App Review Windows Defender 2018 Review

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.

Aerdian

Level 3
Thread author
Verified
Well-known
Jun 3, 2018
119
Hi

you should say how old the samples are and optionally show them before detection. :)

Thanks for the suggestion :) I'll definitely add that to future videos. I have 2 other videos that I have finished editing and will post those in the following days, but for my future tests, I will do that. Thanks!

You must run the unrecognized samples, otherwise the test is not accurate. Otherwise I can agree with the suggestions above by @Yellowing .

Thanks :) I will add that to future videos! I have already made two more, so those will not include any of the suggestions, but I will include those for later videos. I appreciate the feedback.

I have already stressed the importance of verifying samples and testing dynamic as well as static to show the products true abilities.

Thanks :) I will add in sample verifications and dynamic tests to future videos. I appreciate your feedback!
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,456
I like it and one can now hear your voice perfect and clear. (y)

Sure you could verify every single sample etc but then it's also a risk you ending up with a video that gets boring and way too long, especially if you have alot of samples. Minimize the amount of samples and then do it like @illumination suggest. Ask if your not sure. Try to use as fresh samples as possible.

Don't make the whole thing too complicated even if I know some people want exactly that but they can go and do review videos themself as I know this takes alot of time, energy and effort. You also do something many others don't. You include alot of high video quality settings and thats rare as many IMO don't understand how important that is. It's after all a video and not a podcast.
 
Last edited:

slash/

Level 6
Verified
Jun 24, 2018
277
This review was quite confusing, so I'll ask my questions for clarity.

1. Why is there a Comodo process running when you're testing WD?

2. It detected "83%" of what threats? How many threats? How old were the threats? Were there any notable mainstream malware or ransomware? Were they taken from anywhere where credit is due, or did you hunt for the malware yourself?

3. As @illumination already mentioned, dynamic testing needs to be demonstrated. How does WD react to the malware actually being run on the machine? Are they being detected right away? Are they dropping any files or processes, or establishing any connections?
 

Weebarra

Level 17
Verified
Top Poster
Well-known
Apr 5, 2017
836
I like the shorter videos @Aerdian mainly because i don't understand most of it (oh, the shame) and if they are long, i just get pi-ssed off and don't bother watching to the end so then i have no chance of learning anything but i do have a short attention span so that would account for it :emoji_flushed: I appreciate all the reviews that people here at MT take the time to do because it must be quite a lot of work what with the testing and then the editing so very well done to you.
 
I

illumination

I like the shorter videos @Aerdian mainly because i don't understand most of it (oh, the shame) and if they are long, i just get pi-ssed off and don't bother watching to the end so then i have no chance of learning anything but i do have a short attention span so that would account for it :emoji_flushed: I appreciate all the reviews that people here at MT take the time to do because it must be quite a lot of work what with the testing and then the editing so very well done to you.
There are so many variables involved with testing that there literally is no such thing as a perfect methodology utilized yet that i am aware of anyway. But a basic minimum guideline needs to be established to even remotely begin to show the products abilities, which is the point of the test and video. So while simplified, it produces results that are not accurate thus misleading.

A good portion of testers realize their audiences may not be able to follow along and place end results at either the end of the test, an over view to sum up the test.
 

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
Yeah, your voice is perfect and clear makes it very pleasant to watch, editing and video quality is good too

But about the review, it really told nothing about windows defender. People who are looking for antivirus alternate want to have more detailed review than this

Anyway, keep going(y)
 

Weebarra

Level 17
Verified
Top Poster
Well-known
Apr 5, 2017
836
@Weebarra is it really a problem for you if they are 5min. long?

No, but i have seen some that last like 20 mins (sometimes longer) and by that time i have lost interest. As stated, i don't understand a lot of what the testing actually is but i have more chance of watching a shorter video.


I do understand where a lot of you guys are coming from and i'm sure that @Aerdian appreciates your input as he has asked for your opinions on how to make them better, which i am sure he will take on board for his upcoming reviews .
 

Aerdian

Level 3
Thread author
Verified
Well-known
Jun 3, 2018
119
I like it and one can now hear your voice perfect and clear. (y)

Sure you could verify every single sample etc but then it's also a risk you ending up with a video that gets boring and way too long, especially if you have alot of samples. Minimize the amount of samples and then do it like @illumination suggest. Ask if your not sure. Try to use as fresh samples as possible.

Don't make the whole thing too complicated even if I know some people want exactly that but they can go and do review videos themself as I know this takes alot of time, energy and effort. You also do something many others don't. You include alot of high video quality settings and thats rare as many IMO don't understand how important that is. It's after all a video and not a podcast.

Thanks for the suggestions, comments, and recommendations :) In future videos, I will try to add more tests, like sample verification, etc. but still keep it short(ish).

I very much like reviews @Aerdain and look forward to yours in the future.

Thanks! I'm glad you enjoy :) I will try to make future videos better.

This review was quite confusing, so I'll ask my questions for clarity.

1. Why is there a Comodo process running when you're testing WD?

2. It detected "83%" of what threats? How many threats? How old were the threats? Were there any notable mainstream malware or ransomware? Were they taken from anywhere where credit is due, or did you hunt for the malware yourself?

3. As @illumination already mentioned, dynamic testing needs to be demonstrated. How does WD react to the malware actually being run on the machine? Are they being detected right away? Are they dropping any files or processes, or establishing any connections?

I do understand the confusion. I will try to clarify these things in future videos. So to answer your questions:

1.) I use Comodo Firewall in my testing VM.
2.) The first threat detection percentage is of the file threats, then the second is of the web threats. For the file threats, I try to use samples that are less than 3 days old, preferably less than 1. I did not use any mainstream malware, but I could definitely add that into future tests and I hunted around for the malware myself.
3.) In future videos, I will add dynamic testing :)

Thanks for your questions! The more questions and comments I receive, the more I learn about what I should and shouldn't do in future videos.

I like the shorter videos @Aerdian mainly because i don't understand most of it (oh, the shame) and if they are long, i just get pi-ssed off and don't bother watching to the end so then i have no chance of learning anything but i do have a short attention span so that would account for it :emoji_flushed: I appreciate all the reviews that people here at MT take the time to do because it must be quite a lot of work what with the testing and then the editing so very well done to you.

Thanks :) I'm glad you enjoyed. It actually takes longer to edit the shorter videos than it would to do longer videos. In full content, I always have well over an hour recorded total and then I shrink it down to the shorter video, which I do a voice-over for.

Yeah, your voice is perfect and clear makes it very pleasant to watch, editing and video quality is good too

But about the review, it really told nothing about windows defender. People who are looking for antivirus alternate want to have more detailed review than this

Anyway, keep going(y)

Thanks :) This is a similar suggestion to what others have mentioned. I will do my best to keep it decently short but have much more information in the future.

No, but i have seen some that last like 20 mins (sometimes longer) and by that time i have lost interest. As stated, i don't understand a lot of what the testing actually is but i have more chance of watching a shorter video.


I do understand where a lot of you guys are coming from and i'm sure that @Aerdian appreciates your input as he has asked for your opinions on how to make them better, which i am sure he will take on board for his upcoming reviews .

I do very much appreciate all the input I have been receiving, including yours :) Most people seem to be more interested in longer videos, but you seem to be enjoying the shorter content. That is actually the main reason why I actually started testing. I felt that most tests were just far too long. People who want to change their AV need to watch lots of reviews to decide. If they are all 20+ minutes long, they will be spending at least a few days choosing their new program, assuming they take a look at most of the choices.

yea, I guess it is pretty hard to make a video very informative and short at the same time. :)

I am trying to get the best of both worlds, which means I'll probably start making them a bit longer :)
 

Aerdian

Level 3
Thread author
Verified
Well-known
Jun 3, 2018
119
There are so many variables involved with testing that there literally is no such thing as a perfect methodology utilized yet that i am aware of anyway. But a basic minimum guideline needs to be established to even remotely begin to show the products abilities, which is the point of the test and video. So while simplified, it produces results that are not accurate thus misleading.

A good portion of testers realize their audiences may not be able to follow along and place end results at either the end of the test, an over view to sum up the test.

Thanks for the suggestions! I will try to add more tests in the future to make sure my videos are more accurate, but still keep it simple enough to try to keep people's attention for the most part.
 
I

illumination

1.) I use Comodo Firewall in my testing VM.

Consider using Tinywall instead if you are looking for outbound control of the test bed. It will certainly interfere less then CF will with tests.

2.) The first threat detection percentage is of the file threats, then the second is of the web threats. For the file threats, I try to use samples that are less than 3 days old, preferably less than 1. I did not use any mainstream malware, but I could definitely add that into future tests and I hunted around for the malware myself.
Utilize methods to show sample verification during tests. There are many among us that know finding zero day samples is quite a task, and watch many "youtubers" claim to be using fresh samples when this is not the case.

3.) In future videos, I will add dynamic testing :)
This, is to be fair to the product and company. Static testing only, is a waste of everyone's time. If you do find something that can actually bypass all of the products modules and infect the test bed, by all means, please submit that sample to the company for analysis.
 

slash/

Level 6
Verified
Jun 24, 2018
277
1.) I use Comodo Firewall in my testing VM.

Consider using Tinywall instead if you are looking for outbound control of the test bed. It will certainly interfere less then CF will with tests.
For real-world testing and reviewing, the OS settings should be default with no tweaks, and definitely no change in firewall. It is highly unlikely that a casual user would supplement Windows Defender with Comodo Firewall or Tinywall.
 
I

illumination

For real-world testing and reviewing, the OS settings should be default with no tweaks, and definitely no change in firewall. It is highly unlikely that a casual user would supplement Windows Defender with Comodo Firewall or Tinywall.
If the user is wanting to analyze a sample without triggering it or allowing it to connect to the C&C, then outbound control is required, this may be required for sample verification as well as monitoring/recording sample procedures.

For real world testing, many factors would need to be addressed, such as how the samples are obtained and where from, the machine would need to be set up as closely to an average users machine as possible to help fool VM aware samples, exploitable applications that are generally used by all such as office suites ect need to be installed, older frame work like Net. framework 3.5 on up need to be installed for certain samples to run for testing... A plain, stripped test bed will not allow you to get an accurate picture as there are many variables of how a machine can become infected, not to mention criteria needed for many samples to run properly.
 

Aerdian

Level 3
Thread author
Verified
Well-known
Jun 3, 2018
119
For real-world testing and reviewing, the OS settings should be default with no tweaks, and definitely no change in firewall. It is highly unlikely that a casual user would supplement Windows Defender with Comodo Firewall or Tinywall.

Alright :) Thank you to both you and @illumination for letting me know. I guess it really doesn't work then to be doing my testing on a VM with a bunch of malware analysis programs :ROFLMAO:
 
  • Like
Reactions: oldschool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top