Windows Defender - The worst AV ever?

Discussion in 'Windows 10' started by Windows_Addict, Feb 7, 2020.

  1. yozzcta

    yozzcta MDL Novice

    Jan 3, 2011
    35
    13
    0
    Windows_Addict - The worst BOT ever?
     
  2. Micro

    Micro MDL Junior Member

    Apr 26, 2009
    99
    40
    0
    Yes, this is exactly what I have asked you to provide.
    What is the name of the app that he installed so that the effects can be duplicated ?
    Was this a basic OS installation or one that you had "improved" ?
    The only way to improve Defender against these type of "alleged" incursions is to be able to duplicate your claims.
    If you intend to keep making these claims, at the very least provide the hard data to back them up.
    If you can't provide the name(s) of the software involved in this quoted claim, then I would ask that the mods lock this thread as simple trolling.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. endbase

    endbase MDL Guru

    Aug 12, 2012
    4,322
    1,438
    150
    Agreed +1
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. CHEF-KOCH

    CHEF-KOCH MDL Expert

    Jan 7, 2008
    1,203
    1,153
    60
  5. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    3,352
    1,979
    120
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. CHEF-KOCH

    CHEF-KOCH MDL Expert

    Jan 7, 2008
    1,203
    1,153
    60
    I already linked to latest AV test @Joe C and WD is one of the top rated one's now, because as I said since Windows 10 MS puts millions into it. Just because it was bad (XP/Vista) (under different name ("Windows Security Essentials" and as a third-party program). Does not mean it's still bad. I also think that this does not help OP with his problem, his problem is that he did not use the strongest settings nor did he checked GPO to "configure" WD to solve the mentioned "bypass".

    As said, use "Hard_Configurator", it controls Windows 10 security internals (it's a clunky tool) but works like a dream. It controls smart screen, includes WD Control, allows working with AppGuard and whatnot. It's all someone need, MS definitely should provide similar GUI, but I heard no plans that they are going to do it.
     
  7. Windows_Addict

    Windows_Addict MDL Senior Member

    Jul 19, 2018
    355
    534
    10
    @CHEF-KOCH @Joe C

    The basis to name the thread title like this is how easily whole WD protection can be by passed with 3 simple lines, as per my knowledge we can't do the same with other AV's, that's why I wrote, worst AV and question mark is there instead of ! because I'm not sure if I've got all the points correct.

    Whats' the point in saying the fact that it has high rating in various tests when you can bypass the whole thing easily.

    Why it is so hard to understand that a malicious software will simply utilize the fact that WD is the only AV protecting 50 % users, who is stopping them to simply disable the AV and download the malware's later that's without any alert.

    I've already provided you the methods how to fully disable the WD without any alert with 3 simple lines.
    What more do you need, tell me exactly.
     
  8. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    3,352
    1,979
    120
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    26,437
    38,151
    390
    Avast/AVG/AVIRA probably score high on this, because they sell the data they collect?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    3,352
    1,979
    120
    #51 Joe C, Feb 10, 2020
    Last edited: Feb 10, 2020
    could be... I dunno
    There is another place that does independent av tests but I can not recall the name off the top of my head
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    3,352
    1,979
    120
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    26,437
    38,151
    390
    Because it's about android and WD is not a separate AV, to be installed on other platforms?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    3,352
    1,979
    120
    yup...saw that and edited...
    M$ is still not high on that list either
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. Windows_Addict

    Windows_Addict MDL Senior Member

    Jul 19, 2018
    355
    534
    10
    @CHEF-KOCH
    Lets face these basic questions and leave out all the ratings chart and what the world thinks.

    By using the common sense I suppose the first step of any malware would be to disable/neutralize the installed AV, otherwise what's the point in executing itself when the AV is going to delete the malware anyway, so if AV is bypassed then it simply means malware won and system will be definitely infected.

    Now since we know how easily WD can be bypassed, don't you think it means WD provides you a zero protection in a way?

    If you or anyone can mention similar easy bypasses for other AV's for example kaspersky with password protected settings, I'll apologies to everyone for wasting everyone's time and for this thread title, but until then the thread motive and meaning is justified.
     
  15. Krakatoa

    Krakatoa MDL Senior Member

    Feb 22, 2011
    498
    728
    10
    OK, CCleaner example.
    1. CCleaner (Piriform) infected with malware (before July 2017).
    2. July 2017: Avast buys Piriform, CCleaner belongs to Avast.
    3. Avast does not know that it has CCLeaner with malware on its servers.
    4. 15 Aug 2017 - 12 Sep 2017 Offered infected version. Antiviruses have no problem.
    5. 12 Sep 2017 Detected (Cisco Talos) malware in CCleaner.
    Did your three lines have any effect on CCleaner malware? Not to me.
    By the way, Defender can be removed by a simple script (uninstalling mum packages, after Windows starts Windows is without Defender), it is not necessary to use DefenderControl.
    It is not easy, it requires admin rights.
    It's not a "very basic level of attack" (uninstall Defender mum packages is very basic level of attack), that's what DefenderControl does, and something like that is probably programmed to any antivirus. If someone has admin privileges, they can elevate them to system / trustedinstaller and then do whatever they want with the system. If it could not go directly, with a restart certainly (run something before the antivirus).
     
  16. ipx

    ipx MDL Senior Member

    May 24, 2017
    394
    328
    10
    i have retired from malware testing but i would love to see this in action if you could provide the name of the malicious software.

    even before avast acquired piriform all of piriform's apps were always flagged as p.u.a. / p.u.p. on virustotal due to prompts during installation for other software.

    as for windows defender, it has come a long way especially when it comes to ransomware.

    you have something solid to back up your claim or is it just your personal brainwave?
     
  17. ipx

    ipx MDL Senior Member

    May 24, 2017
    394
    328
    10
    are you serious? i seriously hope not.

    avast is a security giant & if avast was unaware that they are themselves doling out malicious software avast has no business to be in the security business.
     
  18. Windows_Addict

    Windows_Addict MDL Senior Member

    Jul 19, 2018
    355
    534
    10
    When running, WD will not allow you to run DefenderControl app or other scripts which touches the area of tamper protection and removes WD, doesn't matter if it's running with system / trustedinstaller privileges. Defender will block it and flag the warning.
    Loophole is in excluding the file from scan, WD allows it with command line, and other AV's don't, that's the main reason why attack on WD is so easy.

    ----

    Will check CCleaner detection matter later, however I remember that in 2017 some articles mentioned that some AV's detected it in real time, will try to find it.