- Feb 25, 2017
- 2,597
He has many security partners so you won't see perfect result from Defender. He is the biggest troll in the galaxy.Its a shame he didn't test CFA. Would have been nice to see if it does really work.
Wait a minute he tested Ransomware protection on W11 without having the Ransomware protection enabled?
He never has it enabled in any of his "tests".Wait a minute he tested Ransomware protection on W11 without having the Ransomware protection enabled?
Absolutely. And I absolutely love his "machine gun" approach to executing malware. Not even close to a real-world test.He is the biggest troll in the galaxy.
The question is not "How you running Microsoft Defender on Linux?", but the question is "Why are you running Microsoft Defender on Linux?"For those that are going to ask... "How you running Microsoft Defender on Linux" my reply is "Figure it out."
IMHO Then, You are wasting your time here.Security is much less important to me than things like Ansible, Docker, Kubernetes, things that work much better on Linux. Obsessing about security is wasted emotional energy. Slap an automated security solution onto it and move on.
Defender wouldn't provide 100% protection in this test even with Internet connection.I would not be so harsh for the author. The intention of this test was probably to show that Defender's protection is cloud-dependent. This is nothing new and can be seen in all AV-Comparatives Malware Protection tests.
This test has two parts:
When we compare these results with AV-Comparatives Malware Protection tests without cloud backend (~70% for Defender), then the default anti-ransomware protection results in the video (~90%) are much better.
- Test with Internet connection (cloud backend) = 100% protection
- Test without Internet connection = exact result unknown, but a few samples infected the system (probably 90% protection).
Although the short video test cannot prove anything interesting, we can conclude that it is consistent with the below supposition:
- Defender has got excellent anti-ransomware protection against in-the-wild samples when using cloud backend.
- Defender's protection without cloud backend is not so good.
- Defender's anti-ransomware protection without cloud backend is probably much better than for other malware types.
There are incomparably more malicious programs under Windows than under Linux, and it is much easier to run them on Windows than on Linux. And it's not a fact that a malicious program written for Linux will still work correctly, but on Windows, on the contrary, most malicious programs run and work perfectly. From this point of view, Linux is much safer. However, when it comes to browser scripting or phishing attacks, everything is the same.Because Linux is woefully insecure. Why do you think Linux admins go to great lengths hardening Linux systems? Or do you actually believe the nonsense that Linux is secure?
In fact, it did.Defender wouldn't provide 100% protection in this test even with Internet connection.
If AV-Comparatives can do it why Leo should not do it?I consider this test to be very misleading. To start with, why even test without internet connection? Average computer is connected to the internet 24/7. Even if it wasn't, worst case scenario you'd be dealing with a ransomware executable via USB, not a hundred ransomware samples at once, without internet connection. I feel like this is a strategy to make Defender look useless, which it isn't. Also, why didn't SmartScreen pop up once?
Hency why ALL testing should be taken with a grain of salt. There are some very misleading standards.If AV-Comparatives can do it why Leo should not do it?
Also, why didn't SmartScreen pop up once?
This was not Real-World test but Malware Protection test. In the Malware Protection test, the malware samples are not downloaded directly from the Internet. They do not have MOTW attached, similarly to files from a flash drive (FAT 32) or files unpacked from the archives. Most video tests are Malware Protection tests because the author usually download samples packed in the archive (ZIP, 7-ZIP, RAR) and uses the archiver application that does not preserve MOTW after unpacking....Also, why didn't SmartScreen pop up once?
He said that he works for Emsisoft in a previous video.He has many security partners so you won't see perfect result from Defender. He is the biggest troll in the galaxy.
Which is why he never includes it into his tests comparisons. Polluted and biased results otherwise.He said that he works for Emsisoft in a previous video.