App Review Windows Defender vs Malware in 2021 (The PC Security Channel)

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.

EndangeredPootis

Level 10
Verified
Well-known
Sep 8, 2019
461
I have seen you use this line so many times, but your assumption is very wrong. Most AV enthusiastic members here know that Avira has pretty good signatures. It has always been one of their strong points for many years. So, Avira and TotalAV with a 90% detection rate while offline is not surprising at all. What you may wonder is the age of the malware tested. Maybe they were not fresh enough so Avira, Avast, BD socred 90.3%, 93.4% and 96.8% respectively in the offline test. Also, don't be surprised by TotalAVs higher number than Kaspersky either in the online protection test. AVs that use Avira signatures like TotalAV, F-Secure can also use Avira's cloud and Kaspersky doesn't push a signature update to the device as frequently as the three products mentioned above. Avira release signatures about 8 times a day, BD about 5-6 times and Avast is always downloading all types of signatures, false-positive fixes, etc through its stream updates.
So it's very easy to understand what is what.
The topic of this threat, Microsoft Defender is highly cloud-dependent and you'll probably always see it having a lower offline detection rate than a suspicious greyware AV like TotalAV as long as the latter is using Avira's signature.
So what youre saying, Avira has signatures future malware that hasnt seen the wild yet? according to the labs, they dont update their products for several days before and during the test.
 
  • Like
Reactions: Nevi

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
So what youre saying, Avira has signatures future malware that hasnt seen the wild yet? according to the labs, they dont update their products for several days before and during the test.
Malware in the malware protection test were not zero days. In the last test 10,013 samples were tested. As I said above, this sample set is not probably very fresh and a few days old. So it's possible that many AV vendors had already seen a lot of those samples. Besides, you know AVs also have heuristics that comes into play as well at detecting unknown malware.
 

EndangeredPootis

Level 10
Verified
Well-known
Sep 8, 2019
461
Malware in the malware protection test were not zero days. In the last test 10,013 samples were tested. As I said above, this sample set is not probably very fresh and a few days old. So it's possible that many AV vendors had already seen a lot of those samples. Besides, you know AVs also have heuristics that comes into play as well at detecting unknown malware.
Malware Protection Test March 2021 - AV-Comparatives Offline detection ratio 90.3%, and theres nothing to suggest it has more than Avira's cloud, I have looked all over its files, theres nothing but Avira files, SAVAPI to be exact.
 
  • Like
Reactions: Venustus and Nevi

EndangeredPootis

Level 10
Verified
Well-known
Sep 8, 2019
461
I literally just explained it above 🤦‍♂️ Read my comment again and let's end it here since we are going off-topic. If you still don't get the point then forget it.
Refresh, I edited my comment, theres nothing but Avira files, nothin else, no heurstics, etc, you can install it in a VM and take a look yourself.
 
  • Like
Reactions: peterfat11 and Nevi

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Refresh, I edited my comment, theres nothing but Avira files, nothin else, no heurstics, etc, you can install it in a VM and take a look yourself.
Continuing the discussion to the appropriate thread:
 

Minimalist

Level 9
Verified
Well-known
Oct 2, 2020
439
I like watching his tests and enjoyed this one also. Too bad that he didn't manage to perform whole test but I guess it would take him too long to complete. Still nice to compare how different AVs protect against this "mass infection" scenario.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I like watching his tests and enjoyed this one also. Too bad that he didn't manage to perform whole test but I guess it would take him too long to complete. Still nice to compare how different AVs protect against this "mass infection" scenario.
The problem is that you cannot compare anything. :(
Even Leo does not believe in the results and admits that Defender somewhat blocked the already executed ransomware. I do not know any serious testing Lab, that could consider using such a "mass infection" scenario in any test. There are also several other differences between Leo's method and reliable testing:
https://malwaretips.com/threads/win...21-the-pc-security-channel.108378/post-944765

These videos have nothing to do with the ability to compare AVs, except showing how the tested AVs can react to executed samples. Leo uses his automated method because other methods are not possible in the YouTube video. But, this cannot make a video to be a reliable comparison test.

The funny thing is that Leo never said that his tests can reliably show differences between AVs. He simply shows what is happening and makes some unclear comments that follow from his opinions (not proven by the test). Only the people who watch these videos take these presentations as reliable comparison tests.
Sometimes the results in his videos are similar to the results of AV testing Labs and this also does not make the videos even a little bit more reliable (as a comparison test).:unsure:

Post edited.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
...
To be on topic of MD, the truth is in the middle as almost always. MD isn't really that much weak looks like in this video, but on default settings (that matters the most because average users rarely tweak to improve protection of MD) it's far away from invincible... My personal tests confirms that sometimes MD even on max. protection settings ending up to be infected by one malware sample only, of course happens sometimes also for the most of paid AVs 😉
That is right. The fact that Leo's videos cannot say much about the efficiency of Defender protection cannot make the Defender better than it is. :)
The Defender with ConfigureDefender MAX settings can compete with a good Business AV with enabled ATP features. The ASR rules can cover popular attacks (also fileless). It is very good protection, but still does not cover all possible vectors of attack (especially some fileless methods and some DLL hijacking techniques).
Here is an example from the newest MRG Effitas test (Defender + ASR rules):

1622247151119.png

In this test, Defender missed some samples (more than usual, which happens sometimes randomly for most AVs). For the record, MRG Effitas tests the Business versions of AVs with enabled ATP features.
 
Last edited by a moderator:

Minimalist

Level 9
Verified
Well-known
Oct 2, 2020
439
The problem is that you cannot compare anything. :(
Even Leo does not believe in the results and admits that Defender somewhat blocked the already executed ransomware. I do not know any serious testing Lab, that could consider using such a "mass infection" scenario in any test. There are also several other differences between Leo's method and reliable testing:
https://malwaretips.com/threads/win...21-the-pc-security-channel.108378/post-944765

These videos have nothing to do with the ability to compare AVs, except showing how the tested AVs can react to executed samples. Leo uses his automated method because other methods are not possible in the YouTube video. But, this cannot make a video to be a reliable comparison test.

The funny thing is that Leo never said that his tests can reliably show differences between AVs. He simply shows what is happening and makes some unclear comments that follow from his opinions (not proven by the test). Only the people who watch these videos take these presentations as reliable comparison tests.
Sometimes the results in his videos are similar to the results of AV testing Labs and this also does not make the videos even a little bit more reliable (as a comparison test).:unsure:

Post edited.
Well if tests are performed same way I can to some extent compare how AVs react to that specific test scenario. I don't care if test is unrealistic and don't judge AV solely by this (or any other ) tests. I just like to watch his videos, that all.
 

roger_m

Level 41
Verified
Top Poster
Content Creator
Dec 4, 2014
3,014
Also, according to av-test.org, Ahnlab, an company ive never heard before, somehow always get top scores, and when looking at their site, they only have Endpoint products, are they testing business solutions vs home products? seems kinda unfair if you ask me, and upon further inspection, they seem to be just using the Bitdefender engine
AhnLab has been around for many years, and they use their own signatures. They publish products for home users, including a free version, but the non enterprise products are only listed on their Korean website. Their free antivirus installs in English. I would say that they are not as good as the big name antiviruses in terms of detection, but are not terrible either.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Well if tests are performed same way I can to some extent compare how AVs react to that specific test scenario. I don't care if test is unrealistic and don't judge AV solely by this (or any other ) tests. I just like to watch his videos, that all.
Yes, you probably can compare. But, if the results are not very different (which is true for many popular AVs) then this comparison is an illusion fed by your preferences.

There is nothing wrong with enjoying Leo's videos. There is nothing wrong with watching presentations too. The presentation is a way to show the author's opinion which does not have to be necessarily wrong.
Sharing Leo's opinions about AVs is probably wiser than sharing the opinions of most YouTubers. Many Leo's opinions about Defender are also acceptable. :)

Here is Leo's video about coins.
Leo flips two identical coins. We can see one head and one tail. Leo says: now we can see that the chances for the head are the same as for the tail.

Although the conclusion is true, it is hardly proven by such a presentation.(y)
 
Last edited:

EndangeredPootis

Level 10
Verified
Well-known
Sep 8, 2019
461
AhnLab has been around for many years, and they use their own signatures. They publish products for home users, including a free version, but the non enterprise products are only listed on their Korean website. Their free antivirus installs in English. I would say that they are not as good as the big name antiviruses in terms of detection, but are not terrible either.
So how do they consistently score better than most of the major companies?
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
So how do they consistently score better than most of the major companies?
it does not.
 
Last edited:

EndangeredPootis

Level 10
Verified
Well-known
Sep 8, 2019
461
it does not.
Huh thats strange, I remember it always out performing every AV consistently.

Edit: it did for several months.
 
  • Like
Reactions: Kongo

EndangeredPootis

Level 10
Verified
Well-known
Sep 8, 2019
461
That is why several months are not sufficient (and memory too). :)
Except how did it do that with just their "own" signatures? and several months is enough to say somethings off with their tests.

Your attitude is also the reason I got banned 3 times, I guess youre immune "somehow"
 

Behold Eck

Level 15
Verified
Top Poster
Well-known
Jun 22, 2014
717
Well if tests are performed same way I can to some extent compare how AVs react to that specific test scenario. I don't care if test is unrealistic and don't judge AV solely by this (or any other ) tests. I just like to watch his videos, that all.
Yes, I have only ever taken Leo`s tests as a heads up, not a definitive statement on whither a product be yeah or nay.

Anyway if he`s gonna set himself up as a legit testing lab and for me to take him seriously, he`ll need to start wearing a white lab coat with at least 3 pens in the top pocket.

A clip board would help as well.

Regards Eck:)
 

roger_m

Level 41
Verified
Top Poster
Content Creator
Dec 4, 2014
3,014

EndangeredPootis

Level 10
Verified
Well-known
Sep 8, 2019
461
When has it outperformed big name antiviruses? For example, in the October 2020 test it scored 6 out of 6 for protection, but so did 17 other products.
Exactly, thats my point why these "tests" just make up numbers.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top