Slashdot Mirror
Microsoft Explains Why Windows Defender Isn't Ranked Higher in New Antivirus Tests (zdnet.com)
In its most recent reports, AV-Test had very few flattering things to say about Windows Defender. Microsoft's security suite was rated as the seventh best antivirus product in the independent test. In total, 15 AV products were tested. Microsoft, however, has now disputed AV-Test's methodology and conclusion. For some context, the top AV products rated by AV-Test on Windows 10 were Trend Micro, Vipre, AhnLab, Avira, Bitdefender, Kaspersky, and McAfee.
Windows Defender was able to detect 100 percent of new and old malware, but it lost few points for performance (which, AV-Test measures on the basis of how a security suite slows applications and websites on the test computer); and usability (which counts false-positives or instances where AV wrongly identifies a file as malicious.) From a report: Windows Defender's performance rating was dragged down because it slowed the installation of frequently used applications more than the industry average, and wrongly detected 16 pieces of legitimate software compared with the industry average of four. But Microsoft wants enterprise customers to know that Windows Defender is only half the picture, given the option for customers to also deploy Windows Defender Advanced Threat Protection's (ATP) "stack components" including Smartscreen, Application Guard, and Application Control.
In the January and February test Windows Defender also scored 100 percent on protection. However it did miss two samples. Since then it's retrained its machine-learning classifiers to detect them. But Microsoft notes in a new paper that Defender ATP did catch them, which isn't reflected in AV-Test's or other testing firms' result. Microsoft hopes to change this so that testers include so-called stack components available in ATP. "As threats become more sophisticated, Microsoft and other security platform vendors continue evolving their product capabilities to detect threats across different attack stages," Microsoft's Windows Defender Research team writes. "We hope to see independent testers evolve their methodologies as well. Our customers need greater transparency and optics into what an end-to-end solution can accomplish in terms of total preventive protection, including the quality of individual components like antivirus."
Windows Defender was able to detect 100 percent of new and old malware, but it lost few points for performance (which, AV-Test measures on the basis of how a security suite slows applications and websites on the test computer); and usability (which counts false-positives or instances where AV wrongly identifies a file as malicious.) From a report: Windows Defender's performance rating was dragged down because it slowed the installation of frequently used applications more than the industry average, and wrongly detected 16 pieces of legitimate software compared with the industry average of four. But Microsoft wants enterprise customers to know that Windows Defender is only half the picture, given the option for customers to also deploy Windows Defender Advanced Threat Protection's (ATP) "stack components" including Smartscreen, Application Guard, and Application Control.
In the January and February test Windows Defender also scored 100 percent on protection. However it did miss two samples. Since then it's retrained its machine-learning classifiers to detect them. But Microsoft notes in a new paper that Defender ATP did catch them, which isn't reflected in AV-Test's or other testing firms' result. Microsoft hopes to change this so that testers include so-called stack components available in ATP. "As threats become more sophisticated, Microsoft and other security platform vendors continue evolving their product capabilities to detect threats across different attack stages," Microsoft's Windows Defender Research team writes. "We hope to see independent testers evolve their methodologies as well. Our customers need greater transparency and optics into what an end-to-end solution can accomplish in terms of total preventive protection, including the quality of individual components like antivirus."
MS Defender has one very clear advantage over competition - it doesn't create an additional attack surface and installs yet another vendor's application with deep kernel hooks, network connectivity, and an equivalent of root privileges.
Our customers need greater transparency and optics
Oh, they are laying fiber now?
"First they came for the slanderers and i said nothing."
I have Malwarebytes Anti-Malware Scanner and Windows Defender installed on my Windows systems at home. I haven't had any issues since the Windows XP era.
In the January and February test Windows Defender also scored 100 percent on protection. However it did miss two samples
So which is it? 100% or missed two samples? Because I can tell you my kid doesn't get 100% if she misses 2 questions on an exam.
I have a hard time believing that adding additional components with additional functionality will speed up performance. Experience tells me the opposite is far more likely.
Support Right To Repair Legislation.
Anyone should understand that Relative rankings are mostly worthless. If all the products in the top 10 are excellent, but one product has slightly less points than the top 9, does it really matter than it ranked 10th?
The main advantage of Windows Defender is it's free. For most people that trumps all the other rankings. It's free, it protected against everything the competition did, it's nearly as usable, and slightly slower. That's good enough to not buy something else.
The AV vendors should be quaking in their boots. Why would you buy another product when what MS puts out is generally fine? My guess is they'll improve the usability a bit, and they'll rank in the top 3. Then start saying goodbye to several of the other AV vendors.
I also filter out 100% of the spam mails. I am even close to 160% depending on how many spam I get. I just point everything to /dev/null in .procmailrc .
Don't fight for your country, if your country does not fight for you.
Showing GDPR acceptance plea in barely readable greyed out text in a box that covers whole screen is a new low for this site which posts articles about security and privacy.
How ironic!
KTHXBYE!
Couldn't keep Windows off my machine.
Have gnu, will travel.
I am not defending MS here - but who wants to be compared to industry _averages_ when it comes to security. The people adjusting the ranking because it does not compare well to an average are what I like to call stuupid (it is not a typo). You should want perfect security - to hell with averages.
Virus scanners are judged on how well they completely cripple a target system. Windows Defender doesn't do that so it just isn't any good.
Oh and First post. Or at least it would have been if I wasn't running McAfee.
Ok, direct experience here, and I am absolutely no fanboy of ms software. But, as part of a offensive security cert a few months back, I got heavily into writing and compiling windows exploit code, and one of the course exercises walk through testing a piece of malware by the virus total site.
So as part of my studies and self learning I wrote a non self propagating malicious exploit, but it did elevate privileges from the user to admin and get access to things and start calc as a admin user to prove it was exploiting. I took a common windows POC exploit and modified it heavily in ways I will not discuss to a wider audience (because teaching people av evasion techniques is best left to offsec and their ilk, to the right people) and compiled it.
Out of sheer curiosity I submitted the original POC code, one encoded by a old common packer & my heavily modified "malware" to virus total, and the original and encoded packed version was picked up by about 45/47 av's straight off. The *ONLY* av that managed to detect my custom payload was.... Windows Defender. It must have opened the executable and saw where it hooked when it shouldn't, and the competition seem to rely on pattern matching instead.
So yeah, sign me up for free windows defender. When the subject comes up with lay people who ask me what to use, its what I would recommend them. From first hand testing.
Anon, because even with all the above, I'm basically admitting to authoring a custom exploit, and while I'm employed in this field, I could do without the extra attention.
.
Additionally, Windows Defender does not seem to install all manner of additional software that digs deep into the Windows kernel in order to do its job. For my needs, Windows Defender is a simple, effective a/v solution that works well. Why should I care if it ranks 7 or 3 of even 1?
Things have improved tremendously since the Windows XP era in terms of Windows and app security. Also people tend to use adblockers and flash isn't on by default on newer systems.
Adobe now has sandboxing and Windows gets new security updates each month. IT departments now update software regularly and people use ancient IE almost never outside of a Citrix or vdi environment.
The use of AV software to protect idiots who click on everything is unheard of as people know better now than in 2000.
http://saveie6.com/
Defender proves this. So why doesn't Microsoft just sell a hardened Windows ? Why sell an insecure product and then addon security ?
You live and learn, or you don't learn much.
nice info tkss bro https://ordertrungquoc.com.vn/
If you keep your HOSTS file updated regularly!
Must be true, I read it here!!!!!
*ducks*
So what's the incentive for Dell to keep including this option?
You answer your own question:
If the license is already free for Dell, just start asking for money from the AV vendor to install their product
So the incentive is the same as that for any of the other "bloatware" or "trialware" included on most Windows PCs or Android phones: the AV publisher pays Dell gets a commission on new installs. You'll notice that Windows 10 Signature Edition PCs and Google Pixel phones, which specifically exclude third-party bloatware, carry a higher MSRP because the manufacturer isn't getting that sweet, sweet commission revenue. The same is true of PCs including a free operating system. I looked on Dell's website a couple months ago, and an XPS 13 with Ubuntu cost $50 more than an XPS 13 with identical specs and Windows 10. Again, no commission.
If anything has complete keys to your PC kingdom, it would be anti-virus software.
With everything going on in the news today, how can anybody truly trust any of these solutions? If you think that there isn't a cold war going on in the internet, you are uninformed. I see it for myself in logs and honeypot activity all the time. I have to chuckle every time I hear somebody swear by an antivirus program because it doesn't cause trouble and they think they aren't getting infected. I do however expect more of people who test and rank this stuff.
If an American has made the decision to trust Microsoft Windows, why would they expand that circle of trust to a company whose headquarters is in Moscow? By that same logic, if you trust a Russian company more than an American company, it would be logical to use Kaspersky.
Greed is the root of all evil.
what kind of testing methods did the 'independent' AV-test use, as my own experience with Trend Micro and Kaspersky is they are CRAP and have a very big impact on the performance of your computer. Trend Micro is really rubbish, if an application deletes multiple files after each other (using simple API calls) it immediatly removes it without warning, even though there is not a single virus/malware signature in it.