Windows Defender

[lxskllr]

I'm wondering if any of you have ever seen Windows Defender actually defend against a threat. I'm very tempted to get rid of it. I've used Vista since release, and as near as I can tell, the only thing it does is update itself, and make my HD grind for a couple of minutes afterwards.

 

[RebateMonger]

Yeah, when the original Microsoft AntiSpyware came out, it was half-decent at catching stuff. I HAVE seen it still catch things, but not very often. But that's true of most realtime anti-spyware software, too.

 

[mechBgon]

I recently unpacked a couple thousand malware samples from ~18 months ago and scanned them with Windows Defender and with Kaspersky's online scanner. Results screenshots:

Windows Defender
Kaspersky


Keep in mind that these are signature-based and heuristics-based detection rates, not accounting for behavioral detection methods in either product that might detect running malware in the act of doing something suspicious. However, I think anyone looking for a Windows feature that actually stops malware en masse should forget about Defender and go straight for Software Restriction Policy and a non-Admin user account, which is a formidable baseline.


To answer the actual question, yeah, I've seen Defender actually detect stuff before.

 

[FLegman]

Great comparison and results, i now know for sure that the Louvre Museum is not the only place to admire fine antiquity.

 

[Lemon law]

I for one have to agree with MechBgon, Windows defender may not have wide ranging detection ability, but its an active defense, and what it stops and therefore prevents should not be sneered at. At at a cost of zero and low footprint also, its a no brainer to have it running on both my computers.

 

[Hadsus]

Since I use Norton Internet Security I see no use for it other than to waste CPU cycles.

 

[lxskllr]

I guess I'll keep it... I've always figured "Why not?", it's free. I'm just tired of getting updates for it, and having my HD grind for a couple of minutes afterwards :^/

 

[ericgomes]

The thing that sucks about Windows Defender is that it's such a common, free piece of software. A lot of coders test their infections on it. It's pretty obsolete if you ask me.

 

[daniel49]

never finds anything on my sys, just updates and takes up space.

 

[tzdk]

Yeah I have seen it in action. Also when Avira, ESET, Norton give thumbs up. Find some source of fake scanners or simular and test away. I had to because I also had doubts if it was functioning. But you will see small windows colored red and yellow warnings depending on classification of infection, eventually you will. A little problem for some products since they either disable Defender or suggest it on their forums. Dont think it is a good idea to declare it waste of space. Think those comparison numbers could be based on samples Defender dont care too much about. Have to judge it according to what it claims to do - which is a good question since those definitions are a bit loose. When MS release their free AV same comparison should look better regardless of sample type.

As with other products it is possible MS increase activity/effort and so efficiency can improve, or the opposite for that matter.

 

[raincityboy]

I was playing around with windows 7, and some rogue baddies like, AV360, Personal Antivirus, SYSGuard, PC Defender, etc..

It detected and removed most of them. It did a great job.

 

[tzdk]

Considering how many times you have to confirm actions in Windows it seems too easy to click "ignore", and let infection install away. Should have some Avast type of window, "Virus has been detected" or other gimmick. Just a little window with 2 choices, like this High Alert Almost identical for Yellow warnings, except they can be reviewed Medium Alert