- Feb 25, 2017
- 2,585
- Content source
- https://www.youtube.com/watch?v=ZbYx8V2RTjc
Windows Defender vs Ransomware in 2021
- Thread starter Kongo
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Oct 2, 2020
- 451
TheBlueCreeper512
Level 2
- May 14, 2020
- 62
- Mar 28, 2019
- 569
At least, turning off the internet connection is more realistic than disabling certain modules.
But you can't trust Microsoft Defender with default settings, especially to have ransomware protection you got to turn on the Protection folder, as it is a complete lock down. A home basic user would never know how to use this.
But you can't trust Microsoft Defender with default settings, especially to have ransomware protection you got to turn on the Protection folder, as it is a complete lock down. A home basic user would never know how to use this.
- Feb 25, 2017
- 2,585
The first thing I thought after watching it
- Apr 19, 2017
- 249
- Apr 24, 2016
- 7,259
Turning off the internet connection lowers the protection of most AV's, because they need their cloud fot optimal protection.
I have not watched the video yet, but it looks like another fail in testing Microsoft Defender from The PC Security Channel...
I have not watched the video yet, but it looks like another fail in testing Microsoft Defender from The PC Security Channel...
- Feb 25, 2017
- 2,585
This time I have to defend him. There is actually a chance that you lose connection due to an infection or another issue. He wanted to show how strong the protection is, when no internet connection is available.
- Jul 5, 2019
- 605
Rather ironic that this PC Security Channel guy in this video promotes Malwarebytes.
- Apr 24, 2016
- 7,259
There was an interesting test performed by AV Comparatives about offline protection vs online protection and Microsoft Defender and others did not do well offline:
Malware Protection Test September 2020
The Malware Protection Test September 2020 assesses program’s ability to protect a system against malicious files before, during or after execution.
www.av-comparatives.org
AV-Comparatives - Consumer Malware Protection Test September 2020
We released our Consumer Malware Protection Test. Any samples that have not been detected e.g. on-access are executed on the test system. A false alarm test is also included. While in the Real-World Protection Test the vector is the web, in the Malware Protection Test the vectors can be e.g...
malwaretips.com
- May 26, 2014
- 1,339
Yeah, but with the connection in place the infection that could cause a lose connection would be stopped in first place
Without a internet connection Microsoft Defender doesnt have access to many more agressive techniques compared to just local machine learning and signatures.
- Feb 25, 2017
- 2,585
Most likely... We all know that even the best AV misses some malware. I get your point after all and just think same as @fabiobr that it's more realistic than turning off protection modules for fun.
Last edited:
- Feb 25, 2017
- 2,585
But that's just the offline detection rate, not the offline protection rate. It's quite obvious that new 0-Day samples are not detected for the most part, as the signatures are updated every couple of hours. It would be interesting to see the offline protection rate too...There was an interesting test performed by AV Comparatives about offline protection vs online protection and Microsoft Defender and others did not do well offline:
View attachment 253948
Malware Protection Test September 2020
The Malware Protection Test September 2020 assesses program’s ability to protect a system against malicious files before, during or after execution.AV-Comparatives - Consumer Malware Protection Test September 2020
We released our Consumer Malware Protection Test. Any samples that have not been detected e.g. on-access are executed on the test system. A false alarm test is also included. While in the Real-World Protection Test the vector is the web, in the Malware Protection Test the vectors can be e.g...
- Apr 24, 2016
- 7,259
I agree, but this is the only thing I could find on offline vs online unfortunately.
From the test:
Last edited:
- Apr 24, 2016
- 7,259
After watching the video I'm impressed by Controlled Folder Access.
Everything protected by that feature was safe from ransomware
I am not a Defender's defender (or any other AV), but facts are facts. Without internet connection many products won't do well, not just Defender. Only Bitdefender and BD-based products offer same protection online and offline, but these products receive updates every hour, so if you disconnect just for few hours, you are already out of date.
Everyone else makes use of the cloud... some vendors more than others. Panda and Trend Micro are the top-2 most cloud-oriented. In my experience this is absolutely fine and doesn't cause issues.
People who believe they are at risk of being infected due to no connection (for example you travel a lot and use flash drives) should have a look at G Data that packs Bitdefender + proprietary engines.
Everyone else makes use of the cloud... some vendors more than others. Panda and Trend Micro are the top-2 most cloud-oriented. In my experience this is absolutely fine and doesn't cause issues.
People who believe they are at risk of being infected due to no connection (for example you travel a lot and use flash drives) should have a look at G Data that packs Bitdefender + proprietary engines.
- Apr 28, 2017
- 326
I feel like these test are geared more towards a enterprise environment which Microsoft has a specific product for which is not a normal home users Windows Defender. I mean how many of you guys are clicking executables out of a shared drive on your home network? If you are, you probably shouldn't be using Windows Defender.
I think it's relevant how malware gets on your computer in these test, and he uses a very unusual path most home users would never encounter. Part of a home users security now days is how good browsers are at preventing you from downloading .exe files that are not known to be safe.
But with that being said the video does prove there is still a gap in the capabilities of Windows Defender and 3rd party anti-viruses.
I think it's relevant how malware gets on your computer in these test, and he uses a very unusual path most home users would never encounter. Part of a home users security now days is how good browsers are at preventing you from downloading .exe files that are not known to be safe.
But with that being said the video does prove there is still a gap in the capabilities of Windows Defender and 3rd party anti-viruses.
Last edited:
- Mar 16, 2019
- 3,862
The main thing that I disliked about Windows Defender in this test is, these are all known, popular ransomware. Literally every AV have database about these. So in my opinion every AV should have local signatures for these samples and shouldn't rely on cloud unless the AV is/marketed as 100% cloud based product. This is the thing that disappoint me the most about Windows Defender. It's way too reliant on cloud even for older, known ransomware as you can see in this test. I really can't defend Defender here.
It doesn't use many of those aggressive techniques either if the file has no MOTW tag. So maybe this is how much the metadata based ML models added to the protection. Anyway, I think this is an accurate test of real-world protection because most of files downloaded from the web comes in an archive.
I wait for the testing of Avast. Unlike Windows Defender it uploads every unknown/suspicious executable to the cloud, so I somewhat expect %100 detection rate.
- Dec 23, 2020
- 124
They should make it so offline mode is default-deny unless trusted cert vendor or something, and allow user to override (but recommend not to).
Similar threads
