still is to this day. If so, it wouldn't surprise me...

    If anything, I'd keep it there. Could probably get myself MalwareBytes again just for occasional manual scans but even at that, I'm savvy about safe browsing tactics and overall cyber hygiene anyway.
     
  17. Micro

    Micro MDL Junior Member

    Apr 26, 2009
    99
    40
    0
    I have done this on a regular basis. (even on purpose some times o_O)
    That has not happened.
    Defender has caught it and stopped it every time.

    Do you have a proof of concept you can provide?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. Windows_Addict

    Windows_Addict MDL Senior Member

    Jul 19, 2018
    363
    545
    10
    That would be detected by the behavioral detection system, furthermore, to prevent this, some AV's (e.g. Kaspersky) provide an option to password protect important settings.

    I've tested this.
    At which stage defender showed you a warning? What were the exact steps?
     
  19. Micro

    Micro MDL Junior Member

    Apr 26, 2009
    99
    40
    0
    When I ran the file(s), Defender stopped them, gave a notification, and nothing proceeded until I addressed the situation under Virus and Threat Protection, Current Threats at which point it told me what the specific threat was, in which file it was located, what my options were and what it recommended.
    This occurred regardless off whether the problem was in the original file, a supporting file or in a file installed by the original file.

    I have tested this with numerous files and have not had any failures to this point.
    So I ask again, do you have a specific file I can test as your proof of concept?
    Do not post it, but link to it please, as I do not want looky-loos getting infected if it actually bypasses Defender.
    Thanks.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...