Windows Defender is The Big Surprise of AV-Comparatives Real-World Test - August 2017

[Matsuda]

Tested Cases

Our Real-World Protection Test is currently the most comprehensive and complex test available, usinga large number of test cases. Currently, we are running this test under Microsoft Windows 10 RS2 64-Bit SP1 with up-to-date third-party software (such as Adobe Flash, Adobe Acrobat Reader, Java, etc.).

Due to this, finding in-the-field working exploits and running malware is much more challenging than e.g. under an non-up-to-date system with unpatched/vulnerable third-party applications. Over the year we evaluate several tens of thousands malicious URLs. Unfortunately, many of these have to be discarded for various reasons.

We remove duplicates such as the same malware hosted on different domains or IP addresses, sites already tested, “grey” or non-malicious sites/files, and malware/sites disappearing during the test. Many malicious URLs carrying exploits were not able to
compromise the chosen system/applications because of the patch level.

This means that the vulnerabilities in the third-party applications on the system were already patched and the exploits could therefore not deliver their malicious payload. Users should be aware that by always keeping their system and third-party applications up-to-date/patched, they can dramatically decrease the risk posed by exploits.

The results are based on the test set of 389 live test cases (malicious URLs found in the field), consisting of working exploits (i.e. drive-by downloads) and URLs pointing directly to malware. Thus exactly the same infection vectors are used as a typical user would experience in everyday life. The test-cases used cover a wide range of current malicious sites and provide insights into the protection given by the various products (using all their protection features) while surfing the web.

The following products (latest version available at time of testing) were tested:

- Adaware Pro Security12.0
- Avast Free Antivirus 17.5
- AVG Free Antivirus 17.5
- AVIRA Antivirus Pro 15.0
- Bitdefender Internet Security 22.0
- BullGuard Internet Security 17.1
- CrowdStrike Falcon Prevent 3.3
- Emsisoft Anti-Malware 2017.7
- eScan Corporate 360 14.0
- ESET Internet Security 10.1
- F-Secure Safe 17.0 
- Fortinet FortiClient 5.6
- Kaspersky Internet Security 18.0
- McAfee Internet Security 20.2
- Microsoft Windows Defender 4.11
- Panda Free Antivirus 18.3
- Seqrite Endpoint Security 17.0
- Tencent PC Manager 12.3
- Symantec Norton Security 22.10
- Trend Micro Internet Security 11.1
- VIPRE Internet Security Pro 10.1


The chart shows only the protection scores for the month of AUGUST 2017 (389 test cases). The results of the false-positives test are also shown in the monthly factsheets/graph. The full detailed report will be released in December.

 

Source - PDF & Chart

[pc71520]

WD scored 98.7% with 1.3% User Dependent.

Not bad for a Free Anti-Malware

[UmbraEmsisoft]

Say thanks to Smartscreen

[steven36]

27 minutes ago, 0bin said:

A Security Configuration with Smartscreen and UAC disable, will always be an insecure configuration.

Right?

Isn't this only if you use IE  or Edge this Smartscreen?   not very many people use these anymore and most people don't turn off UAC anymore  once I upgraded too Windows 8.1  it caused irreversible effects like certain programs  would not run even if you turned  it back on ...Only way too fix it were you could run VMs  was reformat .

 

My NOD32  and my Ad Block fitlers have smart screen for all browsers  they don't discriminate against non Microsoft  browsers .  

[steven36]

8 minutes ago, 0bin said:

This is the answer to antiviruses:

I know NOD32  blocks a lot of shit  but they don't block everything and I don't rely  on Antivirus alone. My filters in my adblocker block a lot of sites also uMatrix block lot of 3rd party sites by default  that  NOD32 flags and with the use uMatrix i can use  sites as a 1st party without NOD32 fussing  at me.

[steven36]

11 minutes ago, 0bin said:

Everything you said is right, unless someone want target you.

I been on the internet for  16 years  and unless it was something that targeted everyone it's never effected me . Things that had targeted just me when I 1st started out on the internet  only way they became effective was  i allowed it  by making a stupid move.  Everything  I sent out  out comes back out too me out of programs is encrypted threw  a vpn  I monitor my internet and  i watch how much bandwidth  my PC uses . 

[steven36]

26 minutes ago, 0bin said:

Targeting you is difficult then

The scary things are the things that target everyone  witch really never  bothered  me because I was around back before  windows had a good firewall or any anti-malware and most antivirus  could not stop you from getting infected even though they could detect it and almost every one used IE . AVG  we use too call it Another Virus Got By  . It was not tell i tired Kaspersky 5 that I found a AV  that had  good web protection and could prevent Virus so before this if we got infected we just laughed it off and reformatted . So it don't matter too me I will just reformat if i had too but I never been infected with  something I cant remove since the early 2000s .

 

Infected in 20 minutes

https://www.theregister.co.uk/2004/08/19/infected_in20_minutes/

I never will forget the time  I reformatted  and got a virus from visiting Windows updates on XP so after this  1st thing I did was install Sygate Personal Firewall  because before SP2 Windows Firewall  was never any good in XP and that is what most 3rd party Firewalls were invented for was XP.

[UmbraEmsisoft]

Home users aren't targeted unless they wronged someone  and this "someone" hired a hacker; however home users are Phished.

[Nastrahl]

What are the user-dependent settings for WIndows Defender to reach such protection ?

[UmbraEmsisoft]

Just now, 0bin said:

was on darkweb hire a hacker or hire a hitman? I don't remember

Yep. 

[lordnsane]

On 25/09/2017 at 4:59 PM, 0bin said:

This is the answer to antiviruses:

 

that's just a throwaway tool for script kiddies.

real hackers modify the binary in runtime according to the antivirus, bit manipulation, XOR stubs, encrypting according to the antivirus behavior manually.

[UmbraEmsisoft]

Just use Kali create a  Metasploit via  fileless malware... no need to go very far to compromise a system, especially home users.

[UmbraEmsisoft]

slyguy is special case, he has a 5000$ hardware appliance   (working for Fortinet has its benefits) 

[UmbraEmsisoft]

9 hours ago, 0bin said:

@UmbraEmsisoft what happen to Hacker deterrent Pro?

No idea, maybe he got scared by all those crazy paranoid geeks