Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Windows Defender vs Top 200 Ransomware (PC Security Channel)
Message
<blockquote data-quote="Andy Ful" data-source="post: 1117260" data-attributes="member: 32260"><p>If we forget about invalid testing methodology, this video can be an interesting demonstration of (possibly) new ransomware. The sample missed in the test was submitted to Virus Total one day before the test and was poorly detected by other AVs. Interestingly, in the test, it managed to encrypt only some files. We cannot exclude the possibility that the ransomware was detected post-execution (that is how "Block at first sight" works in Microsoft Defender for some unknown samples).</p><p>Generally, I like this video demonstration (not a real test). The author tried to be neutral in his comments.</p><p></p><p>Microsoft Defender missed 1 per 98 samples (the "test" was unfinished) which could often happen for any popular AV. So, I cannot say that this demonstration bashes Microsoft Defender.</p><p></p><p>The detection of such samples in malware tests mainly depends on which AVs first encountered the sample in the wild. Many AVs can fight such malware similarly to Microsoft Defender (the first machine is infected, but others are protected after some minutes). Any two AVs can often miss different samples - we cannot assume that all samples detected by one AV will also be detected by another AV. That is why in good tests, several AVs should be tested at the same time on the same sample pool. Furthermore, for popular AVs, even 1000 fresh samples can be insufficient to get statistically significant differences.</p><p></p><p>Edit.</p><p>Microsoft recommends increasing the Cloud Protection Level and enabling ASR rules to maximize anti-ransomware protection.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 1117260, member: 32260"] If we forget about invalid testing methodology, this video can be an interesting demonstration of (possibly) new ransomware. The sample missed in the test was submitted to Virus Total one day before the test and was poorly detected by other AVs. Interestingly, in the test, it managed to encrypt only some files. We cannot exclude the possibility that the ransomware was detected post-execution (that is how "Block at first sight" works in Microsoft Defender for some unknown samples). Generally, I like this video demonstration (not a real test). The author tried to be neutral in his comments. Microsoft Defender missed 1 per 98 samples (the "test" was unfinished) which could often happen for any popular AV. So, I cannot say that this demonstration bashes Microsoft Defender. The detection of such samples in malware tests mainly depends on which AVs first encountered the sample in the wild. Many AVs can fight such malware similarly to Microsoft Defender (the first machine is infected, but others are protected after some minutes). Any two AVs can often miss different samples - we cannot assume that all samples detected by one AV will also be detected by another AV. That is why in good tests, several AVs should be tested at the same time on the same sample pool. Furthermore, for popular AVs, even 1000 fresh samples can be insufficient to get statistically significant differences. Edit. Microsoft recommends increasing the Cloud Protection Level and enabling ASR rules to maximize anti-ransomware protection. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
