App Review Windows 11 vs Ransomware [TPSC]

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,701
Wait a minute he tested Ransomware protection on W11 without having the Ransomware protection enabled? :LOL:
He never has it enabled in any of his "tests".
He is the biggest troll in the galaxy.
Absolutely. And I absolutely love his "machine gun" approach to executing malware. Not even close to a real-world test.

OTOH, he narrates and presents his vids in a polished manner. No doubt this is why so many viewers believe his trash! Like Leo says, 'Stay informed and stay secure." :LOL::LOL::LOL:
 

upnorth

Level 68
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
200-6.gif
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,594
I would not be so harsh for the author. The intention of this test was probably to show that Defender's protection is cloud-dependent. This is nothing new and can be seen in all AV-Comparatives Malware Protection tests.
This test has two parts:
  1. Test with Internet connection (cloud backend) = 100% protection
  2. Test without Internet connection = exact result unknown, but a few samples infected the system (probably 90% protection).
When we compare these results with AV-Comparatives Malware Protection tests without cloud backend (~70% for Defender), then the default anti-ransomware protection results in the video (~90%) are much better.

Although the short video test cannot prove anything interesting, we can conclude that it is consistent with the below supposition:
  1. Defender has got excellent anti-ransomware protection against in-the-wild samples when using cloud backend.
  2. Defender's protection without cloud backend is not so good.
  3. Defender's anti-ransomware protection without cloud backend is probably much better than for other malware types.
 
Last edited:

Brahman

Level 18
Verified
Top Poster
Well-known
Aug 22, 2013
892
Security is much less important to me than things like Ansible, Docker, Kubernetes, things that work much better on Linux. Obsessing about security is wasted emotional energy. Slap an automated security solution onto it and move on.
IMHO Then, You are wasting your time here.
 

ErzCrz

Level 23
Verified
Top Poster
Well-known
Aug 19, 2019
1,222
So, it seems a lot of AVs are relying more on cloud detection over their antivirus engine these days which is why I prefer the default deny approach like your Hard_Configurator, VoodooShield, Comodo etc. Each of these tests are informative but only a minute glimpse of the product capabilities/real-world detection as @Andy Ful has explained in other posts. Anyways, I'm still not a fan of his automated script that runs all the viruses.
 
L

Local Host

I would not be so harsh for the author. The intention of this test was probably to show that Defender's protection is cloud-dependent. This is nothing new and can be seen in all AV-Comparatives Malware Protection tests.
This test has two parts:
  1. Test with Internet connection (cloud backend) = 100% protection
  2. Test without Internet connection = exact result unknown, but a few samples infected the system (probably 90% protection).
When we compare these results with AV-Comparatives Malware Protection tests without cloud backend (~70% for Defender), then the default anti-ransomware protection results in the video (~90%) are much better.

Although the short video test cannot prove anything interesting, we can conclude that it is consistent with the below supposition:
  1. Defender has got excellent anti-ransomware protection against in-the-wild samples when using cloud backend.
  2. Defender's protection without cloud backend is not so good.
  3. Defender's anti-ransomware protection without cloud backend is probably much better than for other malware types.
Defender wouldn't provide 100% protection in this test even with Internet connection.
 
  • Like
Reactions: oldschool

RoboMan

Level 35
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,487
I consider this test to be very misleading. To start with, why even test without internet connection? Average computer is connected to the internet 24/7. Even if it wasn't, worst case scenario you'd be dealing with a ransomware executable via USB, not a hundred ransomware samples at once, without internet connection. I feel like this is a strategy to make Defender look useless, which it isn't. Also, why didn't SmartScreen pop up once?
 

Zorro

Level 9
Verified
Well-known
Jun 11, 2019
408
Because Linux is woefully insecure. Why do you think Linux admins go to great lengths hardening Linux systems? Or do you actually believe the nonsense that Linux is secure?
There are incomparably more malicious programs under Windows than under Linux, and it is much easier to run them on Windows than on Linux. And it's not a fact that a malicious program written for Linux will still work correctly, but on Windows, on the contrary, most malicious programs run and work perfectly. From this point of view, Linux is much safer. However, when it comes to browser scripting or phishing attacks, everything is the same.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,594
Defender wouldn't provide 100% protection in this test even with Internet connection.
In fact, it did.

1636367851401.png


If one listens carefully then Leo says that the first part has full access to the Internet (time 1:09).
Of course, you are right that any result in this test (and similar video tests) alone does not prove much about Defender's anti-ransomware protection.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,594
I consider this test to be very misleading. To start with, why even test without internet connection? Average computer is connected to the internet 24/7. Even if it wasn't, worst case scenario you'd be dealing with a ransomware executable via USB, not a hundred ransomware samples at once, without internet connection. I feel like this is a strategy to make Defender look useless, which it isn't. Also, why didn't SmartScreen pop up once?
If AV-Comparatives can do it why Leo should not do it?:unsure:
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,594
...Also, why didn't SmartScreen pop up once?
This was not Real-World test but Malware Protection test. In the Malware Protection test, the malware samples are not downloaded directly from the Internet. They do not have MOTW attached, similarly to files from a flash drive (FAT 32) or files unpacked from the archives. Most video tests are Malware Protection tests because the author usually download samples packed in the archive (ZIP, 7-ZIP, RAR) and uses the archiver application that does not preserve MOTW after unpacking.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top