Discussion in 'Application Software' started by Windows_Addict, Feb 7, 2020.
You need to login to view this posts content.
you can have the best AV and you won't be ever 100% secured, it's the responsability of the user to ensure that he won't be infected by doing right and reasonable things such as not clicking on any link that you find on the net, not browse into websites that are suspicious, always scan usb stick that don't belong to you, etc.....
So it's never- ending discussion and you will always have different opinion about what should be done or shouldn't be done to avoid being infected. Again only the user of the machine and the decisions that he makes can avoid putting him in bad situation.
You missed, ie not distinguishing between what is a virus, what is malware, which is PUP, and which is simply an insecure production by home craftsmen so called home-brew.
You simply forgot, that You are speaking about antivirus, but want it protects You from PUP and malicious people.
Ahh, guys please, here I'm not arguing that defender is not good as other AV's, or I'm looking for a 100% perfect solution.
I'm simply talking about how the whole protection of windows defender can be avoided by any program which wants to do any kind of malicious thing, and windows defender will provide you a zero level of protection, (@kaljukass , which includes actual malware and not just PUPs) please read the scenario I mentioned.
Thread title = Windows Defender - The worst AV ever?
Waste of time
And this is what Tamper Protection was designed for. Disabling and logging unauthorized attempts to modify Defenders registry settings.
@hamdoullah has the best reply. Infecting a computer depends on social engineering. A good virus or malware programmer will trick the computer user into downloading, and installing something which is evil. No AV solution can protect against this. Think of the old saying: The most dangerous part of the car is the NUT behind the wheel!
Yes! 99% of malware infections can be attributed to PEBKAC.
I've been using Defender since I first used Windows 7, and I've never had an issue with it. In fact, I prefer it over anything else especially Security Essentials which had been a deliberate resource hog.
Maybe your issue might be more legit for the Windows 10 version of it, I don't know.
The Windows 10 version is vastly superior to the limited version that was bundled into Windows 7. And yes MSE was a horrible resource hog.
I've mentioned it, it doesn't protect you against setting scan exclusions.
Set exclusions > download s**t in that directory > execute that s**t > Infected system
This is not something which is the best hacking level stuff, this is dead simple.
Any good AV does not let such things happen (at least that easily), the windows defender does, that's the whole point of this thread.
Defender in Windows 7 can be fully disabled with a simple registry change/powershell/etc. What's the point in expecting it to protect the system?
This thread is useless.
I'm not sure why it is so hard to understand the core points mentioned in the OP, and that is defender does not protect on a very basic level of attack, attack so easy that anyone can easily hack/infect the system with only 4-5 lines of batch script and defender won't do anything.
Anyway thanks for your feedback.
You need to login to view this posts content.
Hmm, so are you implying that once the user has clicked on yes button on admin prompt, the job of AV to protect the system stops there? If not, then why you raise questions like I'm blaming the AV? I shouldn't?
For your information, you can not do the same (exclude files/folder from scanning with commands without alerts) in other AV's such as symantec/kaspersky/bitdefender, that area is protected but in windows defender, its's not.
In case if it's not clear, let me reiterate it again.
A malware is packed in an encrypted file (masquerading itself as legit file) and come with a simple clean script to install it,
The user scans it with WD and results look clean and following that user executes the script,
The script simply set an exclusion for the desired folder/file, and extract and execute the malware,
Who's going to protect the system now?
The same cannot be done with other mentioned AV's to circumvent the protection. (At least with such mediocre means)
They don't cover basics even in the latest W10 1909, hence I started this thread.
You can easily create a scripted command to click on menus based on the screen resolution.
And I wonder if it still is to this day. If so, it wouldn't surprise me...
If anything, I'd keep it there. Could probably get myself MalwareBytes again just for occasional manual scans but even at that, I'm savvy about safe browsing tactics and overall cyber hygiene anyway.
I have done this on a regular basis. (even on purpose some times )
That has not happened.
Defender has caught it and stopped it every time.
Do you have a proof of concept you can provide?
That would be detected by the behavioral detection system, furthermore, to prevent this, some AV's (e.g. Kaspersky) provide an option to password protect important settings.
I've tested this.
At which stage defender showed you a warning? What were the exact steps?
When I ran the file(s), Defender stopped them, gave a notification, and nothing proceeded until I addressed the situation under Virus and Threat Protection, Current Threats at which point it told me what the specific threat was, in which file it was located, what my options were and what it recommended.
This occurred regardless off whether the problem was in the original file, a supporting file or in a file installed by the original file.
I have tested this with numerous files and have not had any failures to this point.
So I ask again, do you have a specific file I can test as your proof of concept?
Do not post it, but link to it please, as I do not want looky-loos getting infected if it actually bypasses Defender.