Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Windows Defender vs Ransomware 2024 (TPSC)
Message
<blockquote data-quote="Andy Ful" data-source="post: 1078353" data-attributes="member: 32260"><p>I am afraid that there are no such tests for any AV. In known Real-World tests, there are some 0-day samples (but not zero-hour). The rest are 1-day or even a few days old malware. If I correctly recall, about 2/3 of samples in the wild can be 0-day malware. But when tested in the lab, the ratio can rapidly drop with any hour (many 0-day samples became dead or 1-day samples). If the test is done one time a day, the ratio can drop probably to one 0-day sample per 10 samples.</p><p></p><p></p><p></p><p>That is true, but only if the banking trojan is run in the already infected environment. Such a scenario is probable in Enterprises via lateral movement. At home, the banking trojans are delivered by other malware types that are well-detected. So, the chances of banking trojan infection are very small (combined chances of initial_malware_infection * chances of banking_trojan_infection).</p><p></p><p></p><p></p><p>That is more or less true for a free version (similarly to other free AVs), but I would not say that it is confirmed by MRG Effitas and AVLab.</p><p></p><p>MRG Effitas (360° Protection) <strong><span style="color: rgb(0, 168, 133)">does test only the business versions</span></strong>. It can confirm that <strong>Defender</strong> <strong>Antivirus Enterprise</strong> is an average protection layer against malware simulation on the already infected system (not good in the Banking Simulator Test) and as good as the top solutions in other banking tests (Real Botnet Test and Financial Malware Test). The overall protection against banking malware is better than Trend Micro Security and Avira Antivirus Pro.</p><p></p><p>The AVLab testing procedure is somewhat flawed for Microsoft Defender, because the "Block at first sight" feature does not work properly. It is rather a custom protection level (different from the real protection) used as a reference for other tested AVs.</p><p>Anyway, the results of the last test in January 2024 (2 missed samples) would be probably the same as with a fully functional "Block at first sight. The missed samples are legal PUAs (XMRIG, ReksFN) and Defender was tested with disabled PUA protection. Those PUAs were probably used as payloads and abused by initial malware. It is not clear if AVLab tested also the initial malware, if so then they were detected and Defender might score with 100% protection in the wild.</p><p>[URL unfurl="true"]https://www.virustotal.com/gui/file/b4d343e6fe27d40e1270e3e42e6546897bfe28f89686ba2df367fcff03d770d1[/URL]</p><p>[URL unfurl="true"]https://www.virustotal.com/gui/file/2428f2d4d82bcd68303c61cd5585344a4ce13311bee819e9f9023b32f07e3cde[/URL]</p><p></p><p>I can confirm from my experience, that Defender can miss some legal adware and PUAs even when PUA protection is enabled.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 1078353, member: 32260"] I am afraid that there are no such tests for any AV. In known Real-World tests, there are some 0-day samples (but not zero-hour). The rest are 1-day or even a few days old malware. If I correctly recall, about 2/3 of samples in the wild can be 0-day malware. But when tested in the lab, the ratio can rapidly drop with any hour (many 0-day samples became dead or 1-day samples). If the test is done one time a day, the ratio can drop probably to one 0-day sample per 10 samples. That is true, but only if the banking trojan is run in the already infected environment. Such a scenario is probable in Enterprises via lateral movement. At home, the banking trojans are delivered by other malware types that are well-detected. So, the chances of banking trojan infection are very small (combined chances of initial_malware_infection * chances of banking_trojan_infection). That is more or less true for a free version (similarly to other free AVs), but I would not say that it is confirmed by MRG Effitas and AVLab. MRG Effitas (360° Protection) [B][COLOR=rgb(0, 168, 133)]does test only the business versions[/COLOR][/B]. It can confirm that [B]Defender[/B] [B]Antivirus Enterprise[/B] is an average protection layer against malware simulation on the already infected system (not good in the Banking Simulator Test) and as good as the top solutions in other banking tests (Real Botnet Test and Financial Malware Test). The overall protection against banking malware is better than Trend Micro Security and Avira Antivirus Pro. The AVLab testing procedure is somewhat flawed for Microsoft Defender, because the "Block at first sight" feature does not work properly. It is rather a custom protection level (different from the real protection) used as a reference for other tested AVs. Anyway, the results of the last test in January 2024 (2 missed samples) would be probably the same as with a fully functional "Block at first sight. The missed samples are legal PUAs (XMRIG, ReksFN) and Defender was tested with disabled PUA protection. Those PUAs were probably used as payloads and abused by initial malware. It is not clear if AVLab tested also the initial malware, if so then they were detected and Defender might score with 100% protection in the wild. [URL unfurl="true"]https://www.virustotal.com/gui/file/b4d343e6fe27d40e1270e3e42e6546897bfe28f89686ba2df367fcff03d770d1[/URL] [URL unfurl="true"]https://www.virustotal.com/gui/file/2428f2d4d82bcd68303c61cd5585344a4ce13311bee819e9f9023b32f07e3cde[/URL] I can confirm from my experience, that Defender can miss some legal adware and PUAs even when PUA protection is enabled. [/QUOTE]
Insert quotes…
Verification
Post reply
Top