As a cyber security dude, I'll never accept, free antivirus/anti malware solutions, will be as effective, as solutions, with required R&D budget, and priced accordingly.
Windows Defender is a highly backed program by microsoft and has a very large R&D budget, so your argument doesn't hold water. Microsoft has a vested interest in keeping your OS safe, not just for reputation, but for financial reasons as well. No one will be more motivated to protect their product than the people making that product.
I have seen countless paid products share the same or similar detections results to windows defender. Of course, just like with any other company, things will change from time to time and one product might be better than another for a time being in detection rates, but that's just the nature of security. There is no best program or one do it all solution that will magically fix everything.
We have seen time and time again the rise of vulnerabilities on security products themselves, due to them using ill advised or bad methods to have complete control over the system to function how they "need to".
Other security products and their research is well needed and a great thing to have in the industry as competition makes things better for everyone. There are multiple R&D and security companies working on things all the time. The amount of threats are endless. Nothing will ever be a silver bullet.
I am not saying windows defender is perfect, however I am saying that it is not a basic or pathetic solution as you seem to imply. It is true that using windows defender is something that by default people are using the most, so it's going to be attacked more and targeted to be bypassed.
I use malwarebytes as a second opinion, but I don't think it's strictly necessary.
It doesn't prove that. You don't know if these computers only had Windows Defender. Out of 4200 computers, it's more than likely that some also had a third-party AV. I get a lot of co-workers asking me what would be a good AV to install because their existing third-party AV is about to or has expired. A lot of casual users still install third-party AVs.
Exactly. We don't know what AV they were using. Sure if someone used sophos they claim they would have blocked it. We don't know if they were running as admin, what group policies if any were applied, etc. The article is extremely loose on details.
Also this was a usb malware attack, this is a very common sore point for any security solution. According to sophos from this article:
Borne aloft by DLL sideloading, a far-flung infection touches ten time zones
news.sophos.com
PlugX is fairly common backdoor malware (a RAT, remote access Trojan) of Chinese origin. If you read the article you get a surprise
So if it is common I would hope that any and all security solution would have been able to identify the new threat, but that doesn't always happen. I think its more of the luck of the draw when it comes to security, vs any security solution being "bad".
Agreed. You should use something like CrowdStrike Falcon. (sorry
@andrew129260, if it's too soon to mention that
)
Dear god that was a nightmare. Thanks for bringing that back lol.
Luckily changes are being made on that front to help prevent these issues going forward.
On Tuesday, Sept. 10, we hosted the Windows Endpoint Security Ecosystem Summit. This forum brought together a diverse group of endpoint security vendors and government officials from the U.S. and Europe to discuss strategies for improving resiliency
blogs.windows.com
