From what I've seen, MS Defender is getting good at catching new malware, only a few hours after the identification. It may not have a strong zero-day protection but the definitions of the new variants get quickly added to WD. Good that an ever-improving cloud component (as they have been advertising lately) is used to fortify their offering. The Win Pro users have an added advantage with advanced cloud modules.
Exactly! No one knows what they're upto, but it certainly looks like they very much need to improve (or implement rather?) a strong BB mechanism over simply relying on rules of behavior (sensors as they call) and then querying their cloud db with the concerned file info. Though this method may not be very different from some other AVs, this does not appear to be very effective in its case with new samples either. How about strengthening their offline behavioral/HIPS protection?
The samples you are using in the Malware Hub are never truly "FUD" zero day. They generally have a detection already of a few engines up to 25 at Virus Total, this is still low detection rate as not all engines are detecting them, but are in the process. What I mean by this is, once one of those packs are dropped into the Hub, wait about 24 hours then test it, and compare the engines that did detect it when the pack was first dropped until then, you will see many more engines now detecting it. What's not being taken into account, was how long that sample was in the Wild before being discovered and uploaded to one of the sites your grabbing samples from.
My point exactly. None of the Raw AV's have strong zero day protection. Matter of fact none of the "RAW Av's" can detect true zero day malware by signature, as the signature will not have been created for it yet, that is why most of them now have other modules like behavior monitoring ect.
Most of the samples tested here are not FUDs, yeah. That's why I used the words "after identification".
I think maybe you should get to know the product before you place statements like this. Eset is a full suite with HIPS. It does not rely on signatures only. Matter of fact, most users in this forum would be in serious trouble should they actually activate the Advanced Portions of Eset, by placing all of it in Interactive Mode, I wonder how many of you would be able to keep up with it.
That is true in default settings. but u can change hips so that u get popup massages for unknown processes etc. Eset need some tweaks for full protection, like comodo does.
this test actually seems realistic if we compare it to our own tests.
that 37 false positives on F-Secure, DeepGuard is a tough SOB
sadly ESET has been going downhill the past few months, barely detects anything without signatures. they need to develop new modules, HIPS is not doing it.
fairly surprised about the Bitdefender and Emsisoft results tho.
well the results are not bad, Emsisoft asks you what to do and has most of the times the right choice recommended to you.
The Test results of Emsisoft have been more or less similar - missing a very few samples and some samples being user dependent. The latter can be improvised by setting the decisions to 'quarantine' or probably 'use recommended action'.
Age of samples is not taken into account here, their only focus was working samples, which because of age, as stated above, most of the exploits were already patched.
+1"Lab Results, again? Seriously, guys...
