Why I don't recommend Windows Defender
Very often these days people will send me links like this And ask me why I do not recommend Windows Defender as a standalone product Now if you see here this chart by AV comparatives for March 2017 Windows actually did quite OK. In fact it did a lot better than some of the other security products, if you look at this graph and you see Microsoft 99.7% That's pretty good! So Why do I still not recommend it? Is it because I'm biased? Because I don't want default protection to do well? 'Cause then I would be out of things to review? Maybe. But before you say that, I just want to show you something and Justify why I do not like Windows Defender. Now don't get me wrong I would love Windows Defender if it was good If I felt it could protect you against all sorts of threats I'd be happy to recommend it.
But at this point I just do not see that happening. Maybe it will happen in the future, and if it does I'll be one of the first people to tell you that You don't need an antivirus, don't waste your money just use default protection. But that's fantasy land. Let's take a look at reality.
So on this system I have Windows Defender Fully up to date. I mean, just show you that it is, and yeah. I don't have the new GUI because this is the enterprise edition of Windows that you're looking at But still, basically the same software. If we go into settings Everything is turned on Cloud based protection, automatic submission, I've done absolutely nothing to...
Reduce it's effectiveness Now let's grab a recent ransomware sample. What I could find was Mole ransomware I've already made a video on this New threat family so if you wanna check it out, you can. I will add it at the end of the video, and as a card as well. But for now...
It's efficient to know that this is a relatively new ransomware sample It was posted by Carston on twitter a few hours ago And as you can see it looks fairly legitimate. So now let's see what happens when we run it. (Error message) First you get this weird Display color calibration error And you hit "Ok," (Another error message) Oh, I need to allow this app to avoid the error Traditional user mindset, so I click "yes" (Desktop notification) And immediately Security center is, uh, disabled and I'm seeing weird stuff on the desktop, that can't be good, right? Let's see what happened to our files Whoops! The mole dug it's hole. In our system.
Despite Windows Defender Hanging around. Now this is not something I wan't You to have to deal with. I do not want people who watch this channel to end up in a situation like this. And that is primarily why I do not recommend Windows Defender as a standalone.
Now let's talk about this a little bit. Now if we take a look at the Virustotal results, we can see that the detection ratio is only 15/60 So you might say "Hey, there a lot of AV products that are not picking this up as well, It's fairly new, So why are you bashing Windows Defender?" Now we get to the point. So, the point is, a lot of these products ,which are not detecting it Based on their signatures or heuristics or with their file scanner, They are still going to block it when the file is run, maybe with an... An anti-ransomware component, maybe with a behavior blocker.
In majority of cases, with good products, that you see reviews on TPSC, They will have a secondary line of defense. So Even when the product is not detecting the threat It may be blocked. Especially when it's a major threat, not just adware or something That's very close to blurring the lines. But what I've seen with Windows Defender is that If it's not detected here, It is not detected.
Period. And this is not the only file I've picked up that is not detected by Microsoft over here. I see files like that every day. They do Eventually pick it up But I'm kind of uncomfortable with that long of a time span.
Especially with the scam campaigns these days, so If you're one of the target victims, you might just get the file the moment it is Seen in the wild As an email attachment. So taking all of these things into account, I just Do not like Using Windows Defender alone Don't get me wrong, if you use Comodo firewall or something else along with it Totally fine But is it complete protection? I don't think so. Let me know your thoughts in the comments below, I'd love to hear them I hope you enjoyed this video And as always... Stay informed, Stay secure.
CC transcribed late at night by "My Dude".
But at this point I just do not see that happening. Maybe it will happen in the future, and if it does I'll be one of the first people to tell you that You don't need an antivirus, don't waste your money just use default protection. But that's fantasy land. Let's take a look at reality.
So on this system I have Windows Defender Fully up to date. I mean, just show you that it is, and yeah. I don't have the new GUI because this is the enterprise edition of Windows that you're looking at But still, basically the same software. If we go into settings Everything is turned on Cloud based protection, automatic submission, I've done absolutely nothing to...
Reduce it's effectiveness Now let's grab a recent ransomware sample. What I could find was Mole ransomware I've already made a video on this New threat family so if you wanna check it out, you can. I will add it at the end of the video, and as a card as well. But for now...
It's efficient to know that this is a relatively new ransomware sample It was posted by Carston on twitter a few hours ago And as you can see it looks fairly legitimate. So now let's see what happens when we run it. (Error message) First you get this weird Display color calibration error And you hit "Ok," (Another error message) Oh, I need to allow this app to avoid the error Traditional user mindset, so I click "yes" (Desktop notification) And immediately Security center is, uh, disabled and I'm seeing weird stuff on the desktop, that can't be good, right? Let's see what happened to our files Whoops! The mole dug it's hole. In our system.
Despite Windows Defender Hanging around. Now this is not something I wan't You to have to deal with. I do not want people who watch this channel to end up in a situation like this. And that is primarily why I do not recommend Windows Defender as a standalone.
Now let's talk about this a little bit. Now if we take a look at the Virustotal results, we can see that the detection ratio is only 15/60 So you might say "Hey, there a lot of AV products that are not picking this up as well, It's fairly new, So why are you bashing Windows Defender?" Now we get to the point. So, the point is, a lot of these products ,which are not detecting it Based on their signatures or heuristics or with their file scanner, They are still going to block it when the file is run, maybe with an... An anti-ransomware component, maybe with a behavior blocker.
In majority of cases, with good products, that you see reviews on TPSC, They will have a secondary line of defense. So Even when the product is not detecting the threat It may be blocked. Especially when it's a major threat, not just adware or something That's very close to blurring the lines. But what I've seen with Windows Defender is that If it's not detected here, It is not detected.
Period. And this is not the only file I've picked up that is not detected by Microsoft over here. I see files like that every day. They do Eventually pick it up But I'm kind of uncomfortable with that long of a time span.
Especially with the scam campaigns these days, so If you're one of the target victims, you might just get the file the moment it is Seen in the wild As an email attachment. So taking all of these things into account, I just Do not like Using Windows Defender alone Don't get me wrong, if you use Comodo firewall or something else along with it Totally fine But is it complete protection? I don't think so. Let me know your thoughts in the comments below, I'd love to hear them I hope you enjoyed this video And as always... Stay informed, Stay secure.
CC transcribed late at night by "My Dude".
Komentar
Posting Komentar