Thanks to me who put reason in their head with my sledgehammer brutal tongueI noticed an improvement in understanding this problem among MT members as compared to the posts from a few years.
Windows Defender vs Ransomware
- Thread starter [correlate]
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Dec 23, 2014
- 8,512
It would be necessary to see such statistics if you have seen one. But, this could be possible for users who replaced some Windows built-in security by 3rd party software, without covering the security holes caused by it - for example when replacing Edge (SmartScreen, web browser Exploit protection, integration with BAFS) by 3rd party web browser without proper extensions. Anyway, there is evidence that WD signatures are not so fast as for example the Kaspersky signatures.
...
It cannot be the top one, especially without Edge + ASR rules + Anti-ransomware protection.
- Aug 30, 2012
- 6,598
It depends on which level of security awareness the viewer is at. And I can tell you a lot of stuff wrong in his tests if he is so professional like you say, and a lot of people dislike his videos not because of the results, but for the lack of objectiveness, the main thing you need to have when you call yourself a tester.
It's enough that he is a Youtube tester.
- Dec 23, 2014
- 8,512
There is nothing wrong with testing WD in isolation when it is clearly stated that other protective Windows features are not included, so the protection will be diminished. In fact, WD protection includes all features in the Security Center (WD antivirus, Edge, WD anti-ransomware protection, WD Exploit Guard). WD antivirus is integrated and suited to work with all these features.
Microsoft cannot get its stuff together, because WD is the only one AV natively installed with Windows installation. For example, the WD Browser Protection extension cannot be automatically added to Google Chrome (probably due to antimonopoly restrictions).
Furthermore, Edge is already together with WD (default settings in the Security Center). So, it is questionable to test WD with another web browser. Edge is by default protected by very strong Exploit Protection mitigations, so replacing it with another web browser without additional extensions (some testers like to do it) is questionable, too.
Last edited:
- Dec 23, 2014
- 8,512
I am sorry. Try to read my post again without coffee.
- Aug 30, 2012
- 6,598
I cannot agree with you, but can agree to disagree. And will not continue
- Jan 29, 2017
- 1,201
- Dec 23, 2014
- 8,512
That is the point. It is not a test, but rather a demonstration of the author's believes and experience. He is sure that WD alone cannot be a top AV (which is true). He makes a video, and adds the comment (below the video on the website) which could suggest that the results are not so good as compared to the top AVs (which does not follow from the "test"). So, it is an educational video to demonstrate people the truth without proving it.
In fact, the "test" results (with the Internet connection) are typical to the results of some YouTube "tests" for AVs with dedicated anti-ransomware protection (two missed samples confirmed with the Internet connection). Only the author's comments tell another story.
Furthermore, such a single test cannot say much about real AV protection - we could know it only after many such tests performed on several AVs.
Edit.
See also my post:
App Review - Windows Defender vs Ransomware
I noticed an improvement in understanding this problem among MT members as compared to the posts from a few years. :)(y) Thanks to me who put reason in their head with my sledgehammer brutal tongue :p
malwaretips.com
Last edited:
- May 14, 2019
- 116
Cleaned up countless systems in the past with malware removal tools + hunting down registry modifications manually, and not a security professional myself... Never had complaints from people whose machines I cleaned afterwards. Sure, really severe infections better professional takes over (especially in business side due to very sensitive and important data in question), but malware removal tools work pretty well these days for home user.
Reminds me bit of an argument that unless you code in assembly, you're a noob because compilers will never beat very skilled assembly programmer... Might be true, but fact of the matter is higher level programming languages exist for a very good reason, as do malware removal tools. Might be you need to finish the cleaning manually, but a lot of times you actually don't need to anymore.
And its a general rule you should always do back ups. Not just for security, but if Windows update decides to wipe all your data, at least its backed up (actually happened once to me, but had a back up to restore from).
- Dec 23, 2014
- 8,512
Shortly, the usual tests performed on WD + 3rd party web browser are not fully reliable for users who keep WD with native Edge (which is a default configuration on Windows 10).
The tests of WD + 3rd party web browsers are still valid for most users because most users choose such a configuration. That is why the AV Labs usually choose such configuration in AV tests. The AV Labs have no reason to test the default Windows 10 security because no one wants to pay for it.
- Jul 27, 2015
- 5,458
Youtubers always have and always will love throw around words and conclusions no matter what is shared or tested in a video. It's not for nothing that grand words like, quote : " VIEWED BY A MASSIVE WORLDWIDE AUDIENCE " is stated ( in caps ) even if the guy got 102k ( 102 thousand ) subscribers and 10 501 views of this video. I don't say that's not great numbers because it is, but it for sure ain't any Worldwide numbers! Available to a massive worldwide audience would probably be more honest, but also way less interesting.
I fully agree with @Andy Ful about this not being a complete/conclusive test as it's, one test. Personal I find most Youtube tests entertaining and normally I have no issues watching Leos videos, but this one sadly gave me a headache and I had to stop watch it before the end. It had nothing to do with the product or the result etc. The giggle laughing was like listen on a nervous teenager.
) even if the guy got 102k ( 102 thousand ) subscribers and 10 501 views of this video. I don't say that's not great numbers because it is, but it for sure ain't any Worldwide numbers! Available to a massive worldwide audience would probably be more honest, but also way less interesting. I fully agree with @Andy Ful about this not being a complete/conclusive test as it's, one test. Personal I find most Youtube tests entertaining and normally I have no issues watching Leos videos, but this one sadly gave me a headache and I had to stop watch it before the end. It had nothing to do with the product or the result etc. The giggle laughing was like listen on a nervous teenager.
- Oct 1, 2019
- 1,120
It is fair to test security products for average PC users on default settings. Since we all became more dependent on the internet, testing an AV without internet connection is not a realistic scenario. As far as I know, four of the the five most dominant infection sources are internet related:
1. Malware included in e-mail where user is tricked in clicking on it
2. Malware included in user initiated downloads, often executed by the user
3. Malware dropped on user's device after visiting a website or viewing content
4. Malware received at hotspots/public WIFI networks (press accept to gain access to free WIFI nonsense)
5. Malware received on USB-disks
The execute from disk seems a realistic approach since most of the infections are shoot in the foot errors of PC users, when:
a) all samples have the MOTW before executing
b) internet connection is ON when malware is executed.
Only the execute from USB is feasible in an offline situation and something is executed/opened from an USB in stead of file-sharing service (because there is no internet connection).
I really don't understand - when WD is OS-aware - why WD can't simulate a MOTW when something is opened from a removable device. How difficult is it to add one WD option "threat all executions from removable devices als untrusted" like it is done in Microsof Office?
1. Malware included in e-mail where user is tricked in clicking on it
2. Malware included in user initiated downloads, often executed by the user
3. Malware dropped on user's device after visiting a website or viewing content
4. Malware received at hotspots/public WIFI networks (press accept to gain access to free WIFI nonsense)
5. Malware received on USB-disks
The execute from disk seems a realistic approach since most of the infections are shoot in the foot errors of PC users, when:
a) all samples have the MOTW before executing
b) internet connection is ON when malware is executed.
Only the execute from USB is feasible in an offline situation and something is executed/opened from an USB in stead of file-sharing service (because there is no internet connection).
I really don't understand - when WD is OS-aware - why WD can't simulate a MOTW when something is opened from a removable device. How difficult is it to add one WD option "threat all executions from removable devices als untrusted" like it is done in Microsof Office?
Last edited:
- Dec 23, 2014
- 8,512
Dear Leo,
Thanks for proving that there exists an AV which cannot detect/block 100% of malware. Most people in the world wrongly thought (for a long time) that all AVs could detect/block 100% of malware. You destroyed this myth with one beautiful video clip.
Sincerely yours:
Andy
It seems that my joke is exaggerated. It can be directed to the author's comment below the video on the website:
,
"Windows Defender vs Ransomware: How well does the free antivirus with Microsoft Windows 10 fare against this type of malware. This video is a comprehensive test with a wide range of ransomware including threats like WannaCry and Petya."
But, this comment does not correctly describe what was really done in the video. It seems that many people who posted to the website were also misguided. Most of them did not probably realize that the test scenario was typical for the enterprise environment (attack from the compromised machine in the local network), but not for the home environment.
I have carefully watched and listened to the video once again, and this test is not a typical YouTube product. I missed a fragment close to the end when Leo explained the purpose of his "test". He focused on the difference between the WD protection in the local network with the Internet connection and without it. The results for WD without the Internet connection were worse (they should be as I noted in one of my posts). This can be important because many computers in the local network in enterprises are disconnected from the Internet. He also thought that his test can be useful for Microsoft to avoid some issues in enterprises after ransomware infection.
So I should rather post another joke :
Dear Leo,
Be cautious about the comments under your videos. Many people do not understand your videos so they need a little help from your side.
Andy.
Edit
If the purpose of this video was to demonstrate that WD free features (no ATP) are not suited to the enterprise environment, then it is a pretty good demonstration. Of course, this is a well known fact (without any demonstration) because WD protection highly depends on the cloud backend (Cloud delivered protection, Block at First Sight, SmartScreen).
Last edited:
yes so do i last decade, i was a "friendly neighborhood repairman" , never had complains too at a time malware were so basic a scanner and some registry cleaning were enough. Sadly, this time is gone. Now you need complex and adapted forensic tools like FRST, Farbar, and others....
I worked for Emsisoft, the malware removal team have to take a course or show some real experience in forensic and no they don't just run EEK or MBAM LOL.
i agree and understand your point, some people said the same to me, as if you need to know coding to get a brain....maybe their case tough, not me LOL
What i meant is, in our days, malware are way more evasive, even a scanner may miss entries, or not even detect them. hence complex forensic methodologies and tools are required.
I believe malware removal is when you have unrecoveable files , if not a system wipe is the most effective, unless you are tooo unlucky and got a bioskit.
Last edited by a moderator:
- Apr 1, 2019
- 2,868
I’m a malware removal expert. When in doubt reimage, when concerned reformat, reinstall bios, and clean install, when scared throw it in the trash.
- Mar 9, 2014
- 598
It's good to use default settings because that's how Defender is used by most.
- Mar 9, 2014
- 598
I forgot to add that "zero security awareness" is also likely the default view of most computers users. I may not know much about antivirus programs, etc., but I know a lot about novice users. By "novice," I mean they don't even know about any warning signs that appear in the system tray.
- Dec 23, 2014
- 8,512
From the security viewpoint, it is better to use the above-default WD settings, just because most users use default settings.
Similar threads
