Detection rate is good.
But it’s the very first AV, attacker would guess to bypass. And it’s VERY easy to do with a single .bat file that edits registry.
The only question is if 3rd party AVs are any better. Both in detection rates and bypassability by malware.
AV is terrible inherently and shouldn’t be relied on for any kind of security. Using a third party one is just security through obscurity, hoping that the malware won’t guess that you have that specific one.
And you don’t even scan downloaded files in Virustotal?
I mean you can if you want.
AVs and Virus has always been an attacker-defender problem from game theory. In general, if a program can deceive you into giving it elevated privilege, it can do whatever it wants. Based on reported patterns, AVs will design something that prohibits this and similar kind of attacks.
Well, execute scripts or code with admin rights has nothing to do with easiness.
You have to exploit a system to do that, regardless if it’s Windows or Linux if someone gains admin rights can do anything.
The script is only a sequence of instructions but it doesn’t magically hack your system, you have to find a way to run it, like and escalation of privilege.
I don’t understand why people are so surprised, if you hand me your system admin unlocked I’m the best hacker in the world.
Yeah. The point of antivirus is to protect you from malware it knows about before it runs, it doesn’t really protect you from malware after it gets a chance to run. If an exe/script has been executed it’s already too late for Defender to save you.
If there was malware running this script in the wild, that specific malware would get added to Windows Defender’s block lists pretty quickly though.
AV also does heuristics to protect you from running malware it doesn’t know about.
Heuristic is based on “previous experiences”, IIRC. If someone devises an entire new method of attack, heuristics can not work there.
What works the best is proper sandboxing, like on Android. AVs are a joke, but you should still use Windows Defender.
There have been plenty of bypasses of different AV/EDR solutions. Just to mention some: GitHub - tkmru/awesome-edr-bypass: Awesome EDR Bypass Resources For Ethical Hacking
Perhaps pure ignorance here … but how can you protect yourself from Malvertising when Google itself has been duped in the past even certifying a site after questions posed … ?
While on that topic, realize ad blockers and UBlock and perhaps some very custom DNS providers should steer you away but is less than 100% …
Statistically, in biology, 100 % is never approachable, so can only suspect the same is true in information technology even if 99.5 % … is that a concern ?
So, how reliable is Google’s own Website Authenticator ( not 2 FA ) ie. Transparency Report ?
Well for me, I would rather have more than 1 Gatekeeper … we can’t all pull them away with brute force like Dwayne Johnson !