Windows Defender is Doing Great Job in Protecting you Against Malwares

There are several discussions about Windows Defender which is pre-build Anti-Virus in Windows 10 and whether it is productive or not. I have seen several videos in YouTube where it wants to proof that Windows Defender is not effective and they scan for malware and it is not being detected with Windows Defender but it will detect with other Anti-Malware product, such video could be unreliable and these are questions where we couldn’t confirm in such videos:

  1. Is this real malware or it might be false-positive meaning, it is safe file but Anti-Malware accidently detect it as malware?
  2. If it is real malware, does it added into exclude or allowed list? May be Windows Defender detect it but in video, it has been added to exclude or allowed list to trick users.
  3. Is cloud protection on or off?
  4. How about signature? In video the signature number might detect incorrectly but some tricks and old signature might have been used.
  5. If the demo is true, where is its sample? How could we reproduce the demo?

Demos in YouTube with one or few samples are not valid source for malware testing. For better malware testing we need to relay on real research center where there are many researchers with tons of samples and under comparable fair environment test Anti-Malware products and could name AV-Test and AV Comparative example of reliable source for testing antimalware products. They have test environment and professional researchers where they test Anti-Malware products. In recent test which has been done in July 2018 for bot companies shows Windows Defender done excellent job as Anti-Malware product and also when dealing with malware. Let’s start with AV-Test, in their posted test on May-June 2018, Windows Defender manage to protect against all 0-days samples (meaning malwares which are unknown to Anti-Malware products) and has 100% protection (compare to industry average which was 99.6%) and in term of protection against known malwares it protects against all malwares like other products. In term of performance, it also did a great job compare to industry average but still need improvement in this area. In term of false positive detection (meaning detecting safe software as unsafe, it only has one false detection). Leading the Windows Defender as the top product in AV-Test, you may read the complete report on:

https://www.av-test.org/en/antivirus/home-windows/windows-10/june-2018/microsoft-windows-defender-4.12-182247/

Let’s check the report in AV-Comparative, in the latest test on July 2018, Windows Defender blocked all malwares with rate of 100% but it has high false-positive number of detecting 19 files. False-positive meaning the file was safe but incorrectly detected as malware and Windows Defender needs to improve in this area but it done great job by blocking all malwares. You may take a look at complete report on:

https://www.av-comparatives.org/comparison/

Above reports proof that Windows Defender is doing excellent job when it comes to detect and blocking malwares. However, as I already mention, there is no Anti-Malware software which could detect everything. Therefore, if you ever seen any sample where you believe is unsafe but being detect as safe or something which is safe but is being detect as malware in Windows Defender or other Microsoft Anti-Malware products submit its sample to Microsoft Anti-Malware team:

https://www.microsoft.com/en-us/wdsi/filesubmission

By submit sample, you would helping millions of people worldwide against getting infected with malwares and just one correct sample could help protecting thousands of systems. Security is ongoing process and we need to help Anti-Malware ecosystem, so they would be able to help us by enhancing their detection engines. You may check Anti-Malware testing website regularly to see their latest test and results.

Advertisements

Why My Anti-Malware Product Won’t Detect All Malwares?

Common question, I am hearing from users is well, I am using Anti-Malware software and I paid the license but why it won’t be able to detect all malwares? Do we have any Anti-Malware product to be able to detect and remove all malwares?

We always say that, there is no Anti-Malware software which is able to detect and remove all malwares. Anti-Malware products are able to detect all malwares in wide-list. It is list of all malwares which has been discovered and it is keep updating. Of course, if we know about malware, we could detect it. But there are tons of new malwares which are being created every day and let say it is not possible to say our Anti-Malware product is able to detect all unknown malwares too. However, they won’t leave them to go around and harm users. Anti-Malware products comes with techniques to detect unknown malwares like using heuristic detection which uses machine learning and detect suspicious objects or applications based on similarity with other known malwares and behavior monitoring which detect unknown malwares based on abnormal behavior or similarity of their behavior to known malwares. There are several techniques which Anti-Malware vendors are using to detect unknown malwares. They are placing spam-trap or honeypot to collect sample of new malwares. They doing research on black markets for new malwares and users also submit sample to them. It is whole ecosystem and keep improving to make sure unknown malwares are being detected and discovered by good guys before get used by bad guys. However, it is not possible to detect all unknown malwares. So, what to do?

Anti-Malware is not the only thing which protects you against malware. There is beautiful concept of defense in depth in Windows, which explained you have defense layers which could stop malware even before they reach to Anti-Malware product like SmartScreen Filter, DEP, ASLR and others. In addition, you as a user should learn about threats around you, if you are visiting website which looks suspicious, you have to report it through SmartScreen filter. If you have sample of program which you believe it is malware but your Anti-Malware software says it is safe, submit it for analysis. Don’t hesitate contacting support or security forums to ask about your concerns with unknown malware and unknown programs. Keep yourself update about latest security incidents and best practices.

 

 

 

Questions about Windows Defender in Windows 10

Windows 10 comes with Windows Defender pre-installed (actually Windows 8 comes with Windows Defender) and it is full real-time Anti-Malware product. Windows Defender was free download for Windows XP and build into Windows Vista and Windows 7 as Anti-Malware product only. Later on, if you want to protect yourself against all malware, you could install Microsoft Security Essentials for Windows XP, Windows Vista and Windows 7. Today, Windows XP and Windows Vista are no longer supported and hence Microsoft Security Essentials are also no longer supported in these platforms and we have Microsoft Security Essentials for Windows 7 and Windows Defender pre-build into Windows 8 and Windows 10. Here I would like to answer to some of questions related to Windows Defender in Windows 10:

I am using Windows 10 , do I need another Anti-Malware product?

No, you have Windows Defender inside your Windows and it is full Anti-Malware product and it is protecting you against all malwares including Virus, Worm, Trojan, Spyware, Rootkit, Bootkit, Adware and so on.

Is Windows Defender really protecting me?

Windows Defender shows a good performance in detecting and removing all malwares according to latest test by independent researcher.

There is file I believe is a virus but it won’t be detected by Windows Defender or I have a file which is safe but being detected as virus incorrectly, what can I do?

These are known issues to all antivirus vendors like Windows Defender. You could report both cases through Microsoft Anti-Malware Sample Submission website https://www.microsoft.com/en-us/wdsi/filesubmission

Can I use different Anti-Malware product?

Yes, as long as Anti-Virus software is working fine with Windows 10 and it is compatible, you may use another Anti-Malware product and they will disable Windows Defender and replace it. Once you uninstall your Anti-Malware product, Windows Defender should get back to work.

I do have other questions or problem, what can I do?

There are other questions and answers you could find about Windows Defender and other Microsoft Anti-Malware products on https://answers.microsoft.com/en-us/protect and if your question is not answered or asked there, you may ask new question .

Enjoy using Windows Defender and have a safe cyberspace.

Report Malwares to Malware Killers

If you are using Windows 10 or Windows 8, you have Anti-Malware software build into your PC. It is Windows Defender and it is full Anti-Malware protection. In Windows Vista and Windows 7, Windows Defender is Anti-Spyware only and it won’t protect you against all malwares but you may use Microsoft Security Essentials which is full Anti-Malware software. In general, I recommend all of you consider upgrading to Windows 10 which has the best protection against cyber-threats.

Anti-Malware products are trying their best to protect you. There are Microsoft Anti-Malware labs around the world and researchers there work on finding sample of malwares, analyze them and make sure their Anti-Malware product is capable of protecting users worldwide. There are smart engines in Anti-Malware products which are able to detect unknown malwares (the one which are not detectable) by their behaviors. There are many techniques and methods to detect, protect and remove malwares from a PC. But unfortunately, there is no Anti-Malware product which is capable of detect everything. Malware authors, try their best to bypass Anti-Malware products while Anti-Malware vendors including Microsoft try their best to make sure their product it capable of detecting every malware. While the battle between Microsoft Malware Protection team and bad guys who try to take over your Windows and bypass the Anti-Malware products is going on, you might wonder how you could help them.

If you ever faced any sample which might be suspicious and Windows Defender, Microsoft Security Essentials or any other Anti-Malware product is unable to detect it, you could submit sample to Microsoft Malware Protection Center. Your sample will be analyzed and if you already login, you may see the list of submission results. Please take note, if you believe your PC is already infect, DO NOT sign in with Microsoft Account, because there might be a keylogger or spyware which could steal your username and password. You could submit sample anonymously by just enter a name. Doing so would help people in Microsoft Malware Protection Center to analyze sample and make Anti-Malware product smarter and of course block more malwares.

Let say, if you face a website which might contains malware, you could submit sample in Internet Explorer by open Tools->Safety->Report unsafe website and in Microsoft Edge, click on tools->Send Feedback->Report unsafe website and in the menu, and select I believe this is a malicious website. It helps Microsoft to block malicious website and also investigate the website for possible unknown malwares.

In Microsoft, there are many people who are trying their best to protect you against cyber-threats, so let’s work together and help them to bring a better cyberspace. If you are using non-Microsoft Anti-Malware products, you still could report sample of malware to Microsoft Anti-Malware Protection Center just in the list, select product as Others and then explain your issue in Additional Information.

I am Looking for an Anti-Malware for Windows 10

Windows 10 recently released to the public and people are excited about it. Many people asking about Anti-Malware software for Windows 10. They are asking about whether their Anti-Malware product will be worked on Windows 10 or should they use their current Anti-Malware product or switch to something else. There are two main scenario will be discussed with regards to Anti-Malware for Windows 10 which are Microsoft Anti-Malwares and Third-party Anti-Malwares.

Microsoft Anti-Malwares: In case you are Windows 8 user, you might already know about Windows Defender. It is Anti-Malware build into Windows 8 and it is successor of Microsoft Security Essentials. As long as you don’t install any other Anti-Malware products, you could use it and it will protect you against malwares. The basic interface for Windows Defender in Windows 10 is very similar to Windows Defender in Windows 8, however there are some changes in term of interface in Settings. In Windows 10, Windows Defender settings is being manage by Settings in Windows. In case you are using earlier version of Windows like Windows 7, Windows Vista or Windows XP, then you might have used Microsoft Security Essentials. In this case, you should take a note that Windows Defender is the successor of Microsoft Security Essentials and if you are upgrading to Windows 10 make sure uninstall Microsoft Security Essentials first and then upgrade to Windows 10. In case, you are doing clean install of Windows 10, once you install it, make sure check Windows Defender and make sure it is on and running. Microsoft Security Essentials and Windows Defender both are using similar Anti-Malware protection engines and they protect you the same way. However, in Windows 10 the protection is more advance since they are technologies like ELAM which enhance protection. Consider Windows Defender as successor to Microsoft Security Essentials and enjoy it.

Third-party Anti-Malwares: During Technical Preview of Windows 10, many people complain about compatibility of their Anti-Malware products with Windows 10. The main reason for these problems was majority of Anti-Malware vendors didn’t want to provide resources or support for pre-release version of Windows and instead they concentrate on working on developing supported version for final release of Windows 10. Right now, majority of Anti-Malware vendors announced their Anti-Malware products are ready for Windows 10. In many cases, you need to perform some updates or upgrade to the latest version to be able to take advantage of compatible Anti-Malware for Windows 10. In addition, as long as you have valid subscription for your Anti-Malware product, you are eligible to upgrade your Anti-Malware product for free (in most cases) and if it is the case, you should refer to your Anti-Malware vendor’s support website for more details. You could still enjoy using your current Anti-Malware software in Windows 10.

Now, back to the main question, should we use current Anti-Malware product or switch to another? Selecting Anti-Malware is something personal and it depends on what you expect from an Anti-Malware product and which product satisfy your requirement the best. Some people are selecting one brand because it great support, while other might select it because they like its graphical user interface or options. This is a question when answer is known only to you. You should ask yourself, how you define a good Anti-Malware product and why? Everyone might have a unique answer to this question depending on their past experience and their expectation. One other important note is, some people report about bad experience with some Anti-Malware products and they abandon them long time ago and they never used it. You may consider try them again as over time a lot of improvements happens and you might love the latest version.

In case you love Microsoft Security Essentials or Microsoft Anti-Malware products, you don’t need to install or look for anything, Windows Defender is already build in into your Windows and as long as you don’t install any other Anti-Malware product it is there to protect your PC. If you install any other Anti-Malware product, it will disable Windows Defender to avoid conflict and once you uninstall your current Anti-Malware product, Windows Defender will be enabled. Please be reminded that after installing or uninstalling Anti-Malware or any other software, it is recommended to restart your PC.

I hope everyone enjoy their Anti-Malware products in Windows 10 and enjoy new experiences in Windows 10.

Anti-Malware Products Protect You Against 0-Days Vulnerabilities

Vulnerability is a weakness in security of a software system which if it been used it could cause security risk like compromising a system or cause security attack. It is exist in any software system and could discover any time. Many security researches, spend several resources to discover new vulnerabilities and working with companies to report them privately and resolve them. Once a vulnerability have been discovered by researchers, they will work with the software vendor to resolve it. When problem been resolved, the solution will release as an update and when end user install them, they will be protected against these vulnerabilities.

In a good case, vulnerability should be discovered by trustworthy people and its details should kept confidential until solution to address it been developed and tested and release as an update. But this is not the case all the time. Sometimes, vulnerabilities been discovered by bad guys, hacker or cybercriminals and they use it for criminal purposes and they won’t even notify the software vendors to fix it. Even when software vendor notice this issue, it is not possible to release an update and fix right away and it might take some times to do more research and testing. Another case is a research is being done confidentially but it suddenly disclosure to the cybercriminals and before solution released, vulnerabilities will be used for criminal purposes. There are number of reasons that we couldn’t release updates right away. First vulnerability should be investigated thoroughly so fixing this vulnerability won’t create new vulnerability. Another issue is when fix or update developed, it should be tested to make sure it won’t cause conflict or error with other applications or programs. In addition, some vulnerabilities are complex and need more time to think about a right fix and also preventive measurement which such vulnerability or other vulnerabilities similar to this one won’t reappear in future. The other problem is when solution to vulnerability been found and released as an update end users might not apply it right away. They might delay update because they are in middle of important project or task or they need time to test update first before apply it. So this delay time between discovering vulnerabilities and releasing update to fix it , might give opportunity to cybercriminals (if the update is publicly known) to use it for criminal purposes.

However, there are many ways to protect yourselves against such a vulnerabilities which technically known as 0-Day Vulnerabilities. Your Anti-Malware software is protecting you against Virus, Worm, Trojan, Spyware, Adware and other malicious programs. It protects you against 0-day vulnerabilities too. It might take time to check and investigate an update for vulnerabilities, but releasing an update similar to the Anti-Malware signature for the same vulnerabilities is not take that much time, because Anti-Malware will see vulnerability similar to other malwares and if detect anything which similar to the vulnerability which been discovered, it could detect and quarantine it or block and remove it. Anti-Malware updates are daily and regular and many people and administrators will know they have to update their Anti-Malware products in daily bases so you will get the update faster. So if you have updated Anti-Malware product such as Microsoft Security Essentials or Windows Defender (in Windows 8, Windows 8.1, and Windows 10 Technical Preview) it will protect you against vulnerabilities while you are waiting for update. Note this does not mean you don’t need update your operating system and software. But simply you could rely on Anti-Malware products to protect you against 0-day vulnerabilities while the actual solution is being developed or you are deploying updates.

Anti-Virus for Windows 10 Technical Preview

The next version of Windows is Windows 10 which is successor to Windows 8 and Windows 8.1. Many people ask about Windows 9. Did we miss Windows 9? When it have been released? Well, there is NO Windows 9 and you didn’t miss anything and right after Windows 8 or Windows 8.1, you will see Windows 10. You may want to know about what Windows 10 is look like and what is new and you might ask how can I get involve in improving Windows 10. It is a good opportunity for you to join Windows Insider Program and you have opportunity to try Windows 10 Technical Preview and try it out and if you have any feedback or if something is not working, you may use Feedback form to report it. Important note is this release is Technical Preview and NOT the final one and it will have issues like compatibility , problem with working and installing software and you should NOT install it if you are not confident to resolve problems in Windows or for production and working environment. You may use Windows 10 Technical Preview if you want play around with it and test it and report issues and problem and just play around with it and of course share your idea with Windows team.

One common question is what Anti-Virus software I should install on Windows 10 Technical Preview? Like Windows 8 and Windows 8.1, you already have Windows Defender installed in Windows 10 Technical Preview. It protects you against Virus, Worm, Trojan, Spyware, Adware, Keylogger and other malicious programs. Windows Defender is successor to Microsoft Security Essentials and it is preinstalled in Windows 8, Windows 8.1 and Windows 10 Technical Preview.

If you want to install other Anti-Virus software in Windows 10 Technical Preview, it might or might not work. In case that it didn’t work, you should check you are installing the latest version of Anti-Virus software (the one that is working on Windows 8.1) and also look into beta website of Anti-Virus vendor (if exist) and check if they have any beta release for Windows 10. Some Anti-Malware companies might open beta programs for upcoming version of their products and also intend to test it on Windows 10. In addition, if you face any compatibility issue always use Feedback form to report it. For Anti-Virus product you should NEVER run them on compatibility view because they might run but they are unable to completely protect you in compatibility mode. It is recommended to use existing Anti-Malware in Windows 10 Technical Preview which is Windows Defender to protect yourself against malwares.