App Review Windows Defender vs Ransomware

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,513
...
Now there are those that claim that Windows Defender has the highest reported rate of infection because it is installed on every Windows system. And while that argument on the face of it explains away the results, when you get into the statistics and adjust them it is plain to see that Windows Defender does poorly against new malware whereas the other vendors do much better.
It would be necessary to see such statistics if you have seen one. But, this could be possible for users who replaced some Windows built-in security by 3rd party software, without covering the security holes caused by it - for example when replacing Edge (SmartScreen, web browser Exploit protection, integration with BAFS) by 3rd party web browser without proper extensions. Anyway, there is evidence that WD signatures are not so fast as for example the Kaspersky signatures.
...
Windows Defender ain't one of the top performers in this particular case.
It cannot be the top one, especially without Edge + ASR rules + Anti-ransomware protection.
 

BoraMurdar

Super Moderator
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
There is nothing wrong with Leo's tests. The problem are people who just don't like the results and get all uppity upset.
It depends on which level of security awareness the viewer is at. And I can tell you a lot of stuff wrong in his tests if he is so professional like you say, and a lot of people dislike his videos not because of the results, but for the lack of objectiveness, the main thing you need to have when you call yourself a tester.
It's enough that he is a Youtube tester.
 
F

ForgottenSeer 823865

It depends on which level of security awareness the viewer is at. And I can tell you a lot of stuff wrong in his tests if he is so professional like you say, and a lot of people dislike his videos not because of the results, but for the lack of objectiveness, the main thing you need to have when you call yourself a tester.
It's enough that he is a Youtube tester.
Objectiveness is another story ^^
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,513
I know there are those that cry foul when Windows Defender is tested in isolation, but the industry just ain't buying it. The reason is that is the way Microsoft made Windows Defender and no one is willing to give it accommodation just because Microsoft made it that way.
There is nothing wrong with testing WD in isolation when it is clearly stated that other protective Windows features are not included, so the protection will be diminished. In fact, WD protection includes all features in the Security Center (WD antivirus, Edge, WD anti-ransomware protection, WD Exploit Guard). WD antivirus is integrated and suited to work with all these features.

You can argue that it is unfair all you want, but that is just how it is. If Microsoft would get its stuff together and make a proper security suite, then it wouldn't find itself in this situation.
Microsoft cannot get its stuff together, because WD is the only one AV natively installed with Windows installation. For example, the WD Browser Protection extension cannot be automatically added to Google Chrome (probably due to antimonopoly restrictions).
Furthermore, Edge is already together with WD (default settings in the Security Center). So, it is questionable to test WD with another web browser. Edge is by default protected by very strong Exploit Protection mitigations, so replacing it with another web browser without additional extensions (some testers like to do it) is questionable, too.
 
Last edited:

BoraMurdar

Super Moderator
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
Leo's test methodology and point of view is entirely from the point of view of someone with absolutely zero security awareness. Meaning the typical 93 year old grandmother - which is a completely valid point of view and test methodology.

That's what security geeks don't get. And it is also the reason that a lot of people call his vids absurd or invalid.

Within that context of the completely ignorant security software user, his tests are valid.

It can actually be argued that his tests are neither right nor wrong. And that obviously is true of just about any security software testing.

I'm of the belief that people don't like Leo's tests is because he has struck a nerve that people would rather ignore. They are upset because he is proving something that they very obviously find upsetting. So they lash-out against Leo and try to discredit him. That afterall is the widely used tactic when someone is emotionally perturbed and cannot cope.
I cannot agree with you, but can agree to disagree. And will not continue
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,513
Leo's test methodology and point of view is entirely from the point of view of someone with absolutely zero security awareness. Meaning the typical 93 year old grandmother - which is a completely valid point of view and test methodology.
...
That is the point. It is not a test, but rather a demonstration of the author's believes and experience. He is sure that WD alone cannot be a top AV (which is true). He makes a video, and adds the comment (below the video on the website) which could suggest that the results are not so good as compared to the top AVs (which does not follow from the "test"). So, it is an educational video to demonstrate people the truth without proving it.

In fact, the "test" results (with the Internet connection) are typical to the results of some YouTube "tests" for AVs with dedicated anti-ransomware protection (two missed samples confirmed with the Internet connection). Only the author's comments tell another story.
Furthermore, such a single test cannot say much about real AV protection - we could know it only after many such tests performed on several AVs.

Edit.
See also my post:
 
Last edited:

Dex4Sure

Level 3
Verified
Well-known
May 14, 2019
116
again you talk without knowing the full picture.
Leo works for a security vendor, as malware analyst/researcher.
His youtube channel is just a hobby for him.

Any security professional knows than malware disinfection must be left to professionals; Malware removal specialists take intensive course for it.
Only noobs believe in disinfection tools, they don't know ****, and it is why vendors make money on their back since ages; then they whine when their files got corrupted...typical...
when you are infected, unless a professional take over, you are good to reformat your system (or restore a backup, if the infection isn't too severe)..

Cleaned up countless systems in the past with malware removal tools + hunting down registry modifications manually, and not a security professional myself... Never had complaints from people whose machines I cleaned afterwards. Sure, really severe infections better professional takes over (especially in business side due to very sensitive and important data in question), but malware removal tools work pretty well these days for home user.

Reminds me bit of an argument that unless you code in assembly, you're a noob because compilers will never beat very skilled assembly programmer... Might be true, but fact of the matter is higher level programming languages exist for a very good reason, as do malware removal tools. Might be you need to finish the cleaning manually, but a lot of times you actually don't need to anymore.

And its a general rule you should always do back ups. Not just for security, but if Windows update decides to wipe all your data, at least its backed up (actually happened once to me, but had a back up to restore from).
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,513
...
Microsoft cannot get its stuff together, because WD is the only one AV natively installed with Windows installation. For example, the WD Browser Protection extension cannot be automatically added to Google Chrome (probably due to antimonopoly restrictions).
Furthermore, Edge is already together with WD (default settings in the Security Center). So, it is questionable to test WD with another web browser. Edge is by default protected by very strong Exploit Protection mitigations, so replacing it with another web browser without additional extensions (some testers like to do it) is questionable, too.
Shortly, the usual tests performed on WD + 3rd party web browser are not fully reliable for users who keep WD with native Edge (which is a default configuration on Windows 10).
The tests of WD + 3rd party web browsers are still valid for most users because most users choose such a configuration. That is why the AV Labs usually choose such configuration in AV tests. The AV Labs have no reason to test the default Windows 10 security because no one wants to pay for it.
 

upnorth

Level 68
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
Youtubers always have and always will love throw around words and conclusions no matter what is shared or tested in a video. It's not for nothing that grand words like, quote : " VIEWED BY A MASSIVE WORLDWIDE AUDIENCE " is stated ( in caps :sleep: ) even if the guy got 102k ( 102 thousand ) subscribers and 10 501 views of this video. I don't say that's not great numbers because it is, but it for sure ain't any Worldwide numbers! Available to a massive worldwide audience would probably be more honest, but also way less interesting.

I fully agree with @Andy Ful about this not being a complete/conclusive test as it's, one test. Personal I find most Youtube tests entertaining and normally I have no issues watching Leos videos, but this one sadly gave me a headache and I had to stop watch it before the end. It had nothing to do with the product or the result etc. The giggle laughing was like listen on a nervous teenager. :rolleyes:
 

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
It is fair to test security products for average PC users on default settings. Since we all became more dependent on the internet, testing an AV without internet connection is not a realistic scenario. As far as I know, four of the the five most dominant infection sources are internet related:
1. Malware included in e-mail where user is tricked in clicking on it
2. Malware included in user initiated downloads, often executed by the user
3. Malware dropped on user's device after visiting a website or viewing content
4. Malware received at hotspots/public WIFI networks (press accept to gain access to free WIFI nonsense)
5. Malware received on USB-disks

The execute from disk seems a realistic approach since most of the infections are shoot in the foot errors of PC users, when:
a) all samples have the MOTW before executing
b) internet connection is ON when malware is executed.

Only the execute from USB is feasible in an offline situation and something is executed/opened from an USB in stead of file-sharing service (because there is no internet connection).

I really don't understand - when WD is OS-aware - why WD can't simulate a MOTW when something is opened from a removable device. How difficult is it to add one WD option "threat all executions from removable devices als untrusted" like it is done in Microsof Office?
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,513
Dear Leo,
Thanks for proving that there exists an AV which cannot detect/block 100% of malware. Most people in the world wrongly thought (for a long time) that all AVs could detect/block 100% of malware. You destroyed this myth with one beautiful video clip. :)(y)
Sincerely yours:
Andy

It seems that my joke is exaggerated. It can be directed to the author's comment below the video on the website:

,
"Windows Defender vs Ransomware: How well does the free antivirus with Microsoft Windows 10 fare against this type of malware. This video is a comprehensive test with a wide range of ransomware including threats like WannaCry and Petya."

But, this comment does not correctly describe what was really done in the video. It seems that many people who posted to the website were also misguided. Most of them did not probably realize that the test scenario was typical for the enterprise environment (attack from the compromised machine in the local network), but not for the home environment.
I have carefully watched and listened to the video once again, and this test is not a typical YouTube product. I missed a fragment close to the end when Leo explained the purpose of his "test". He focused on the difference between the WD protection in the local network with the Internet connection and without it. The results for WD without the Internet connection were worse (they should be as I noted in one of my posts). This can be important because many computers in the local network in enterprises are disconnected from the Internet. He also thought that his test can be useful for Microsoft to avoid some issues in enterprises after ransomware infection.

So I should rather post another joke :

Dear Leo,
Be cautious about the comments under your videos. Many people do not understand your videos so they need a little help from your side.:)(y)
Andy.

Edit
If the purpose of this video was to demonstrate that WD free features (no ATP) are not suited to the enterprise environment, then it is a pretty good demonstration. Of course, this is a well known fact (without any demonstration) because WD protection highly depends on the cloud backend (Cloud delivered protection, Block at First Sight, SmartScreen).
 
Last edited:
F

ForgottenSeer 823865

Cleaned up countless systems in the past with malware removal tools + hunting down registry modifications manually, and not a security professional myself... Never had complaints from people whose machines I cleaned afterwards. Sure, really severe infections better professional takes over (especially in business side due to very sensitive and important data in question), but malware removal tools work pretty well these days for home user.
yes so do i last decade, i was a "friendly neighborhood repairman" , never had complains too at a time malware were so basic a scanner and some registry cleaning were enough. Sadly, this time is gone. Now you need complex and adapted forensic tools like FRST, Farbar, and others....
I worked for Emsisoft, the malware removal team have to take a course or show some real experience in forensic and no they don't just run EEK or MBAM LOL.

Reminds me bit of an argument that unless you code in assembly, you're a noob because compilers will never beat very skilled assembly programmer... Might be true, but fact of the matter is higher level programming languages exist for a very good reason, as do malware removal tools. Might be you need to finish the cleaning manually, but a lot of times you actually don't need to anymore.
i agree and understand your point, some people said the same to me, as if you need to know coding to get a brain....maybe their case tough, not me LOL
What i meant is, in our days, malware are way more evasive, even a scanner may miss entries, or not even detect them. hence complex forensic methodologies and tools are required.
I believe malware removal is when you have unrecoveable files , if not a system wipe is the most effective, unless you are tooo unlucky and got a bioskit.
 
Last edited by a moderator:

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
yes so do i last decade, i was a "friendly neighborhood repairman" , never has complains too at a time malware were so basic a scanner and some registry cleaning were enough. Sadly, this time is gone. Now you need complex and adapted forensic tools like FRST, Farbar, and others....
I worked for Emsisoft, the malware removal team have to take a course or show some real experience in forensic and no they don't just run EEK or MBAM LOL.


i agree and understand your point, some people said the same to me, as if you need to know coding to get a brain....maybe their case tough, not me LOL
What i meant is, in our days, malware are way more evasive, even a scanner may miss entries, or not even detect them. hence complex forensic methodologies and tools are required.
I believe malware removal is when you have unrecoveable files , if not a system wipe is the most effective, unless you are tooo unlucky and got a bioskit.
I’m a malware removal expert. When in doubt reimage, when concerned reformat, reinstall bios, and clean install, when scared throw it in the trash.
 

monkeylove

Level 12
Verified
Top Poster
Well-known
Mar 9, 2014
598
I forgot to add that "zero security awareness" is also likely the default view of most computers users. I may not know much about antivirus programs, etc., but I know a lot about novice users. By "novice," I mean they don't even know about any warning signs that appear in the system tray.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top