Windows 8 defeated 85% of malware out of the box

Security-wise, things don't look so bad for Windows 8 and the new measures implemented by Microsoft. Security firm and anti-virus maker BitDefender recently performed a number of tests on the stock, out-of-the-box Windows 8 configuration and concluded that just 15% of "the 100 malware families most used by cyber criminals this year" managed to infect the system.

Of course as BitDefender makes anti-virus products they tried to spin this by saying Windows 8 is "prone to infection by leading malware threats", but really, blocking 85% of threats with just Windows Defender enabled shows that Microsoft's in-house and bundled solution is quite effective. BitDefender tested 385 of the most popular malware samples, and 61 of those infected the system.

Windows Defender in Windows 8 does a decent job

According to Softpedia, the same tests were run on stock Windows 7 and 262 pieces of malware successfully executed malicious code (68%), which is considerably higher because Windows 7 does not have the improved version of Defender installed. One can then conclude that in a stock configuration, Windows 8 is much more secure than Windows 7.

Of course it should be noted that if you disable Defender to bring your system to the same level as Windows 7, the results are going to be significantly worse, but still slightly better than Windows 7. 234 of the 385 samples ran perfectly (60.8%) with Defender disabled, while the remaining failed to execute for numerous reasons, and out of the failed executions only seven were stopped by user account control.

Now while 85% is a great effort by Microsoft and their in-built Defender, it is of course still not perfect as it didn't block everything and let 61 pieces of malware infect the system; this value should be noticeably less should you choose to purchase a third-party anti-virus software. But the improvements to out-of-the-box security, blocking 85% of malware in Windows 8 as opposed to 32% in Windows 7, should definitely be noted as good work by Microsoft.

Via: The Next Web
Source: PR | Softpedia

Report a problem with article
Previous Story

Live tile + music + falling wall = Norway Windows 8 promo

Next Story

Reddit mines for gold to pay for 3.8 billion monthly page views

45 Comments

Commenting is disabled on this article.

This PRWire news release is fairly pointless without specifics. If they posted the exact build of Windows 8, the hotfixes that were installed, whether the Windows Firewall was enabled, the version number of the Windows Defender definitions that were installed, and the list of malware they used for their test... only then would it be worth anything. As it stands now, they could have simply installed the retail version of Windows 8, disabled the firewall, and made sure not to install anything from Windows Update (including newer virus defs) and then claimed it only stopped 85%. We have no way to know, hence it's worthless.

SkolVikings said,
This PRWire news release is fairly pointless without specifics. If they posted the exact build of Windows 8, the hotfixes that were installed, whether the Windows Firewall was enabled, the version number of the Windows Defender definitions that were installed, and the list of malware they used for their test... only then would it be worth anything. As it stands now, they could have simply installed the retail version of Windows 8, disabled the firewall, and made sure not to install anything from Windows Update (including newer virus defs) and then claimed it only stopped 85%. We have no way to know, hence it's worthless.

Read the source on softpedia man.
They tested Win7 vs Win8 vs Win8 + Windows Defender. No third party installments, out of the box (save to assume latest released DVD/download/ISO from both).
As it was stated here it was only what got through Windows Defender on Win8 and Win7.
While Win7's statistics also include blocked threats by UAC and other security measurements in Windows itself.
While on Win8 the statistics used here on Neowin show only what Windows defender stopped.
Not what was blocked by other security measurements in the OS itself.

while the remaining failed to execute for numerous reasons, and out of the failed executions only seven were stopped by user account control.

This should be clarified. Stopped by UAC can mean they failed to execute at all, or it can mean they were prevented from acquiring Administrator privileges which is the actual goal of UAC.
As someone who follows security, I presume it means the former since an unauthorized privilege escalation would be a big deal, but many others, even users of neowin, are probably not aware of all of this. I guess the article is also not very clear here, so this is a complaint more about the general state of computer security journalism, and not specifically just neowin.

J_R_G said,

This should be clarified. Stopped by UAC can mean they failed to execute at all, or it can mean they were prevented from acquiring Administrator privileges which is the actual goal of UAC.
As someone who follows security, I presume it means the former

From the PR (and yes it has a grammatical error):

seven others launched but had their payload was blocked by UAC

Scorpus said,

From the PR (and yes it has a grammatical error):

At first I thought I had a brain fart. But I see the grammatical error you quoted is gone as well, so I may not be 100% correct, but I'm pretty sure the article used the ambiguous language that the neowin update used, and has been updated multiple times since I posted.

I think, if you tweak the out of box Windows 8 settings you should achieve 95%:
- Setup Standard Account for daily use
- Disable Flash
- Ensure no JAVA is installed.

if its a computer you are setting up for some other persons you can further lock down Windows 8 and probably push it 99%:
- secpol.msc
- gpedit (set the system to launch certain applications.

DesiSpark said,
How to add "Scan with Windows Defender " in the right click i.e in context menu ??

Files are scanned on-demand, meaning that whenever you open a folder, WD automatically scans the files in the folder for viruses. Likewise, SmartScreen checks .exe files against a definitions database to determine whether a file is safe. If it doesn't recognize the file, Windows won't allow you to open it without "unblocking" it in the file's properties.

Does normal/average OS usage reveal that there are so many malwares around?

I've been using Windows 7 with MSE (1.x-4.x) for the past two years or so, but the system remains secure whatsoever, despite whatever websites I visit or whatever apps I run.
So, it wouldn't make any sense for me to install additional security protection other than MSE and built-in Windows Firewall.

It keeps me wondering in which part of this world that there are so many malwares around, that causing one to install additional security protection.

Also, shouldn't users be educated as well to be aware on how to be secure on themselves? Users behavior matters here, not just a secure security tool. Human error is always causing troubles by its nature, in every single system I've found.

Another feature I wish I could do with Windows Defender that I could with MSE was the ability to right click a file and scan it. Not sure why the option was remove but I hope it's added back through a future update.

zman982 said,
Another feature I wish I could do with Windows Defender that I could with MSE was the ability to right click a file and scan it. Not sure why the option was remove but I hope it's added back through a future update.

Files are scanned on-demand, meaning that whenever you open a folder, WD automatically scans the files in the folder for viruses. Likewise, SmartScreen checks .exe files against a definitions database to determine whether a file is safe. If it doesn't recognize the file, Windows won't allow you to open it without "unblocking" it in the file's properties.

Anthony S said,

Files are scanned on-demand, meaning that whenever you open a folder, WD automatically scans the files in the folder for viruses. Likewise, SmartScreen checks .exe files against a definitions database to determine whether a file is safe. If it doesn't recognize the file, Windows won't allow you to open it without "unblocking" it in the file's properties.

Ah ok. I knew about SmartScreen and what it does for .exe's. Was not aware that WD auto scan the other files on demand, very interesting. Thanks for the info.

Anthony S said,

Files are scanned on-demand, meaning that whenever you open a folder, WD automatically scans the files in the folder for viruses. Likewise, SmartScreen checks .exe files against a definitions database to determine whether a file is safe. If it doesn't recognize the file, Windows won't allow you to open it without "unblocking" it in the file's properties.

Unfortunatelly this ia the only annoyance I have about MSE , and one of the few in WD, as it slowdowns sometimes my work. A lot.

eiffel_g said,

Unfortunatelly this ia the only annoyance I have about MSE , and one of the few in WD, as it slowdowns sometimes my work. A lot.

Disable realtime scan in WD settings?
Or go exclude files/folders/locations?

The slowdown is actually very little from my experience. Folders and files open just as fast (often feels faster too) as on Win7. And I haven't disabled or excluded anything of WD/SC.
The SmartScreen sometimes can be of annoyance though blocking an exe sometimes (barely happens) but just click the blue text and 'run anyway' so it isn't a big issue.

just upgrade to windows 8. MS will support windows 7 for a while but windows 8 gets stuff first and will be more secure.

Unfortunatelly Windows Defender is considered the same as MSE, but it has however some limits compared to this one - one of major issues is that no icon is displayed in taskbar so you cannot know if your antivirus was disabled by an virus.
Also you haev no options to set aa automatic scan of the system as in MSE. Or to set scanning of removable drives. It's less configrable - you cannot even set how much processor you can use when scanning as in MSE. Defender is a stripped version of MSE but not MSE whatever Microsoft says. However, adding Malwarebytes AntiMalware to your system improves dramatically the detection - you may think to use them without buying an other antivirus.

eiffel_g said,
Unfortunatelly Windows Defender is considered the same as MSE, but it has however some limits compared to this one - one of major issues is that no icon is displayed in taskbar so you cannot know if your antivirus was disabled by an virus.
Also you haev no options to set aa automatic scan of the system as in MSE. Or to set scanning of removable drives. It's less configrable - you cannot even set how much processor you can use when scanning as in MSE. Defender is a stripped version of MSE but not MSE whatever Microsoft says. However, adding Malwarebytes AntiMalware to your system improves dramatically the detection - you may think to use them without buying an other antivirus.

Wrong on the lack of notification - the same location (Action Center) is used by Windows Defender (8) and MSE (7); however, both OSes are set to autohide the icon by default.

Second, always-on scanning is the default in MSE, and always has been - this is unchanged in WD/8. There have been several updates (other than definitions) to WD/8, just since the launch of 8 alone. Further, why would you want to reduce CPU usage of an AV program that is already pretty darn miserly?

eiffel_g said,
Unfortunatelly Windows Defender is considered the same as MSE, but it has however some limits compared to this one - one of major issues is that no icon is displayed in taskbar so you cannot know if your antivirus was disabled by an virus.
Also you haev no options to set aa automatic scan of the system as in MSE. Or to set scanning of removable drives. It's less configrable - you cannot even set how much processor you can use when scanning as in MSE. Defender is a stripped version of MSE but not MSE whatever Microsoft says. However, adding Malwarebytes AntiMalware to your system improves dramatically the detection - you may think to use them without buying an other antivirus.

In the Advanced settings for WD, you can check 'Scan removable drives'. Is that option not on yours?

PGHammer said,

Wrong on the lack of notification - the same location (Action Center) is used by Windows Defender (8) and MSE (7); however, both OSes are set to autohide the icon by default.

Second, always-on scanning is the default in MSE, and always has been - this is unchanged in WD/8. There have been several updates (other than definitions) to WD/8, just since the launch of 8 alone. Further, why would you want to reduce CPU usage of an AV program that is already pretty darn miserly?


1. MSE has separate icon. Now I can see only Action Center ,but this can be easily bypassed by an virus. I have to open Action Center from time to time to check if WD is really works.
2. Not always scanning - but schedule scanning. Well something seems it could be set in maintenance, but going in different other applications to do what was in othe product on same page...

+devHead - I will recheck, but I remember I didn't see it. I'm not close to a windows 8 computer right now.

eiffel_g said,

1. MSE has separate icon. Now I can see only Action Center ,but this can be easily bypassed by an virus. I have to open Action Center from time to time to check if WD is really works.
2. Not always scanning - but schedule scanning. Well something seems it could be set in maintenance, but going in different other applications to do what was in othe product on same page...

+devHead - I will recheck, but I remember I didn't see it. I'm not close to a windows 8 computer right now.

The Action Center always pops up a notification when Defender or other element is disabled. Also the icon changes.

eiffel_g said,

1. MSE has separate icon. Now I can see only Action Center ,but this can be easily bypassed by an virus. I have to open Action Center from time to time to check if WD is really works.
2. Not always scanning - but schedule scanning. Well something seems it could be set in maintenance, but going in different other applications to do what was in othe product on same page...

+devHead - I will recheck, but I remember I didn't see it. I'm not close to a windows 8 computer right now.


Don't disable UAC and any malware will have a tough time disabling WD without your knowledge.
If anything comes up with WD, a big ugly square box on the top right of your screen will anoy you with information.

That's kinda screwy what MS did. Win 7 had Windows Defender but that wasn't good enough so they recomended you install Microsoft Security Essentials which disables Defender in a sence.
Now they run which looks like MSE and call it Windows Defender. Weird!!
Either way, whatever has been made available for Win 8 should be an update for Win 7 too.

LUTZIFER said,
That's kinda screwy what MS did. Win 7 had Windows Defender but that wasn't good enough so they recomended you install Microsoft Security Essentials which disables Defender in a sence.
Now they run which looks like MSE and call it Windows Defender. Weird!!
Either way, whatever has been made available for Win 8 should be an update for Win 7 too.

They were just testing the product out before integrating it IMHO. Win8 is more secure by design though - so it's not just because MSE was integrated there's a raft of low level changes in the OS to make exploits far more difficult.

dangel said,

They were just testing the product out before integrating it IMHO. Win8 is more secure by design though - so it's not just because MSE was integrated there's a raft of low level changes in the OS to make exploits far more difficult.

Further, the improvements in Windows Defender with Windows 8 are, in fact, from the beta of MSE for Windows 7 - same improvements were added to Forefront Client for Endpoints - the three are the same product when it gets down to cases. Windows Defender - the original one for Windows 7, that is - predates the acquisition of both SysInternals and Giant Software, and therefore the result improvements in MSE and WD/8.

PGHammer said,

Further, the improvements in Windows Defender with Windows 8 are, in fact, from the beta of MSE for Windows 7 - same improvements were added to Forefront Client for Endpoints - the three are the same product when it gets down to cases. Windows Defender - the original one for Windows 7, that is - predates the acquisition of both SysInternals and Giant Software, and therefore the result improvements in MSE and WD/8.

8 contains OS changes to make exploits more difficult - you missed the point. ASLR was improved, secure boot was added, Smartscreen, the kernel, the heap and IE all got improvements. This is well known. I think that's actually more important than MSE being integrated (although this is a welcome change).


LUTZIFER said,
That's kinda screwy what MS did. Win 7 had Windows Defender but that wasn't good enough so they recomended you install Microsoft Security Essentials which disables Defender in a sence.
Now they run which looks like MSE and call it Windows Defender. Weird!!
Either way, whatever has been made available for Win 8 should be an update for Win 7 too.

On Windows 7, Defender was just a firewall, now on Windows 8, Defender is just MSE renamed.

oliver182 said,

On Windows 7, Defender was just a firewall, now on Windows 8, Defender is just MSE renamed.


If Windows Defender on Windows 7 is a firewall then what is Windows Firewall?

Please, do not post lies or things you apparently know nothing about<3

Yakuzing said,

If Windows Defender on Windows 7 is a firewall then what is Windows Firewall?

Please, do not post lies or things you apparently know nothing about<3

A mistake is a lie? ok.

Defender on Windows 7 is an anti-spyware,. There. Happy?

dangel said,

They were just testing the product out before integrating it IMHO. Win8 is more secure by design though - so it's not just because MSE was integrated there's a raft of low level changes in the OS to make exploits far more difficult.


they say that about every new windows release. (the secure part)

soldier1st said,

they say that about every new windows release. (the secure part)

That's because it's true. Each new Windows OS IS more secure by design. Not impervious.

Is there any way of having only Windows Defender/MSE updates automatically update itself and forcing all other updates to happen only once every 2-4 months?

LauRoman said,
Is there any way of having only Windows Defender/MSE updates automatically update itself and forcing all other updates to happen only once every 2-4 months?

Considering the real-time effects of such updates (Zero Day fixes, fixes that get reverse engineered into new attacks), why would you wait 2-4 months for updates?

LauRoman said,
Is there any way of having only Windows Defender/MSE updates automatically update itself and forcing all other updates to happen only once every 2-4 months?
I don't see the point with that. Windows 8 (I am assuming you are using Win8, if not ignore me) increases the grace period to two days - no nags, nothing, just an orange message on the logon screen. Just leave it be until you go to sleep/coffee/smoke break and restart the machine for the updates to be applied.

wernercd said,

Considering the real-time effects of such updates (Zero Day fixes, fixes that get reverse engineered into new attacks), why would you wait 2-4 months for updates?


exactly.

wernercd said,

Considering the real-time effects of such updates (Zero Day fixes, fixes that get reverse engineered into new attacks), why would you wait 2-4 months for updates?


Because something-something system admin something-something updates are scary something-something deploy something-something cost something-something poor initial IT effort cursed a lot of businesses with a setup where up-to-date software is more damaging than out-of-date software and nobody is persuasive enough to make a difference with the executives.

What percentage are blocked by Windows when their FREE Microsoft Security Essentials with the latest updates is installed?

You do realize that Microsoft Security Essentials is officially considered Windows Defender? Yeah, surprising to know that if you manage to stay in sync and up to date. And prove it to yourself by trying to install a standalone version of MSE on Windows 8 and see what message you'll get. Yep, been on that road since the RP.

dvb2000 said,
What percentage are blocked by Windows when their FREE Microsoft Security Essentials with the latest updates is installed?

dvb2000 said,
What percentage are blocked by Windows when their FREE Microsoft Security Essentials with the latest updates is installed?

I think that it would be the same as Windows Defender since that is what Windows Defender is.

Simon- said,

I think that it would be the same as Windows Defender since that is what Windows Defender is.

the article is talking about "out of the box" so obviously Windows 7 is going to have a very old definition set, plus an old version of the base product.

I'd still like to know what improvements could be gained by updating the the latest MSE and definitions before performing these tests.

I very much doubt installing a 3rd party product is going to give you any benefit over an up to date MSE installation.

dvb2000 said,

the article is talking about "out of the box" so obviously Windows 7 is going to have a very old definition set, plus an old version of the base product.

I'd still like to know what improvements could be gained by updating the the latest MSE and definitions before performing these tests.

I very much doubt installing a 3rd party product is going to give you any benefit over an up to date MSE installation.

I would think that "Out of the Box" would include windows updates, include definition updates to WD.

Flippinwindows said,
You do realize that Microsoft Security Essentials is officially considered Windows Defender? Yeah, surprising to know that if you manage to stay in sync and up to date. And prove it to yourself by trying to install a standalone version of MSE on Windows 8 and see what message you'll get. Yep, been on that road since the RP.


I think that was kind of his point, w8 comes with the new defender ootb, and its very similar to MS security essentials, so basically W7 with the free MS security essentials should give similar results