P
patkim
Guest
Hi,
I am not too sure under what category I should post this question or may be my opinion. I am always particular about security especially ensuring that my PC and data is safe from any threats like virus, malware, ransomware etc.
I try out a few things inside virtual machine to test how effective the protection is.
Windows 10 1903 defender has a built in ransomware protection called Controlled Access to Folders which is good and it works. The catch is that the Defender itself is vulnerable. I tested this in VM on Windows 10 1903.
There’s a malicious program floating around 'those' sites on the internet that claims that it can remove defender from Windows 10. I thought that Defender shall catch it but it did not. Even when real time protection was ON, I could easily run that malicious program and it removed defender completely from my Windows 10 and no restart was even needed.
If ransomware runs that code first then the so called ransomware protection of defender will be rendered useless.
I think Microsoft should strengthen their Defender security and prevent any unauthorized changes to its operations unless manually stopped by user who is physically present before a PC and thru GUI interface. One way is to implement password based access to very critical settings like that of defender. Don’t know if that can be feasible. I don’t know much about Windows 10 internals.
Kind regards.
* Moved from Windows 10/Settings
More...
I am not too sure under what category I should post this question or may be my opinion. I am always particular about security especially ensuring that my PC and data is safe from any threats like virus, malware, ransomware etc.
I try out a few things inside virtual machine to test how effective the protection is.
Windows 10 1903 defender has a built in ransomware protection called Controlled Access to Folders which is good and it works. The catch is that the Defender itself is vulnerable. I tested this in VM on Windows 10 1903.
There’s a malicious program floating around 'those' sites on the internet that claims that it can remove defender from Windows 10. I thought that Defender shall catch it but it did not. Even when real time protection was ON, I could easily run that malicious program and it removed defender completely from my Windows 10 and no restart was even needed.
If ransomware runs that code first then the so called ransomware protection of defender will be rendered useless.
I think Microsoft should strengthen their Defender security and prevent any unauthorized changes to its operations unless manually stopped by user who is physically present before a PC and thru GUI interface. One way is to implement password based access to very critical settings like that of defender. Don’t know if that can be feasible. I don’t know much about Windows 10 internals.
Kind regards.
* Moved from Windows 10/Settings
More...