Windows Defender gets 100% in AV-Comparatives "Real-World Protection Test" Feb. 2018

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
In case you missed it:

"We would like to point out that while some products may sometimes be able to reach 100% protection rates in a test, it does not mean that these products will always protect against all threats on the web. It just means that they were able to block 100% of the widespread malicious samples used in a test."

chart.av-comparatives.org/chart1.php?chart=chart2&year=2018&month=2&sort=0&zoom=3
 

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,712
So, guys and girls, how much porcentage should be remove from the overall score for each false positive?
 
  • Like
Reactions: vtqhtr413
5

509322

In case you missed it:

"We would like to point out that while some products may sometimes be able to reach 100% protection rates in a test, it does not mean that these products will always protect against all threats on the web. It just means that they were able to block 100% of the widespread malicious samples used in a test."

chart.av-comparatives.org/chart1.php?chart=chart2&year=2018&month=2&sort=0&zoom=3

No one bothers to read except for a choice few. All that matters are pictures. AV lab test results are like pre-school finger-paint coloring books. Pretty pictures are important - and not any kind of viewer knowledge or real understanding. But hey, that can be said of just about any consumer product... an automobile's paint color is the most important thing to a whole lot of people.

So, guys and girls, how much porcentage should be remove from the overall score for each false positive?

None, but the vendors who have 0 FP versus F-Secure that always has a ton of FP I'm sure feel cheated in the ratings. Plus, users think any FP is the end of the world and the AV should be down-rated.
 
F

ForgottenSeer 58943

"We would like to point out that while some products may sometimes be able to reach 100% protection rates in a test, it does not mean that these products will always protect against all threats on the web.

Shhhh, don't burst peoples bubbles! The reality is 100% in these fake tests results in more likely results of 'in the real world' of around 50%-75% protection, at best. I mean really, if it was 100%, I wouldn't have a team that spends 8 hours a day removing malware using these exact products, right? People need to read the fine print. Also, Microsoft cheerleaders will be disappointed within 6 months from now. That's all I am saying about that.
 

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
Windows Defender is doing great at tests AND in real world usage; it is great to have this kind of protection for free and without any hassle.

Is it perfect? Far from it, but is it good enough? Sure it is.

Some folks like to say that Windows Defender is just a pure signature AV without behavior blocker or zero day protection, it couldnt be more far from the truth.

Antivirus evolved
https://download.microsoft.com/down...ion_with_Windows_10_Creators_Update_EN_US.pdf


Microsoft just need to works on WD system impact and the industry will feel the heat.
 

Dave Russo

Level 21
Verified
Top Poster
Well-known
May 26, 2014
1,042
There does seam to be a {scare?} among a lot of security programs,price on e-bay for Kaspersky and Eset all time lows ,anyone think this is a response to Windows Defender doing way better?
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Shhhh, don't burst peoples bubbles! The reality is 100% in these fake tests results in more likely results of 'in the real world' of around 50%-75% protection, at best. I mean really, if it was 100%, I wouldn't have a team that spends 8 hours a day removing malware using these exact products, right? People need to read the fine print. Also, Microsoft cheerleaders will be disappointed within 6 months from now. That's all I am saying about that.
Your experience with infected computers does not contradict the results of the real-world tests. The first happens mostly when people are infecting themselves by using cracks, pirated software, visiting shady websites, opening spam attachments when ignoring security alerts or turning off the protection. The second is the opposite. It follows from Internet browsing while respecting the anti-phishing alerts and not turning off the protection.
The 50% detection is something that one could expect when testing the true 0-day malware, that was not detected already by any AV. That is not the real world scenario, because the user can hardly have the contact with such malware. Usually, the malware samples are a few days old and already have the fingerprints in the AV cloud. That is why most AV's can give similar results in AV-C lab real-world tests.
 
Last edited:

Electr0n

Level 4
Verified
Well-known
Feb 19, 2018
182
So, guys and girls, how much porcentage should be remove from the overall score for each false positive?
I have never seen or heard of windows defender generating false positives. It may not detect everything, but it is also one of the few AVs least likely to trash your system by detecting some legit program.
 
5

509322

I have never seen or heard of windows defender generating false positives. It may not detect everything, but it is also one of the few AVs least likely to trash your system by detecting some legit program.

Windows Defender does generate false positives. It is a small number, but it does generate false positives. I'll admit that when it happens it is very annoying - because creating an allow exception in Windows Defender is a pain because of the Windows Defender Security Center GUI design and bugs.

Anyone that believes that Windows Defender can provide the same security as 3rd-party security software is naive. What is really protecting people in the vast majority of cases on a default Windows protected system is probability and that the system isn't being exposed to much risk.
 
Last edited by a moderator:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
The number of false positives for Windows Defender can be above the average when including SmartScreen Application Reputation detection (on the run). In the first Windows 10 compilations, the SmartScreen was not integrated with Windows Defender and was not included in the test results (no false positives). In the newer compilations, it is a part of Windows Defender and its detection has a very positive impact on the test results, but the number of false positives is also greater. Personally, I like this solution. Anyway, from the test chart is evident that 70% Avs has the lower false positives rate and only one (F-Secure) has the greater rate than Windows Defender.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
There is a long debate if Windows Defender can be as good as 3rd-party security software. If one looks at the AV test results for Defender on Windows 10 FCU, the answer is yes, except maybe some top AVs. Defenter adopted similar techniques as other AVs: block at first sight, local AI, AI in the cloud, detonating suspicious samples in the cloud sandbox, etc., and developed the best file reputation cloud on the market (SmartScreen Application Reputation). So, there is no reason to be worse than most AVs.
The top Avs developed some unique features that give them an advantage over Defender. So, additional security is required for the higher security like: SRP, Anti-exe, Sandboxing, Windows policies.
I can fully agree with @Lockdown statement:
"What is really protecting people in the vast majority of cases on a default Windows protected system is probability and that the system isn't being exposed to much risk. "
 
5

509322

There is a long debate if Windows Defender can be as good as 3rd-party security software. If one looks at the AV test results for Defender on Windows 10 FCU, the answer is yes, except maybe some top AVs. Defenter adopted similar techniques as other AVs: block at first sight, local AI, AI in the cloud, detonating suspicious samples in the cloud sandbox, etc., and developed the best file reputation cloud on the market (SmartScreen Application Reputation). So, there is no reason to be worse than most AVs.
The top Avs developed some unique features that give them an advantage over Defender. So, additional security is required for the higher security like: SRP, Anti-exe, Sandboxing, Windows policies.
I can fully agree with @Lockdown statement:
"What is really protecting people in the vast majority of cases on a default Windows protected system is probability and that the system isn't being exposed to much risk. "

The "new" Windows Defender against new malware is about 60 - 70 % or thereabouts effective. Right where it has always been historically.

A person can just be a really safe user and the fanboys then say Windows Defender is the new Golden Child. It ain't. And it never will be no matter how much Watson Artificial Intelligence Microsoft puts into it.

Like someone stated in another place, Microsoft uses Windows 10 Home as an intelligence gathering platform for their Windows Defender ATP network - which is an add-on subscription-only service for their volume license susbscribers. All the Windows 10 Home users just don't realize that all that telemetry is being used not for their benefit but Microsoft's profit. Home users are chumps. They've been duped. Microsoft gives them the short end of the stick. And Microsoft makes a ton of money off of them.
 
Last edited by a moderator:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
The "new" Windows Defender against new malware is about 60 - 70 % or thereabouts effective. Right where it has always been historically.
...
If the samples are checked by the SmartScreen (they probably did not) the result will be close to 100%. SmartScreen Application Reputation has some limitations, for example, only BAT, CMD, JSE, VBE scripts can be checked and most malware scripts are VBS, JS, PS1. Also, executables downloaded by macros in Office documents are ignored by SmartScreen. There is also a problem with measuring properly the postinfection protection in the tests. So if one uses the above, without additional protection, Defender will score only an average (or below) detection rate.
But, the home users on Windows 10 can simply block Windows Script Host and set Constrained Language mode for PowerShell (2 simple reg tweaks) to get a decent protection against most new malware samples in the wild.
 

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
The "new" Windows Defender against new malware is about 60 - 70 % or thereabouts effective. Right where it has always been historically.

A person can just be a really safe user and the fanboys then say Windows Defender is the new Golden Child. It ain't. And it never will be no matter how much Watson Artificial Intelligence Microsoft puts into it.

Like someone stated in another place, Microsoft uses Windows 10 Home as an intelligence gathering platform for their Windows Defender ATP network. All the Windows 10 Home users just don't realize that all that telemetry is being used not for their benefit but Microsoft's profit. Home users are chumps. They've been duped. Microsoft gives them the short end of the stick. And Microsoft makes a ton of money off of them.

Can you prove that or is just your opinion? If you can actually prove that, how other antivirus solutions fare against it?

You talk like Windows Defender is just a pure signature antivirus and not a security platform for Windows 10 and beyond that.


About the telemetry, it is nice to know, for just a second I thought that Microsoft was doing some charity work with Windows division.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top