Windows 8 security is like a swiss cheese flak jacket - sez AV firm The knives are out for Windows Defender, the basic anti-malware protection bundled with Windows 8: makers of rival antivirus products are lining up to criticise Microsoft's efforts to secure its operating system. Windows 8 can be infected by 16 percent of the most common malware families, even with Windows Defender activated, …
It's Jarlsberg, not Jarlsberger.
Also, that cheese(my favorite if anyone wonders) is known for its 'nutty' flavour and few but large holes. The holes also tends to have a small 'tear' in them.
Now, the size of the holes may be reminiscent of Windows, but there's way too few of them to be a valid comparison...
"Malware that successfully bypassed Windows Defender was capable of opening backdoors to allow hackers to remotely control the attacked x86 PC, intercepting keystrokes, stealing online gaming credentials, and more."
There's one bit of information I'm always missing with researches like this: what kind of user account and user profile was used? Because the end user can matter a lot when it comes to system security and breach of that security.
2 extreme examples... Although Windows 7 sets up an admin account for you to work with by default (and relies on UAC to block unwanted system changes) its not how I like to work. Instead I lowered my accounts privileges to that of a normal user (I'm on Windows 7 Professional btw; this also provides user account access), removed the password from this account and instead added a password to the global system administrator account. Resulting in the obvious situation that my user account has no write access to system parts of the system partition (C). I can't dump something in c:\program files, I can't do much in c:\windows; the only places I have full r/w access to are my own personal data directories as well as the stuff on the non-system partition (D).
The moment I want to do something beyond my capabilities I either have to raise my privileges (start a raised console ("run as administrator") for example or simply await a UAC prompt. After which I need to type a password and then can perform the required changes.
Needless to say; I'm pretty confident that not much malware which might be capable of bypassing Security Essentials will also easily be capable to install itself. Unless of course it fully runs within user space and doesn't require any extra credentials; but mentioning of stuff such as keyboard monitoring makes me think otherwise. My account credentials simply wouldn't allow me to do this. (unless of course they're actually exploiting local root exploits or local backdoors, the article doesn't quite say).
Another extreme example is a friend of mine who clicks before reading. Sounds dumb, it is dumb, but that's the way he works. When he sees a website popup he's clicked it before you could say "I don't think that looks trustworthy". He'll even go as far as mindlessly clicking "yes" on UAC messages, sometimes even jokingly mentioning that "Oh, Windows needs to ask me if Bill Gates can go to the bathroom, sure; do what you have to do".
Needless to say: its also the kind of friend who calls me every once in a while to ask me if I could help him make his "PC run faster". At one time I even managed (well, stuff like adaware & spybot managed) to remove 584 cases of malware, spyware, tracking cookies and other kinds of crap from his PC. Although his switch to Windows 7 has managed to slow that process down quite a bit.
My point...
Needless to say that my user credentials and user profile (the way I work) is bound to stop a lot of crap even whenever that is capable of bypassing my virus scanners. Whereas my friend... With such a user profile I don't think it would even help if his virus scanner (or "protection suite") would be capable of blocking everything. Whenever there's a trojan provided chances are high he'll invite it right over by clicking "yes" ("sure I'd like some new software, lets have it!").
AS SUCH.... What kind of user profile is used during such virus tests? With modern Windows (Vista, 7, 8) its almost inevitable that the user will get a system warning somehow. So do they simply assume the user simply clicks yes all the time or....
All very good points. However, what happens when you encounter code that is able to elevate its privileges and/or bypass the UAC? I saw some good example code within the past fortnight that demonstrates this. Once the code is running on your machine, half the battle is lost. I'll try to dig up some examples.
Also, consider your friend: the kind of person who installs everything, clicks through UAC, gets thoroughly pwned. That's the sort of user Bitdefender is attempting to simulate, not a pro user able to lock down the machine.
All IMHO.
C.
the kind of person who installs everything, clicks through UAC, gets thoroughly pwned. That's the sort of user Bitdefender is attempting to simulate...
Bit of a daft test then. You can't proof a system against a user equipped with the capability to invoke admin privilege and determined to override the security. Defender is part of a layered approach and ruling out smartscreen, UAC et. al. is a bit like testing their own product having first disabled its heuristics, browser plugin and any firewall features "because I was getting too many messages and it stopped things working".
Give me any A/V suite and I'll get the box it's on pwned, if you allow me access to admin privilege and to behave like a complete twat who's going out of their way to get pwned.
Christ, I thought my mother was the most computer illiterate person on the planet[1], but at least she knows she's crap, reads the messages and makes an informed decision.
[1] I managed to talk her through installing a new ADSL router over the phone, despite some unknown POS having hard set the bloody DNS IP to the old router's settings (for the love of god, why?) at some point in the past. That gave Job a run for his money when it comes to patience, I can tell you.
But it was also a bit of a daft security system at the start too. The UAC popped up way too often and you either got annoyed, turned it off, or adapted his daft friends approach. It gotten somewhat better since then.
I've always liked a differentiated approach myself. Until the companies made it nearly impossible to not buy a suite I always ran AV from a different vendor than my software firewall, and none of it was from MS, who ought to have their own decent security in the system.
And it's not just MS. When I see a program pop-up a message from a third party vendor that says "An executable file wants to access the internet. Do you want to allow this?" I want to scream. WHICH FRICKING FILE?!?!?!?
Wouldnt this comment only really be valid if MS was making out that the windows defender was actually a replacement for third party anti virus software? Not sure that they have done that, if they did then I would agree with the comment that this is a fail, if they did not then this article is irrelevant.
AV software is part of the totality of the defence on a computer; webpage filtering, UAC, sandboxing and other elements work together.
To test one part of a system in isolation is only part of the story. A step to measuring the effectiveness of the whole since it is difficult to test a complex system as is. But to state that the entirety of a system is grossly faulty because of one element is disingenuous.
I presume that Bit Defender will show that their software would have stopped all the malware samples as well as bringing a cup of tea up for you in the morning
I've not had a virus infection on a machine of mine, ever. For most of my life I haven't had anti-virus either - I only started when the more 'virulent' viruses came about, like Sasser etc... and then I've only ever used free software.
Using my brain is the main way to prevent infection - don't click random links, don't open random emails from people I don't know, don't install software which comes from random websites, don't use pirate software from P2P services.
That and both edge and software firewalls do the job perfectly.
So 16% of malware gets through if I act like a complete moron. I'd rather take my chances that I'm somewhat more savvy and miss out on the CPU-sucking, RAM hogging, file diverting BS that is most AV software. My PC doubled its speed when I tossed out commercial AV software and let Defender do the basics. That was two years ago and I've only had one virus since then, which Defender caught before any harm was done.
One thing I couldn't help but notice is that you failed to mention how Windows 8's security compares to Windows 7 or Windows Vista. You say Windows 8 can be infected by 16% of the most popular malware when the OS' only protection is Windows Defender. I suspect that that if you ran those same tests against Windows Vista or 7 that you'd find similar results. My instinct is telling me that Windows 8 is likely as secure as it's predecessors and that you're focusing on Windows 8 in an attempt to grab headlines.
When you look at this from the Glass-Half-Full perspective, that means a clean install of Windows 8 is resistant to 84% of malware designed specifically to infect Windows machines. That's pretty good as far as I'm concerned. As the saying goes "You're trying to make a mountain out of a mole hill".
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
