App Review Windows Defender vs Ransomware

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
ErzCrz

ErzCrz

Level 22
Verified
Top Poster
Well-known
Aug 19, 2019
1,171
BoraMurdar said:
Can someone enlighten me what is he trying to emulate with dozens of executables being executed 1by1 ? He is doing this for a quite some time.
Which real world scenario is he trying to show with this?
Click to expand...

He uses the program to automate the process of running hundreds of malware one by one. Unfortunately, this is malware that's already on the system or moved on there when the protection is disabled. A proper test would be to download and run each for a more accurate result. Anyway, it's just so he can run one after another without having to click anything and see if the security product catches and removes it as far as I can make out.
 
  • Like
Reactions: roger_m, KonradPL, Outpost and 7 others
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
Protomartyr said:
He mentions that he didn't add the locations to the protected folders list.
In a test to see how effective Windows Defender is against ransomware, he doesn't enable the ransomware features... :rolleyes:
Click to expand...
To be fair Protected Folder Access needs some UI work. It can be a bit cumbersome. He is all about set and forget. Whenever I’ve used Protected Folders it is a long stretch of adding exceptions to the list before the machine works the way I want.
 
  • Like
Reactions: codswollip, roger_m, KonradPL and 5 others
BoraMurdar

BoraMurdar

Super Moderator
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
ErzCrz said:
He uses the program to automate the process of running hundreds of malware one by one. Unfortunately, this is malware that's already on the system or moved on there when the protection is disabled. A proper test would be to download and run each for a more accurate result. Anyway, it's just so he can run one after another without having to click anything and see if the security product catches and removes it as far as I can make out.
Click to expand...
I can see what he is doing. But don't see the point of executing hundreds of malware almost at the same time. You know how hard it is to remotely, without user interaction, execute only one file on victim's up-to-date system?
Where is SmartScreen, where is UAC?

How can possibly any AV handle so much executables 1by1 in the matter of seconds without being starting to throttle?

So many questions,but only one reasonable answer, why should I care?
It's Leo
 
  • Like
  • +Reputation
Reactions: fabiobr, SunMan09, Moonhorse and 13 others
oldschool

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,613
BoraMurdar said:
Where is SmartScreen, where is UAC?
Click to expand...

He doesn't use these features, of course. All of his vids using the auto-launch feature show WD and to whole OS just grinding to a halt. He likes to fire his automatic weapon (auto-launching samples) to really impress. Then he throws up his hands, saying "I couldn't even finish the test". Anyone here impressed? :LOL::LOL::LOL:
 
  • Like
  • HaHa
  • Wow
Reactions: mellowtones242, [correlate], Moonhorse and 12 others
Dex4Sure

Dex4Sure

Level 3
Verified
Well-known
May 14, 2019
116
He is always finding a sample that can bypass WD and shows it off to make WD look worse than it really is. Its the trend of his videos... Of course, he did not use controlled folders access because he probably couldn't find a sample that can bypass it.
 
  • Like
  • HaHa
Reactions: fabiobr, [correlate], RKRN3 and 3 others
Dex4Sure

Dex4Sure

Level 3
Verified
Well-known
May 14, 2019
116
oldschool said:
I believe @ErzCrz is correct.

This guy totally misunderstands how WD works, or he's intentionally misleading viewers. He wants the vid to be hip, slick and very cool to generate the clicks!
Click to expand...

Its intentional. I mentioned to him about this probably 2 years ago, whenever controlled folder access came out for Windows 10. He was just bitching about the fact you can't turn off real time protection separately to test controlled folder access without signatures blocking the ransomware. I think he knows very well that controlled folder access is very potent against ransomware and does not use it because it would make WD look really solid overall.
 
  • Like
  • +Reputation
Reactions: [correlate], roger_m, oldschool and 3 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,512
Dear Leo,
Thanks for proving that there exists an AV which cannot detect/block 100% of malware. Most people in the world wrongly thought (for a long time) that all AVs could detect/block 100% of malware. You destroyed this myth with one beautiful video clip. :)(y)
Sincerely yours:
Andy

Edit
My joke is only partially justified:
https://malwaretips.com/threads/windows-defender-vs-ransomware.98128/post-856932
 
Last edited:
  • Like
  • HaHa
  • +Reputation
Reactions: mellowtones242, cotton, [correlate] and 10 others
F

ForgottenSeer 823865

Dex4Sure said:
Turn on controlled folder access and try again... But knowing TPSC he won't do it because WD would actually pass the test then. And then he would have hard time to bash WD.
Click to expand...
Protomartyr said:
He mentions that he didn't add the locations to the protected folders list.
In a test to see how effective Windows Defender is against ransomware, he doesn't enable the ransomware features... :rolleyes:
Click to expand...
This is a test with default settings of Windows, what you expect? Special treatment because it is WD? nope.
And even if enabled, Controller Folders needs tweaking from the users , which may not be possible because lacks of skills.
So the test is valid. not saying the test is about WD (the AV), not Controlled Folders.

blackice said:
To be fair Protected Folder Access needs some UI work. It can be a bit cumbersome. He is all about set and forget. Whenever I’ve used Protected Folders it is a long stretch of adding exceptions to the list before the machine works the way I want.
Click to expand...
Like most Win10 feature, horrible user-friendliness.
 
  • Like
Reactions: South Park, plat, [correlate] and 7 others
[correlate]

[correlate]

Level 18
Thread author
Verified
Top Poster
Well-known
May 4, 2019
825
Frustrated with the protection provided by Windows Defender
It is free. You can add additional protection, Zemana Anti Malware, Hitman Pro or Malware Bytes, so that is a good protection.
 
  • Like
Reactions: Protomartyr and roger_m
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,512
@Lokki,
The video is OK, but could you ask yourself what information about the "tested" AV you got from watching it?
We already know without any test that :
  1. For any AV there exists undetected malware.
  2. If the AV has the anti-ransomware feature, then it is obvious that the ransomware detection will be even worse (see point 1) without this feature.
  3. Testing one AV on one pule of samples can be hardly compared with testing the second AV on the second (different) pule of samples. It would be possible and reliable only on the tenth of thousands of malware samples.
  4. You can perform tests on a smaller number of samples, but then the AVs must be tested on the same samples at the same time. If you will do it, then you will get something like that:
    malwaretips.com

    SE Labs Home Anti-Malware Protection - January - March 2019

    "Windows Defender Browser Protection" extension has to be installed It's strange that a search for it in Chrome web store does not find it. And only 600,000 users, too. But in any case, this is the link: Windows Defender Browser Protection
    malwaretips.com malwaretips.com
    Because of the very small scoring differences, several thousands of samples have to be tested to avoid statistical errors.
So, such tests cannot say much about the AV protection, except when the result is very poor (for example below 80%), but this will depend on how many true 0-day samples are in the pule of all tested samples. If most samples are 0-day, then 80% protection can be very good.
Furthermore, if a million YouTube testers will "test" the best AV, then after some time one of them can get a poor result for it.
While testing, one should bear in mind that the pule of the tested samples is an eagle in the haystack of all samples living in the wild, so one test usually means nothing. Only several tests with consistent results can mean something.

Edit.
It seems that the purpose of this video was demonstrating the difference between WD detection with the Internet connection as compared to WD detection without Internet connection. See also:
malwaretips.com

App Review - Windows Defender vs Ransomware

I noticed an improvement in understanding this problem among MT members as compared to the posts from a few years. :)(y) Thanks to me who put reason in their head with my sledgehammer brutal tongue :p
malwaretips.com malwaretips.com
 
Last edited:
  • Like
  • +Reputation
  • Thanks
Reactions: Protomartyr, blackice, mkoundo and 5 others
F

ForgottenSeer 823865

verifieda said:
This person/ Channel (PC Security Channel) does not knows how to run AV test. Most of his test are not valid at all.
Click to expand...
It can be easily seen from his videos that Leo is like a regular user who likes to play with AV. According to me even if one malware researcher will ask him as to why a particular file is malicious and that to without executing the file, he will almost leave that place.
Click to expand...
again you talk without knowing the full picture.
Leo works for a security vendor, as malware analyst/researcher.
His youtube channel is just a hobby for him.

Any security professional knows than malware disinfection must be left to professionals; Malware removal specialists take intensive course for it.
Only noobs believe in disinfection tools, they don't know #####, and it is why vendors make money on their back since ages; then they whine when their files got corrupted...typical...
when you are infected, unless a professional take over, you are good to reformat your system (or restore a backup, if the infection isn't too severe)..
 
Last edited by a moderator:
  • Like
  • Thanks
Reactions: RKRN3, SunMan09, KonradPL and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,512
Lokki said:
...
There is nothing wrong with Leo's tests.
Click to expand...
If one will accept that they cannot evaluate the AV protection to compare it with other AVs. Such a "test" can be only a kind of demonstration of how the concrete AV works. Testing the AVs must include the proper statistical reasoning which is absent in YouTube "tests". Even when you will analyze all of Leo's "tests", you will not probably get reliable results because it would be very hard to use any statistics for it. Such "tests" can be a hobby, but cannot be taken into account for evaluating the protection of AVs. You can only demonstrate the features used by AVs (which is useful of course).

Lokki said:
The problem are people who just don't like the results and get all uppity upset.
Click to expand...
The problem is more general. Ther is no reason to be excited by any concrete YouTube AV protection test with any result (except very poor). Some YouTube tests could be useful for AV vendors to find out the protection bugs in their software. But this is mostly done by performing professional Lab tests.
 
Last edited:
  • Like
  • Applause
  • Thanks
Reactions: KonradPL, Protomartyr, upnorth and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,512
Lokki said:
...
But the general membership that is inclined to react with emotion are incapable of grasping this simple concept. It doesn't matter how many times they are told, they will get all uppity upset.
Click to expand...
I noticed an improvement in understanding this problem among MT members as compared to the posts from a few years. :)(y)
 
  • Like
Reactions: mlnevese, KonradPL, mkoundo and 1 other person

Similar threads

L
    • Like
App Review Windows Defender Controlled Folders bypassed by ransomware
Replies
1
Views
365
Video Reviews - Security and Privacy
oldschool
oldschool
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Microsoft Defender Antivirus + Windows 11 Smart App Control (SAC)
Replies
44
Views
3,313
Video Reviews - Security and Privacy
tofargone
tofargone
NB InfoTech
    • Like
App Review Want to try? | Comodo Antivirus Test & Review | Comodo Internet Security vs Ransomware | 2024
Replies
4
Views
406
Video Reviews - Security and Privacy
bazang
bazang

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top