Defender vs Avast

dencal said:

Who would be more likely to know when an infiltration was taking place on the O/S?....those who designed it know when something untoward occurs on any computer using their system, this can notify a fault instantly to M$ via the cloud.
Of course this opens up a can of worms with the tin foil helmet brigade ie-spying, when in reality M$ are only interested in safe guarding their system for its users.

Microsoft won't know. Don't you think if they did Windows would be as vulnerable as it is? The fact that Microsoft don't know, or like to admit, their software is leaking buckets, debunks your belief. When your computer gets hacked no-one will likely know. That's how they work. It can be something as simple as port scanning your server, looking for known vulnerabilities in the software you have running on open ports like SSH or SFTP and then firing off an exploit based on the version of that particular software. It's really that simple. If it's successful you will get a shell session, if the exploit is designed to seek this outcome. Most exploitation frameworks will go straight for the treasure - the shell. Once you've got shell you are pretty much at the screen of the computer as if you were in the building/place it is in typing in commands. You're fairly screwed from this point onwards. Do you think there's warning flares being fired off? No chance. The fact that you've used an exploit that targets a vulnerability is what will COMPLETELY evade security measures in place. If you went in hard with a trojan then you'll likely hit obstacles as signature/behavioural analysis will no doubt pick this up. A vulnerability exploit though? Sorry. You lose.

It's no different for consumer computers only it becomes a case of finding other ways to gain access to them because unlike servers your computer isn't providing services to the world on open ports, like 80 or 22 for example. A general rule of thumb is ALL incoming connections are blocked as per any decent firewall. Outgoing connections are different though, and that's where you get caught out. So you have to find ways to get someone to do the work for you. Or, you have to get on the network somehow. When you get someone to do it for you you get them to run the exploit. This usually occurs through phishing attempts. People will open attachments pertaining to be from work. Documents for next weeks meetings, or whatever. Open them, the program runs, the reverse shell is now connecting out to the C&C or, if the attacker does have an exploit he will use it then and there. That's what happened with the WannaCry attacks. It utilised a then unknown vulnerability which then compromised the system and it then worked through SMB (Server Message Block) to further infect other computers on the network.

Do you think your AV had any input? Nope. Not even a slightest comment was made, or allowed for that matter. Microsoft had no idea UNTIL the US government practically came them saying they might have had a very dangerous vulnerability leaked and it's not doing it's rounds infecting Windows 7 computers (also infected XP as well). They then set about fixing the vulnerability and rolled a patch, something they have never done in the history of their existence. They rolled out an out of service patch out for XP some several years after ditching it. That's like Chevy patching model numbers from the 60s.

All this proves that no-one had any way of dealing with it until it happened. Fortunately, the security community are very fast to respond and we have some amazingly talented individuals out there who unbeknownst to us all keep us safer and protected. Most people think it's just magic and it's some corporation somewhere with elves in the closet making antidotes for these viruses. It's really men, women from all ages, disciplines, skill levels, countries, institutions and academic affiliation etc coming together pretty much like they do on Reddit and/or any other social media platform and sharing information. But that doesn't mean they can can always predict attacks. They evidently can't and we don't expect them to be mind readers. But they do respond quickly and so because of that your sense of security is not because of your antivirus protection or Microsoft specifically, it's because right now there will be a team of analysts, engineers, architects, researchers etc dissecting the latest threat before it causes damage. One way they do this is through setting up what are called honey pots. These are basically servers that are deliberately setup to be compromised to then record how the attacker gained access.

Trust me, Microsoft nor your AV is going to be there when it hits the fan. It's there now and there might be a green tick or an icon or whatever. But given a scenario where your computer is being probed for potential holes it will be very likely there will not be one siren that is raised. Of course, and like stated above, this is not true if the attacker uses known malware and/or components ie compression software, encryption, certain PE (portable executable) templates, obfuscation techniques etc.

OldGuyFromCdn said:

I used Avast back in the XP days but abandoned it when it started getting bundled with other software. I've used Windows Defender and Malwarebytes free for a long time and they work just fine. Viruses, bots, zero day exploits; yeah, anything's possible but most of that stuff targets corporate users these days. Not many people interested in screwing with your computer if there's no money in it. And Avast won't protect you from phishing attempts, you just have to use common sense.

That's not true. Consumers are among the heaviest hit because they tend usually to be the easiest to make most money from. They are also likely the most uneducated and the easiest to target. Businesses these days are pretty clued up when it comes to the various attack vectors and means of exploiting their employees. You'll unlikely encounter a staff member in an office giving away credit card details but, you will likely see the same thing with an unaware father at home oblivious to his being hacked. He looks the next morning and several thousand dollars has been swiped. You probably won't find that happening so much in the workplace. Most employees don't have access to the money to begin with. When attackers go for businesses it's often for data exfil not really for money. A byproduct of the data exfil is money however. They will then sell what they consider to be the most valuable and prized data on black market communities to the highest bidder. And it obviously can cost LOTS of money if and when a company gets hacked and the data stolen is paramount to their operations.

Lots of people are interested in screwing with your computer. You just haven't encountered these people. Or like may never have known. There's an entire community of said people, namely black hat hackers, who make a hobby out of hacking people. Go to an internet cafe and if theres someone like this around he will be compromising the default gateway and intercepting traffic. End up on the same street as such a person and they likely will have their wireless adapter in monitor mode and taking advantage of you having WPS enabled. The biggest threats are from these kind of people. These form the biggest threat group next to APT (advanced persistent threat). APT, these are usually nation states and/or state sponsored group. These guys are who could take down your entire countrys infrastructure and what your government are spending billions each year to protect from. These guys however don't often go for small fry. Which goes back to the black hat hackers, script kiddies, hobbyist malware developers and serious hackers alike, criminal groups, anarchists etc. These guys are often what trigger most daily chaos. And they will target anyone they can.

Callender said:

Well it doesn't matter what you use if you don't understand how to configure it and how to use it.
So pick any decent AV that you know how to configure and use. Defender if you like but you still need to understand how it works.
Even then you would be advised to make regular system image backups and keep a selection of them for rollback.

Well put !

OldGuyFromCdn said:

Well put !

No point in configuring something that ultimately will offer little protection against threats that are not known. And that's how all threats start out as before they are identified. When they are identified that is when your antivirus comes into play because it knows what it is looking for. Before that and it's simply just software like any other. It is as useful as Notepad in this scenario. For known threats and all the most common attack vectors - sure, you have protection. But most threats when they happen are not known.

How can you protect yourself against something that you do not know is there? This is the reality when you're talking about security in this context. You can only prepare and do your best to secure systems and antivirus, if you do your research, is the last port of call. That's why so many people get hacked because the advancements in knowledge and capability in the bad guys hands is literally like comparing a toddlers ability to survive in the world to a grown adult. Pretty much 99% of the world are toddlers when it comes to the internet and computers.

When it comes down to it you're talking about a lifetime earned skill to hack. It's not something you learn overnight. And just like astronauts, they know a lifetime more than you about being an astronaut. If they wanted to use that knowledge to put you in an awkward spot they could. Likewise, the government know far more about the country than you do. If they wanted to exploit this then they would. When you are the one who knows very little other than a few tips and tricks you learn on a forum you begin to see how humbling it is to realize you actually know very little and can actually prevent very little. And that's why computer security and privacy is being pushed into the mainstream as a conversation because this education needs to take place.

The ability to attack computers is far greater than the ability to defend. Your own government will tell you this. It's public information. And that's because theres far more knowledge about how to hack computer systems and networks than there is how to defend them. And as an average user where do you think most people are placed in all of this? Again, they are the toddlers. They think they know but they know very little. That's just the reality. There is more out there than antivirus. More out there than a few things you've learned over the years about how to use your Windows operating system. This is actually very basic stuff compared to the serious nuts and bolts. Knowing this is and brancing out in order to learn how to protect yourself is what will offer you more protection.

Another vote for Defender here. If you don't have enough knowledge you will get infected anyway. Also, regarding AVAST, it has become more of a virus itself. AVAST has been known for doing some shady practices lately (spying on users and selling info to third parties, etc). Also AVAST AV is not that good even if they want you to believe so.

Defender is fine, binned Avast's Bloatware shortly after Win10 first appeared.