This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
We encourage you to compare these results with others and take informed decisions on what security products to use.
Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Andy Ful

Level 48
Content Creator
The test methodology can be questionable for Windows Defender (it is probably OK for the rest).
  1. The Real Botnet test was performed on Windows 7 Ultimate, the other tests on Windows 10 Pro.
  2. In Real Botnet test, the Firefox was used for testing WD (SmartScreen for Edge was not used). For other AVs, their safe browsers were used.
  3. In-the-Wild test, Chrome was used for downloading samples (SmartScreen for Edge was not used). Anyway, in this particular test, it did not matter, because WD stopped all malware samples.
  4. In Simulator test, Chrome was used in the case of WD, so Edge capabilities (preventing malware injection to the browser) were not tested.
There were probably some reasons for other AVs to perform tests on different systems, using different browsers and skipping Edge. But, for WD this makes the difference. Edge is a kind of safe browser for using alongside WD (especially against code injections). Other AVs have their own safe browsers. Furthermore, WD on Windows 7 is inferior to WD on Windows 10 (even when they use the same engine version).

One can make Edge (with WD) even safer (only for Banking) by using Exploit Guard. See for example @Windows_Security tweaks:
Last edited:


Level 33
Content Creator

Quote : "Q1 2019 Simulator test results The table shows the results of testing using the malware simulators. Detailed description of the simulator test.

The methodology behind these attacks was simple and similar: Injecting a malicious obfuscated JavaScript code into the website’s checkout pages and listening for an event for example when the user clicks on the “pay” or “place order now” or similar button (event hijacking). When this event happens, the malicious code sends the credit card data to the attackers’ servers. In our test we simulated this attack. We implemented our obfuscated malicious JavaScript code based on the Newegg and British Airways cases and injecting it into a test webstore which was built by us. The code behavior and the obfuscation technique are exactly same as in the real-world examples: when the user fills out the credit card (cc) data and press the “place order now” button the cc data is sent to our servers."

All 9 vendors/companies Failed this test. I do wonder where F-Secure was. :unsure: