Differences

This shows you the differences between two versions of the page.

--- antimalware_software [2025/08/28 15:38] – ultracomfy
+++ antimalware_software [2025/08/30 16:26] (current) – ultracomfy
@@ Line 2: / Line 2: @@
 {{page>Templates:Secularization}}
 </WRAP>
-~~Title:Artificial Intelligence~~
+~~Title:Antimalware Software~~
 <WRAP centeralign>Information Technology/Cybersecurity/\\
 <fs xx-large>Antimalware</fs></WRAP>\\
@@ Line 78: / Line 78: @@
 ===== 2. What not to rely on: Windows Defender? =====
-There is a pervasive myth that common sense plus Windows Defender are enough to keep you safe. Or that Windows Defender is as safe or safer than other products on the market. Now obviously, "safe" isn't a binary. It's not that you are either "safe" or "not safe", the only truth here is that different combinations of precautions lead to different levels of //risk//. But still, the idea is that Common Sense plus Windows Defender is enough for the risk to be "low enough" for these people.
+There is a pervasive myth that common sense plus Windows Defender are enough to keep you safe. Or that Windows Defender is as safe or safer than other products on the market. Obviously, "safe" isn't a binary. It's not that you are either "safe" or "not safe", the only truth here is that different combinations of precautions lead to different levels of //risk//. But still, the idea is that Common Sense plus Windows Defender is enough for the risk to be "low enough" for these people.
-And... I don't know, maybe? Funnily enough, despite arguing against it, that particular combination //is// what I rely on((And even that only because I can't disable Defender without some drama from the operating system.)). How much risk is acceptable risk for you? Either way, the reason I don't like that claim is because Common Sense is terrible advice on its own and, for the longest time, Windows Defender was terrible advice as well.
+Maybe. In fact, that’s the setup I personally rely on. But the problem is that common sense is empty advice and, for much of its history, Windows Defender was genuinely terrible. The people who say “Common Sense + Defender” today are the same people who once said “just common sense.” The only real shift is that now we’re debating Defender itself.
-The truth is that the people who say "Common Sense + Defender" are the same people who, before Windows Defender was a thing, just said "Common Sense". So, for us this is about the merits of Defender itself, and here we need a bit of a reality check:
+For years, Defender was a failure. The most basic job of antivirus is keeping a signature list of known malware. Any serious product should ace this by default. Defender didn’t. It consistently missed well-known, widely publicized malware, including samples that were years old. Tests showed detection rates around 40%-60%, while products like Kaspersky or Bitdefender hit 98%. Despite that, people insisted Defender was “good enough", indicative of a complete lack of understanding of risk management or cybersecurity.
-For the longest time, Defender was a //terrible// cybersecurity product. Think about it - the easiest and cheapest way to do antimalware is to keep a list of files you know are malware. If you cannot do that, you have failed as an antimalware product. And... Defender was not able to do that. The most common and most infamous pieces of malware are signatures that absolutely //everyone// should have. A few years ago, in tests against even the most well known and infamous pieces of malware, Windows Defender was not able to pick up most of these. It's a test that every malware security product should ace 100% by default, before you're even considered for further examination. Sure, knowing recent samples and reacting quickly to malware that appeared just a few hours or even days ago is a different beast... but having signatures for malware older than 5 years that was so popular it even made international news headlines... that's the least we should be able to expect.
+Now, Defender has improved. It finally catches the obvious malware, its detection rates have climbed to around 95%, and it’s become a passable baseline product. Ironically, this means that people who were wrong for years are now accidentally right, but for the wrong reasons. Their logic hasn’t improved - the facts just shifted closer to their narrative.
-In those old tests, Windows Defender would score around 40% to 60% detection rates (depending on the pool of samples chosen), which was already way behind Bitdefender and Kaspersky's 98% at the time. It was in those times that people already threw around the claim that Windows Defender is perfectly fine and that there is no reason to buy a different one. The people who said that had no clue in the slightest on what they were talking about. Again: profession of risk management, profession of cybersecurity - both are serious business, don't sully them with your ignorance.
+Even so, Defender still has major shortcomings. Its scanning is largely signature-based, with minimal static analysis and weak behavioral detection. There’s some anti-ransomware with protected folders, but reliability is questionable. Worse, it has glaring design flaws: A single shell command can disable it completely, delete its signature definition files, or set the whole PC as an exception. Registry tweaks and group policy edits can bypass it in seconds. These are not obscure attacks - they’re widely known in the cybersecurity community, and in some circles defeating Defender is treated like a sport. Microsoft is patching, but the holes remain.
-One annoying part about this now is that Defender has actually been catching up over the years. It now passes the well known and infamous malware test like any other respectable product, and even its general detection rate is beginning to get to where other products are and, frankly, should be. 95% I think? There or thereabouts. The annoying thing about this is that the people are still thinking in their wrong and simplistic ideas of how the world works. The started out being utterly wrong, but over time the facts have begun to shift into aligning with some of what they say. So, now their wrong calculation just happens to spit out the right result, but they're still fundamentally wrong.
-The reality is that Defender, despite having caught up as a cheap antimalware product that has a register of signatures, doesn't have much else. The "scan" you can do with defender is still mostly a signature lookup, //not// static analysis. There is no sandboxing and barely any behavioral detection. There is some anti-ransomware with protected folders, which may or may not work. Beyond that, there are - to this day((August 28, 2025)) - massive, gaping security holes that you wouldn't believe until shown: A single shell command can set the entire PC as a scanning exception for Defender, a single shell command can just disable the Defender product as a whole or, if you want to be sneaky, you can just delete the Windows Defender definitions (the files that contain the signatures and other metrics it uses to detect malicious files) and render it utterly useless that way. Want more? Registry changes, Group Policy edits, the ways to defeat Windows Defender are so artistic they just do it for sport at this point. It does take a bit of sophistication and I'm sure Microsoft is working hard to fix those holes, so they'll closed any day now, but those things are out there.