- Jul 27, 2015
- 5,459
Windows Defender!? I know it's an old and well used name and it's super easy accidentally type it wrong. I have no idea on what Leos excuse is, but one would imagine he if any would know the correct name of a Microsoft product.
Windows Defender vs Ransomware in 2021
- Thread starter Kongo
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Mar 16, 2019
- 3,634
Are you referring to the change of name that Microsoft did a few months ago? Windows Defender became Microsoft Defender or if you go by the exact name then, "Microsoft Defender Antivirus".
In that case almost everyone still calls it Windows Defender and most users don't even know that the name has been changed. So this name is not going away anytime soon. Using Microsoft Defender may startle & confuse many users. It's still best known as Windows Defender, so there's no harm calling it that just yet. Popular names like this sometimes never completely goes away.
So now it's Microsoft Defender aka Windows Defender.
- Jul 27, 2015
- 5,459
Few months ago? It was officially changed May 2020. Since it's February 2021 here and now, and May is merely 3 months away making that name switch very soon 1 year ago, I would personal not call it a few months ago.
I think it's absolutely wrong calling it for something it ain't anymore. Extra so if one is fully aware and know the real and correct name. It will very much risk confuse users.
If that's confusing then what about a test without internet connection on a product that not once or twice has been officially documented by the provider to use cloud-based machine learning. Added to that, a large set of malware is introduced. Is such test helpful to users, unless conducted second time with an internet connection?
In my opinion when you do something you should do it properly, otherwise don't bother.
In my opinion when you do something you should do it properly, otherwise don't bother.
- Dec 23, 2014
- 8,129
There are two conclusions after watching this video:
Another possibility is the scenario as follows:
Fresh malware or a 0-day exploit (FM) ----> FM downloads/drops the encrypted older malware (OM) ------> FM breaks the Internet connection -------> FM decrypts and runs OM
The advantage of such an attack is that initial malware can be simple and performs only a few suspicious actions. So it can be missed by an AV with an Internet connection. But, such malware samples are rare (so far).
Furthermore, malware likes Internet connection to call home. Anyway, this could be an alternative to malware polymorphism and obfuscation.
In any scenario, the test results cannot have a visible impact on the security of the home users (so far). We will see what can happen in the future.
- The test shows the well known potential weakness of cloud solutions that can be used by malware.
- The test is useless for most home users in the world because this weakness is exploited very rarely in the wild.
Another possibility is the scenario as follows:
Fresh malware or a 0-day exploit (FM) ----> FM downloads/drops the encrypted older malware (OM) ------> FM breaks the Internet connection -------> FM decrypts and runs OM
The advantage of such an attack is that initial malware can be simple and performs only a few suspicious actions. So it can be missed by an AV with an Internet connection. But, such malware samples are rare (so far).
Furthermore, malware likes Internet connection to call home. Anyway, this could be an alternative to malware polymorphism and obfuscation.
In any scenario, the test results cannot have a visible impact on the security of the home users (so far). We will see what can happen in the future.
Last edited:
Ransomware needs internet connection so it can rely on a newly-generated key. I don't think it will intentionally break the connection, specially if it exhibits infostealing capabilities as well.
- Dec 23, 2014
- 8,129
There are some Windows editions still supported by Microsoft that use Windows Defender. Microsoft could change it to Microsoft Defender by a simple update, but this did not happen. So, we should not bother about the correct name too.
I like using the WD name for the free version.
I agree that while testing antivirus on Windows 2004 or 20H2 the term Microsoft Defender should be used (although the test results for WD would be probably the same).
Last edited:
Agreed!
I'll admit I haven't watched the video yet, but I already know the result....
Not making excuses for WD but @McMcbrad has brought up a very good point. If you are going to run such a test (ie: no internet connection), then you at least need to run the exact same test again (with an internet connection) to be thorough and fair. If a product does poorly without a connection, but significantly better than with one, at least you can argue that without the cloud the product doesn't protect as well as it would with the cloud. However we already know this and AV-Comparatives does tests to highlight this fact. Its well known the WD and many others do really poorly without their cloud component, so I don't know why anyone is surprised by this result.
I am not going to stop using WD, nor should anyone stop using it because of this test. Again, not defending WD. but Leo always seems to go out of his way to always put WD in a bad light. I'm sorry, but it's getting old. Like @McMcbrad said, either do the test properly and fairly (run it once without internet, and again with internet), or don't do it at all. For me it's not that WD got a bad result, it's just that he is kind of spreading miss information by not being thorough with his tests. It gives people the wrong idea, especially when he leaves out the part on how would it do with an internet connection. This isn't just about WD, this is about any product he tests. He needs to be thorough an present all the facts, not just select ones and draw up generalizing conclusions.
- May 26, 2014
- 1,339
After all these tests that he made with Microsoft Defender at least for me it is clear that he has an agenda.
- Sep 8, 2019
- 461
I like how anytimes its Windows Defender, hes supposedly doing it right, because it does badly, but when hes testing any other AV, hes just bashed because hes doing apparently doing something wrong
this showcases how biased the cybersecurity industry truly is.
And yeah, lets keep trusting independent tests which never are shown taking place and always get extremely inconsistent results and claim PUP's that just uses the avira engine gets a 100% detection ratio of zero day malware...
(Not saying hes doing it right, I dont take any AV tests results as fact)
this showcases how biased the cybersecurity industry truly is.
And yeah, lets keep trusting independent tests which never are shown taking place and always get extremely inconsistent results and claim PUP's that just uses the avira engine gets a 100% detection ratio of zero day malware...
(Not saying hes doing it right, I dont take any AV tests results as fact)
- Dec 23, 2014
- 8,129
- Dec 23, 2014
- 8,129
Leo's mistake is thinking that the second part of the test is more interesting as compared to the first. In fact, the opposite is true. The results are true, but simply irrelevant in practice.
- Apr 24, 2016
- 6,593
In his defense if you watch the video you will see that he tests first with an internet connection and afterwards performs the same test without an internet connection.After watching the video I'm impressed by Controlled Folder Access.
Everything protected by that feature was safe from ransomware
The results from his first test were quite okay, but the second test really broke the system.
In both tests all the files protected by Controlled Folder Access were spared/not encrypted.
His conclusion was that if you rely on Microsoft Defender (at defaults) you need to enable Controlled Folder Access (not default).
So, it is great to see that Controlled Folder Access did what it is supposed to do.
- Sep 8, 2019
- 461
And how are they more irrelevant than independent tests which are never shown to take place and just claim AV's have 100% detection ratio, including PUP's which just uses the avira engine gets a 100% detection ratio of zero day malware?
- Dec 23, 2014
- 8,129
Any such single test is irrelevant too. See for example:
The best Home AV protection 2019-2020
Real-World tests include fresh web-originated samples. Malware Protection tests include older samples (several days old) usually delivered via USB drives or network drives. Real-World 2019-2020: SE Labs, AV-Comparatives, AV-Test (7659 samples in 24 tests) -------------------Missed samples...
malwaretips.com
- Mar 16, 2019
- 3,634
I disagree. Less than a year is never enough for a name like this to go away. We the forum members, geeks may know about this name change (even many geeks don't), but most average users don't. I stated other reasons too and also agree with what Andy said about it above. It's alright to use WD.
Anyway, we're talking about its protection mainly, so I'll end the name related discussion here.
- Sep 8, 2019
- 461
Yet people keep using them as sources.Any such single test is irrelevant too. See for example:
The best Home AV protection 2019-2020
Real-World tests include fresh web-originated samples. Malware Protection tests include older samples (several days old) usually delivered via USB drives or network drives. Real-World 2019-2020: SE Labs, AV-Comparatives, AV-Test (7659 samples in 24 tests) -------------------Missed samples...
- Dec 23, 2014
- 8,129
The results of many tests including several AV Labs can be statistically relevant. But, you are right - many people believe that the chart in a single test can be used to see differences between the protection of AVs. Of course, it is not true and the AV Labs make it clear in the test documentation. In the single test, the awarded AVs (in the same group) have to be treated the same way.
Last edited:
- Jul 27, 2015
- 5,459
Again, risk confusing users/members etc is something one should avoid. If the cause is not obvious and not just in this case, I think the issue lays elsewhere.There are some Windows editions still supported by Microsoft that use Windows Defender. Microsoft could change it to Microsoft Defender by a simple update, but this did not happen. So, we should not bother about the correct name too.
- Dec 23, 2014
- 8,129
Microsoft did so much to confuse users that we probably cannot make it right. Anyway, the test was done on Windows 10 20H2 with Microsoft Defender Antivirus (not with WD) so Leo should use the term MDA instead of WD (or WDA).
Similar threads
