Windows Defender Security Centre
 

Hi all

Was in the process of renewing my anti virus (MacAfee) and noticed my PC appeared to have a current subscription to Windows Defender Security Centre

Is Windows Defender Security Centre basically another anti virus as I don't see the point of running 2. Is which case is it any good.

Would appreciate any comments or advice.

Many thanks

Mike

Re: Windows Defender Security Centre
 

It's built into Windows 10 https://blogs.windows.com/windowsexp...curity-center/, although I wouldn't have thought it would show up as a subscription anywhere - as it's not a subscription service.

Re: Windows Defender Security Centre
 

It is certainly not subscription based.

Info and review here.

Link

Re: Windows Defender Security Centre
 

So do I still need MacAfee AV or could I do away with it ?

Re: Windows Defender Security Centre
 

A useful breakdown on that question is here https://www.howtogeek.com/225385/wha...r-good-enough/

I'd agree with them that if you're going to pay for anything, Malware bites is probably the one to do.

Re: Windows Defender Security Centre
 

Free Windows defenders is better than McAfee. Eset antivirus is better than Windows defender.

The point being you could ditch McAfee and use Microsoft defender for free but you won't get as good protection as Eset or even Kasperkys.

It's worth paying the little extra maybe, but only if it's the right AV and McAfee isn't the one to be paying for these days.

Re: Windows Defender Security Centre
 

You didnt mention MalwareBytes, do you consider that good or bad ?

Re: Windows Defender Security Centre
 

MalwareBytes is probably average in some respects of protection and better in others. Overall i would say it's worth using.

When AV products get tested every month and compared to see how well they do with detection of current malware, no one actually tests Malwarebytes as far as I know. Not sure if it's not considered an AV product like the others or what tbh.

As an example: https://www.av-comparatives.org/

The other part is being part of malware forums and knowing what tricks malware coders are talking about to get around peculiarities of each AV, in a similar way to the security agencies do. Mash all the areas together and you get a better picture of the whole thing.

The threat model for the average user is exploit kit malware from spam and driveby exploits. Malwarebytes, Kaspersky and Eset would both likely know about and add signatures for this malware quicker than Microsoft. Not what the average use would expect.

Also keep in mind that Kaspersky and the others will happily and quickly add signatures of state sponsored malware whereas MS would happily take their time for the 5 eyes crew. Something maybe for journalists and those who slag off america from time to time. /looks shiftily at processes in htop

Re: Windows Defender Security Centre
 

They're mostly a placebo anyway. Detection rate a month after malware release is about 50%.

Re: Windows Defender Security Centre
 

Well thats the thing. Each and everyone one of them can be bypassed easily but some protection is better than none. Catching the mass spam nasties which get noticed and added to signatures within a day or two has huge benefits though and those are the things that get most normal users.

The corporate scenario has to deal with those plus more bespoke nasty packages which don't get flagged the same way. The targeted ones rarely get detected at the time of infection. It's not just corporate though, if I say targeted Paul M with a spoofed mail+invoice for extra charges from one of his hosting companies, the only safe thing to do is not to look unless you know what you are doing. Disabling macros is not good enough fyi ;)

I wouldn't use a generic bit of Malware or RAT which would get easily seen, it would modified or crypted so it was not recognised. Infecting one person with it means it's likely to get known about by AV vendors. Send it to more people and the chances rise. Same with corporate attacks.

Re: Windows Defender Security Centre
 

Indeed. Off the shelf obfuscation tools are effective against a lot of AV as they are just using hashes of sections of code.

Heuristics aren't great either. Watching something I know is malware get past an AV sandbox makes me cynical.

Still I suppose they do the best they can without changes to basic OS and hardware environments. Balancing usability with security and all that.

Seen the SMM exploits? SMM rootkits are a thing now. Yay.

Re: Windows Defender Security Centre
 

SMM, unsigned code in Intel ME/Intel Management Engine, its all a mess at the highest level. Or is that lowest level? Forget ring 0 :D

The new bluetooth exploits affecting a range of things is something people should be more scared of at the moment. BlueBorne

Re: Windows Defender Security Centre
 

Yeah ring 0 is old hat and ring -1 for noobs.

Think we're going to need hardware built around a secure computing framework which means a few things will change, but then those in the know have been waiting for this for a while now. Software has repeatedly proved incapable of providing anything approaching a secure computing environment. Security co-processors sitting in between software and CPU have been on the table for a while.

---------- Post added at 14:30 ---------- Previous post was at 14:21 ----------

Yes. BlueBorne. Flaws through bad implementations of an excessively complicated protocol. Moral: KISS.

Re: Windows Defender Security Centre
 

I'm relieved that I don't understand more of that than I do but I'm glad that I rarely use Bluetooth, I think... :erm:

Re: Windows Defender Security Centre
 

I'm just waiting for the banks to collectively wet themselves when Trusteer Rapport gets compromised as it inevitably will. Glad I never put that on my systems.