Windows Defender Sandbox Test vs Malware

Поделиться
HTML-код
  • Опубликовано: 12 ноя 2024

Комментарии • 811

  • @skinwalker_schizo4526
    @skinwalker_schizo4526 5 лет назад +883

    *infects computer with hundreds of viruses*
    "this is actually so much fun, not gonna lie."

    • @LynKazoyuu
      @LynKazoyuu 5 лет назад +7

      If one of those was memz lol

    • @ugolattanzio9152
      @ugolattanzio9152 5 лет назад

      ShxdoDxrpZ lmao

    • @de_stroyed
      @de_stroyed 5 лет назад +15

      it's a vm, not the actual pc itself, so yeah

    • @pikachu896
      @pikachu896 5 лет назад +2

      @@de_stroyed Duh

    • @joemartin1757
      @joemartin1757 5 лет назад +1

      I was literally just reading this as he says it

  • @justgiz
    @justgiz 5 лет назад +673

    I feel like i could catch a malware virus just by watching this video.

    • @whitedawn2122
      @whitedawn2122 5 лет назад +17

      Me: *laughs in immunity to .exe files*

    • @Wombat24455
      @Wombat24455 5 лет назад +7

      Apparently cyber-criminals are trying to get malware downloaded onto victim's device through youtube
      edit: so there is a chance of getting a virus from this video (not specifically from this video, just from the website itself)

    • @robloxplayercoolgirl5981
      @robloxplayercoolgirl5981 5 лет назад +5

      @@Wombat24455 O.o wait what? In what way?! 😰😬

    • @Wombat24455
      @Wombat24455 5 лет назад +1

      @@robloxplayercoolgirl5981 Through a script the attacker (cyber-criminal) injected, i recommend downloading AVG Antivirus to block the malware being downloaded because when i was browsing youtube, AVG had a popup saying it blocked a Trojan virus from being downloaded
      Edit: The free version of AVG is good enough

    • @robloxplayercoolgirl5981
      @robloxplayercoolgirl5981 5 лет назад +3

      @@Wombat24455 Okay, but that means you can get a virus through a yt video? I've imagined that it could happen, but i never knew it actually could >~< There are no antiviruses on my dad's laptop, and I use dad's laptop, I'm on it right now. I'm gonna ask dad if we can get an antivirus..

  • @TheMohawkNinja
    @TheMohawkNinja 5 лет назад +78

    To be fair, for something that comes as the default, built-in anti-virus, 90+% isn't all that bad.
    Think of it in the context of reality:
    (A) You don't get carpet bombed into submission with 1500 different malware, you get one piece of malware, if any.
    (B) Common sense will allow you to avoid at least 9/10ths of malware to begin with, so this is an additional 9/10ths on top of that, which brings the overall effective protection to at least 99%

    • @someaddictedidiot2186
      @someaddictedidiot2186 2 года назад +3

      Ooh, memz, I wonder what that is. Probably something that makes my PC faster. Ooh it says it's a virus, nah, probably not important..

  • @sixmilsix
    @sixmilsix 5 лет назад +53

    Thank you, In the process of purchasing the first PC desktop I’ve bought in years. Been debating whether to rely on MS Defender or purchase additional protection, debate settled. New to TPSC, really enjoy your reviews.

  • @HypeWrecks
    @HypeWrecks 5 лет назад +215

    This is giving me an unbelievable amount of anxiety.

    • @franky-161
      @franky-161 5 лет назад +9

      if you're new to pc's and stuff i would personally get a good antivirus software (bought), but if you know certain things, than you most likely not gonna get viruses

    • @HypeWrecks
      @HypeWrecks 5 лет назад +21

      HYPERS Thats why it gives me anxiety. This video betrays every single computer safety philosophy that I have developed over my lifetime.

    • @CaveyMoth
      @CaveyMoth 5 лет назад +36

      @@HypeWrecks I know, right? My momma always told me not to systematically execute 1500 samples of malware.

    • @HypeWrecks
      @HypeWrecks 5 лет назад +6

      Cavey Möth Its the golden rule of computer security,

    • @CaveyMoth
      @CaveyMoth 5 лет назад +11

      @@HypeWrecks The cascading waterfall of errors is just a Windows feature.

  • @TimpanKanava
    @TimpanKanava 5 лет назад +111

    This must be what my parents saw when I downloaded games as a kid

  • @M1ddle
    @M1ddle 5 лет назад +38

    9:25 I love how the icons on the desktop and windows defender synced up with the music

    • @M1ddle
      @M1ddle 4 года назад +7

      @Aaron Moody what

    • @ViperoK
      @ViperoK 4 года назад

      @@crasheba1533 what

    • @mparagames
      @mparagames 3 года назад

      @@ViperoK Yes it does but it can also play havoc with aps that access their own files or write to their own directory so it's not worth turning it on at the moment until MS sorts it's shit out.

    • @velp7718
      @velp7718 3 года назад

      @@mparagames what

    • @mparagames
      @mparagames 3 года назад

      @@velp7718 Yes it does but it can also play havoc with aps that access their own files or write to their own directory so it's not worth turning it on at the moment until MS sorts it's shit out.

  • @David-Alfonso
    @David-Alfonso 5 лет назад +139

    I feel like my computer is getting dirty just watching this.

    • @dgjm7129
      @dgjm7129 5 лет назад +2

      Do something quick before your computer do something dirty to you *insert Lenny face here*

  • @saveme2000
    @saveme2000 5 лет назад +230

    9 year olds clicking on Free fortnite vbucks
    Malware installed : “its free real estate”

    • @dak0t4
      @dak0t4 3 года назад

      aka my brother

  • @emmanel6190
    @emmanel6190 5 лет назад +90

    this is like watching ultron and jarvis fighting but way more mild

  • @ShihadMan
    @ShihadMan 5 лет назад +200

    lets all remember that he had to turn off real-time protection to actually be able to place the viruses in his computer. Thats a pretty strong first barrier

    • @ryansawyer6476
      @ryansawyer6476 5 лет назад +36

      I'm screaming the same thing lol. If you are depending on any AV to save you from executing malicious code good luck. Always, always, always take a layered approach. Good network security, followed by good backups, AV should be the last line of defense to tell you you need to nuke and pave a system. One last thing, if a user in an Enterprise environment is able to successfully infect a PC windows defender will not be the root cause and some shitty Network Security Engineer is gonna get canned 😂

    • @BortPlate
      @BortPlate 5 лет назад +5

      Some perhaps. The same result may have played out by the few that got passed that first barrier.

    • @henterpriser5779
      @henterpriser5779 4 года назад +9

      Kaspersky still protects your PC even if it's completely off😐. It's like OK you buy me? I'm forced to protect you

    • @mrblanche
      @mrblanche 4 года назад +3

      @@henterpriser5779 Until they send all your data to the KGB.

    • @StormFox_1
      @StormFox_1 4 года назад

      @@mrblanche xD

  • @arisu7397
    @arisu7397 5 лет назад +125

    Ah yes, the smell of a fresh malware in the morning

  • @RogueNewbie
    @RogueNewbie 5 лет назад +11

    Thank you so much for your work. I was seriously considering relegating AV duty from Bitdefender to Windows, given recent "perfect" lab results, but this just affirms my decision to go with a dedicated security suite on all our devices.

  • @Saturate0806
    @Saturate0806 5 лет назад +312

    Summary:
    1. Windows Defender is really slow checking files
    2. Bad detection ratio
    3. Makes Windows slower compared to other AVs like BitDefender

    • @theeskimo9875
      @theeskimo9875 5 лет назад +42

      I think bitdefender makes windows slow. But I have 128GB RAM so it doesn't matter to me

    • @Saturate0806
      @Saturate0806 5 лет назад +5

      @@theeskimo9875 ruclips.net/video/4UhUZCZMJHg/видео.html

    • @MaksKCS
      @MaksKCS 5 лет назад +82

      @@theeskimo9875
      Weird flex, but okay

    • @aaronwise1089
      @aaronwise1089 5 лет назад +11

      How does anyone have 128 gigabytes of ram?

    • @zidana.p4242
      @zidana.p4242 5 лет назад

      Bitdefender may be the best av for Windows but the only problem on this av is ram leak specially for a pc with 1-2 GB

  • @tacticalguy6473
    @tacticalguy6473 5 лет назад +47

    Those hash names got me ptsd from the time where i was founding and deleting viruses manually

  • @user-nf8qw8pq1f
    @user-nf8qw8pq1f 5 лет назад +10

    Excellent forensic run. My BP went up just watching this!
    Loved your thorough, calm and clinical approach. That is until...
    "I trusted you!" LOL

  • @HobkinBoi
    @HobkinBoi 5 лет назад +23

    I think some antivirus experts should get onboard with the whole defender program, so they can help improve it and increase the chance of it catching malware.

    • @UKGameShock
      @UKGameShock 5 лет назад +3

      its all about money, There is more money in being better than windows defender and making competition than taking a small % cut of money to improve it. If windows deffender did a good job so many other av would go un used.

    • @UltimateAlgorithm
      @UltimateAlgorithm 5 лет назад +6

      That could land Microsoft in a lot of trouble. Even with current Windows Defender, Microsoft is sued by some AV developer. They say that Microsoft is doing discriminatory business practice, which I think does not make sense. Why trying to give some basic protection considered discriminatory. If MS make Defender too good, they can get in a lot of trouble.

    • @amirabudubai2279
      @amirabudubai2279 5 лет назад +3

      @@UltimateAlgorithm Haven't heard of that case, but I am willing to bet it had something to do with MS only allowing the user to disable Defender if they had a white listed 3rd party AV. In other words, MS was selectively blocking AV. This only affected Windows 10 home, but that is most users.

    • @UltimateAlgorithm
      @UltimateAlgorithm 5 лет назад +3

      @@amirabudubai2279 and for good reason. AV starts it service early in boot process. Would you allow any application to do that? That is a terrible idea.

    • @avert_bs
      @avert_bs 3 года назад +1

      What are you talking about It's already good enough and catches 99% of viruses. And if you have a feeling it's a false positive, test it on virustotal.

  • @namesurname4666
    @namesurname4666 5 лет назад +52

    Imagine not watching the pc screen for a while and then you see this

  • @mikixd7956
    @mikixd7956 5 лет назад +39

    This reminds me of my old computer, the sad thing is that thing didn't have virus

    • @notsim_
      @notsim_ 4 года назад +2

      @@SergeantExtreme wtf

  • @laurpflorin
    @laurpflorin 5 лет назад +30

    For ransomware protection using Windows 10 built-in tools, the only reliable way to protect oneself is the Controlled Folder Access feature.
    In the latest Windows 10 version the user has an easier way to unblock the apps that are wrongly blocked by controlled folder access.
    Unless the user has his/her own 3rd party security tool that he/she uses, it's always a good idea to create a dedicated folder on the hard drive and add it to controlled folder access, then put all the important data there. It's not the most elegant solution but it will protect your data from encryption.

    • @LaserFur
      @LaserFur 5 лет назад +1

      I have to go add programs manually. And for Open office you can add .BIN to the name in the select box since it's the .BIN and not the .EXE that wants to add a file in the latest documents folder.

    • @laurpflorin
      @laurpflorin 5 лет назад +1

      @@LaserFur you can ease the process of adding programs with PowerShell. And in the latest version of Windows 10 You can also see the most recent blocked apps list in Windows defender and whitelist them easier.

    • @LaserFur
      @LaserFur 5 лет назад +3

      @@laurpflorin Not as useful when it just says "setup.exe" or "runDLL.exe" I need to know what folder it ran from and what command line it had. I think some companies are going to have to adapt to not being able to drop some random exe in a temp directory and run it and it and expect that to be able to update the browser. (looking at you chrome)

    • @LaserFur
      @LaserFur 5 лет назад

      @@laurpflorin just to add. Thanks I didn't notice they added it there.

    • @RealDaniyalAhmed
      @RealDaniyalAhmed 5 лет назад

      Can you please tell how to create controlled access folder. I am newbie and want protection from ransomware on windows 7.i have already ESET smart security and MalwareBytes.

  • @theycallmeken
    @theycallmeken 4 года назад +4

    "This one's good! We have a nice waterfall over here" That warmed my heart ❤

  • @spyrost.5439
    @spyrost.5439 5 лет назад +4

    Great video and as always well made!! I hope in the future we get a video as the one you did few years back with the free security challenge

  • @Hexcede
    @Hexcede 4 года назад +3

    I believe likely what happened when the scan stopped mid way was due to memory usage rather than taking too long. Windows programs will frequently crash when they can't allocate enough memory (and even if memory isn't actually full, high memory usage can still make a system unstable). Generally this is not due to the programs themselves simply using a lot of memory it almost always comes down to lots of processes using a smaller amount of memory and often times this sort of instability only happens at higher CPU usages as well (both of which was definitely seen in the video).
    Sometimes lots of allocating and deallocating of process memory has caused corruption for me in the past in many programs. (I've even had OS corruption from memory usage)

  • @TheDendran
    @TheDendran 5 лет назад +16

    13:09
    In the words of one wise Joel, who couldn't close a certain window:
    "Uh-oh, guys... ...problem!"

    • @blueberry1c2
      @blueberry1c2 5 лет назад +1

      How many bonzibuddys will i see in this comment section...

  • @benjones7848
    @benjones7848 5 лет назад +5

    For someone new to the channel, how do you collect your malware? Also what have you found to the best at preventing malware, and what have you found to be the best at removing malware?

  • @CurtisMcDonald
    @CurtisMcDonald 5 лет назад +8

    @The PC Security Channel [TPSC] I saw Python was compromised. That could be why the scan stopped without completing.

  • @tox1c90
    @tox1c90 4 года назад +5

    I think you somehow misunderstood the purpose of the Defender sandbox here. It is nothing at all about running any other application in a sandbox or limiting the actions of any other application to a sandbox environment.
    It's just about splitting the Defender process itself into two processes, separating the actual anti-malware module from the content parser and user interface process. The latter can then run with lower privileges within the sandbox. Just like any modern web browser is doing.
    If malware directly attacks Windows Defender and try to elevate it's privileges by hijacking the Defender process via a bug in its scanner module, it can only hijack the CP process which is running in the sandbox.
    However, the scanned application itself is not meant to be started within any sandbox environment. Thus, the sandbox feature is not expected to have any beneficial effect on stopping malware from doing other malicious stuff except when it tries to exploit Windows Defender vulnerabilities.

  • @justrandomguy8002
    @justrandomguy8002 5 лет назад +6

    I like how you present this video , it served me well and your voice is very suitable for this test

  • @baddealrage
    @baddealrage 5 лет назад +10

    I wonder if enabling all ATP (Microsoft 365 E5) protections would help to get a better score. I would like to see if ATP is a valid competitor vs Crowstrike and Cylance.

  • @TheStarfreak911
    @TheStarfreak911 5 лет назад +4

    Very interesting video. Having decent music play on the speedups is a big bonus.

  • @Henk717
    @Henk717 5 лет назад +3

    Windows defender is one of the best second opinion scans to run on your system these days as its an excellent removal scanner. The problem is that its the baseline for avbypassing and that shows. The most popular av will always run behind but it has gotten to the point the periodic scanner can be useful.

  • @ParoxyDM
    @ParoxyDM 5 лет назад +17

    Came for the Defender test. Stayed for the Beethoven soundtrack.

  • @Ccodebits
    @Ccodebits 5 лет назад +34

    So what happens if you didn't turn the real-time protection off?

    • @GrantsPerspective
      @GrantsPerspective 4 года назад +9

      It probably picks up some of the .exes as malware, and the control of having 1500ish malware samples that the antivirus/antimalware can pickup isn't really a control anymore. Real-time protection should stop malware from executing just as well as it would stop it from being copied over; it's the same scan process, except it's scanning before it executes rather than scanning as it's being copied. There's a reason the python script prompts you to put Real-Time Protection back on.

    • @spaghetti9067
      @spaghetti9067 3 года назад

      Basically it stops things from happening even when you don’t run scans so it catches threats in real time

  • @fortune3911
    @fortune3911 4 года назад +6

    Windows Defender is best for the people who don't click shiny "Download" button on the web.

    • @i_Ayush1
      @i_Ayush1 2 года назад

      LOL UNDERRATED.

  • @TheGodEmperorOfMankind_
    @TheGodEmperorOfMankind_ 5 лет назад +12

    3:08 ah yes, fresh malware for breakfast

  • @abdraoufx
    @abdraoufx 5 лет назад +44

    At this point I feel like AV companies are paying Microsoft to keep WD shity

    • @nocommentary9928
      @nocommentary9928 4 года назад +6

      For what it is Windows Defender is a remarkably good antivirus solution. If your semi-competent using computers and are aware of basic safety like not downloading mp3.exe files defender is all you need. The tests TPSC runs is not representative of a real world scenario. No one just accidentally runs every piece of malware on the internet.

    • @reckie1000
      @reckie1000 4 года назад +4

      @@nocommentary9928 "No one just accidentally runs every piece of malware on the internet." - You are so wrong

    • @xbotscythe
      @xbotscythe 4 года назад +2

      @@reckie1000 they obviously haven't met my parents

    • @doznaka6715
      @doznaka6715 4 года назад

      @@nocommentary9928
      My uncle clicks on every ad he sees

  • @-zerocool-
    @-zerocool- 5 лет назад +9

    LMAO I was hoping for a lot better than that! Will renew my Emsisoft for sure!

  • @JMRSplatt
    @JMRSplatt 5 лет назад +4

    This is basically what my system would do in the 90's/early 2000's after downloading Warez and Gamez.. .ahh good ole days.

    • @TheReapersSon
      @TheReapersSon 5 лет назад +1

      0day cracks forever!!! Pull the trigger and hope you don't fuck up your computer for that sweet, sweet freeloading. Those were the days...

    • @flyingspaghetti
      @flyingspaghetti 5 лет назад

      Lol both of you noobs. I haven't paid for a game in over a decade and I didn't have a single virus. You think warez are the same as they were in the 00s?

  • @cyberlisk9
    @cyberlisk9 5 лет назад +5

    My question is , since all the malware is running together, do you think there's alot of cases where the malware takes eachother out? Maybe one just completely scrambles the other? Malware Battle Royale?

    • @Nickwilde7755
      @Nickwilde7755 2 года назад +1

      We got a, number one victory royale
      Yeah windows we bout to get down
      Get down 10 kills on the board right now
      Just wiped out hard drive town

  • @mirroredchaos
    @mirroredchaos 5 лет назад +9

    I know its unlikely that someone is gonna have that many threats running at one time like in the test, but dang, despite getting gangbanged defender continued to fight even when it lost :P

    • @scarlett5554
      @scarlett5554 5 лет назад +1

      That's Because the creator of this video hates windows defender

  • @tungkirezaprasakti3479
    @tungkirezaprasakti3479 5 лет назад +24

    why u not put ads on your videos, your content is awesome

  • @ITMann
    @ITMann 5 лет назад +2

    Thank you for all the hard work you do on this channel and keeping us informed. Yes I was very surprised at those results after the test. Here we are at the end of 2019 almost, with Windows OS build 1909 and yet Windows Defender is abysmal. Even more worrying is the outsourcing of the software programming to various companies abroad, and who may not use the highest levels of testing and quality assurance. Now the ordinary person may think your tests are too harsh. Not at all ! you throw every big nuisance during your tests and as many of the worst in malware that the internet can provide so yes, excellent testing !. We all have to be less naive when we roam the internet, we need to be pro-active, careful and have the best anti-virus software. From your previous videos I can see that there are a few good commercial brands that still offer good protection year after year whatever iteration those companies put out. None are perfect, some use bigger resources than others, some cause problems for avid PC gamers, some don’t have a high detection rate, but most are ok for everyday use. It’s all about education, and as you say being informed. But we must all realise as we surf the net, and click on all and sundry, to be vigilant at all times. The same goes for our emails, to be careful what we open. No longer is it like the old days when you had to actually run a .exe file to get infected. It’s a far scarier world now with scripts being automatic and running instantly in the background. So, thank you again for keeping us informed and providing good advice with respect to security products on our PC.

    • @Vekkuli001
      @Vekkuli001 5 лет назад

      Aren't email stuff basically from the 90s or early 2000s? I also disagree with the comment about Windows Defender, it does its job well enough.

  • @malwaretestingfan
    @malwaretestingfan 5 лет назад +21

    Everyone was waiting for this.

  • @possiblydaniel
    @possiblydaniel 5 лет назад +6

    you should have do an Hardcore malware check in Windows Defender (It's the one that says it takes 15 minutes)

  • @serversideissues4249
    @serversideissues4249 5 лет назад +55

    You should try this same test, but with Controlled Folder Access enabled. I'd be curious to see if still gets "ransomwared"

    • @AmaroqStarwind
      @AmaroqStarwind 5 лет назад +10

      I second this.

    • @iluvmyswamp7948
      @iluvmyswamp7948 5 лет назад +2

      i third this

    • @abhishekmaurya3453
      @abhishekmaurya3453 5 лет назад +10

      I'm sure that will prevent ransomware. It is so strict it doesn't even allow own windows software unless you allow manually. 🤦‍♂️

    • @serversideissues4249
      @serversideissues4249 5 лет назад +6

      ​@@abhishekmaurya3453 So defense in depth then, right? Implicit deny. Comodo uses this same approach and still malware finds a way around its defenses. Assuming you whitelist what applications are allowed, this could definitely be a good way to protect the end-user's system. It's still a valid test because it confirms that what Microsoft is claiming about their feature, "Ransomware Protection" is valid.

    • @namesurname4666
      @namesurname4666 5 лет назад +2

      That windows 7 wallpaper on your profile image :)

  • @DarienAllen
    @DarienAllen 5 лет назад +3

    You mean all the recent articles about how good Windows Defender is now where just blowing smoke up my a$$? Shocking!

  • @Pflanzenritter29-old
    @Pflanzenritter29-old 5 лет назад +182

    Please do Kaspersky Free again.

    • @rudigerschaebbicke8839
      @rudigerschaebbicke8839 5 лет назад +3

      Kaspersky
      Download

    • @ethimself5064
      @ethimself5064 5 лет назад +1

      @@rudigerschaebbicke8839 Why the Free? One can but the full Poaid version for about $20 - $25 per year - that is about $2/month or less

    • @dgjm7129
      @dgjm7129 5 лет назад +57

      @@ethimself5064 cause free is 0$/month

    • @ethimself5064
      @ethimself5064 5 лет назад +1

      @@dgjm7129 Free does not work as well as paid - Thanks

    • @dgjm7129
      @dgjm7129 5 лет назад +4

      @@ethimself5064 Ehh just don't expect alot for free. So yes. Sometimes paid is better than free

  • @zosxavius
    @zosxavius 5 лет назад +7

    Can you test sandboxie? It would be interesting to see how it compares. I get the feeling it might actually be a bit better.
    I find this interesting because WD consistently gets decent results in synthetic tests, but these results would clearly indicate otherwise.

  • @schematic2684
    @schematic2684 4 года назад

    Its fun seeing the little time go by in the bottom right corner

  • @roberty.7679
    @roberty.7679 5 лет назад +4

    Test AppGuard Solo. Their is more than just Anti-virus and Anti-Maleware
    Thanks,
    Robert

  • @ALurkingGrue
    @ALurkingGrue 5 лет назад +2

    I believe you are misunderstanding what the sandbox is for and it really wouldn't show up in a test like this. It's an architectural change to prevent Defender from it being the source of infection. Parsing files is hard and this would help prevent the act of scanning viruses from being a vector for viruses.

  • @ravindrabandi6810
    @ravindrabandi6810 3 года назад +2

    Integrating with Defender ATP would help isolating the endpoints when there is something suspicious

  • @user-hk3ej4hk7m
    @user-hk3ej4hk7m 5 лет назад +2

    You should check if any of the viruses manage to leak to other users on the same computer. Windows Defender doesn't hold your hand, but it should stop any privilege escalation exploits

  • @Nickwilde7755
    @Nickwilde7755 3 года назад +8

    Don’t forget: The only reason those viruses worked was because he *disabled real-time protection and put the viruses on* had RTP been on the viruses most likely wouldn’t have gotten on his VM

  • @HowtoFixYourComputer
    @HowtoFixYourComputer 5 лет назад +1

    Thank you guys.

  • @OverHaze
    @OverHaze 5 лет назад +5

    On the subject of A.I. and false positives Emsisoft's behaviour blocker hates videogames. It seems like everything I download something from Steam it gets flagged multiple times during install and on first launch. You also have to update the rule ever. single. time. the game is updated. I reported the false positive on Age of Wonders Planetfall right after the game came out and the behaviour blocker STILL flags the games main executable as a trojan downloader. I like Emsisoft, its basically the only antivirus that respects user privacy but they really need to fix this issue. It's been happening for years.

    • @pcsecuritychannel
      @pcsecuritychannel  5 лет назад

      Haze Touché

    • @OverHaze
      @OverHaze 5 лет назад +1

      @@pcsecuritychannel I just installed Remnant: From the Ashes and behaviour blocker flagged it as a code injector. I'm not trying to belabour the point I just thought the timing was funny!

    • @cschwehr
      @cschwehr 5 лет назад

      @@OverHaze Security is always a dance... annoying or a pain, or else let stuff though. It goes back to the issue of a safe computer is one buried in a bunker off the Internet, but it's not very easy to use. It's kinda riding that line between annoying notices and whitelisting, or getting something in.
      I'll take whitelisting in my realm, because if anything gets in, I've got ten times the work of a whitelist.
      I respect how annoying it is though, because insurance is generally annoying - in all types.

    • @OverHaze
      @OverHaze 5 лет назад

      @@cschwehr We Control came out a few days ago Emsisoft flagged both of the games .exe's as malware and quarantined them without notification. No idea why there was no notification. In fairness the false positive was corrected quite quickly. Still, I don't know of any other antivirus that reacts to games as aggressively as Emsisoft.

  • @teddym2808
    @teddym2808 4 года назад +4

    What about the MWB & Defender combo? It would be amazing if you'd test that as it's a very popular solution.

  • @LaserFur
    @LaserFur 5 лет назад +9

    I guess I'll be sticking with VMware. One note is that this new sandbox mode needs HyperV to be installed. and Hyper V can't be installed if you use 64 bit VM's in VMware.

    • @LynKazoyuu
      @LynKazoyuu 5 лет назад

      Sandbox is trash anyways proven by this vid

  • @servanofmyGod
    @servanofmyGod 4 года назад +3

    it did not look like you ran that in windows sandbox

  • @music22life55
    @music22life55 Год назад

    Im having the same exact problem and iv been on it for about a year now teaching my self. very thing u just said is exactly what uv figured out i just havet gotten rid of it just yet

  • @DarkBlackEyes
    @DarkBlackEyes 4 года назад +1

    This channel should support my windows xp

  • @ronaldddoooo
    @ronaldddoooo 4 года назад +3

    You should enable controlled folder access and ransomware protection!

    • @madmax2069
      @madmax2069 4 года назад +3

      Wait, he ran this test with those disabled ?

    • @ronaldddoooo
      @ronaldddoooo 4 года назад +3

      @@madmax2069 yep!

    • @madmax2069
      @madmax2069 4 года назад

      @@ronaldddoooo well no wonder it didn't do as well as other videos that I've seen testing it.

    • @ronaldddoooo
      @ronaldddoooo 4 года назад

      @@madmax2069 oh, ok...

    • @madmax2069
      @madmax2069 4 года назад +1

      @@ronaldddoooo the video I was watching (which was done this year) was doing basically the same thing as this video was doing, the detection rate was around 98% out of 1700 files ( a mix of viruses, Trojans, and ransomware, and other malware.

  • @mohamed-triki
    @mohamed-triki 2 года назад

    This actually scared me because I only use Windows Defender.
    I think I will be switching to Bitdefender (based on your testing playlist)!

  • @MsZsc
    @MsZsc 2 года назад

    i like that defender has the same notif sound as other windows ‘system’ notifs and is neutral sounding to me

  • @illbill5971
    @illbill5971 4 года назад +2

    I love how you say "don't worry" when you de-activate the protection, it's so funny since we actually don't give a sh... about your PC :)

  • @boonebytes1
    @boonebytes1 5 лет назад +1

    Sorry if this has already been answered... Just curious about if you find different results when testing threats that have been around long enough to have proper signatures in various products vs. relatively new, emerging threats...? I’m guessing the latter is harder to do, since by the time you can collect such samples they’ve already been identified as threats...
    Maybe I could phrase the question a bit differently: Do you see a higher protection level against older threats or new-ish threats?

  • @MrBulldawg6
    @MrBulldawg6 5 лет назад

    I like your content, seem very honest and give us useful tips. Will be subscribing

  • @FoxBlocksHere
    @FoxBlocksHere 5 лет назад +1

    Can you possibly test Windows Defender's built-in ransomware protection in the future? I'm curious to see how well it works.

  • @Ograws
    @Ograws 5 лет назад

    As soon as the background wallpaper changed you knew shit hit the fan

  • @nghiatn1611
    @nghiatn1611 5 лет назад +11

    How did the malware attempt to spread to your host machine even when Shared Folders were Read-only, Clipboard Sharing and Drag and Drop were Host to Guest only? And is there any way to prevent that from happening?

    • @kabloosh699
      @kabloosh699 5 лет назад

      Remove the share before executing the malware test?

    • @franklinAll8735
      @franklinAll8735 5 лет назад +1

      You can't ever be 100% safe. It is always possible for the malware to utilise zeroday exploit in the VM software itself to infect the system, however that's VERY rare. Most guest -> host infections occur due to either having shared folders or internet connection between guest and host enabled. To be as safe as possible delete any shared folders and disable internet connection /LAN on your guest system.

    • @franklinAll8735
      @franklinAll8735 5 лет назад

      @Hugh Jarce It won't help very much as long as your 'testing computer' is connected to the same network as the others are. You have to either have separate network or internet disabled before testing.

  • @nicolobirocchi9786
    @nicolobirocchi9786 5 лет назад +3

    Beautiful review, request: trend micro 2020

  • @salahqx
    @salahqx 5 лет назад +1

    Malware: injected in explorer.exe
    Malware: keylogger Activated.
    Malware: All saved passwords was stolen.
    Windows Defender: ..
    Windows Defender: Threads found

  • @vulpineronin3460
    @vulpineronin3460 5 лет назад +2

    But there is one key issue with the test... yes defender could, in theory, do much more isolation... but to get the malware on there you admitted to having to bypass the first line of defense for defender.... turning it off so it can't scan the files in the transfer. so you are starting with a compromised system, rather than a clean system and seeing if defender lets the stuff get copied in/saved in and then installed as it would in a real-world scenario. no one turns off their detectors before putting files on the pc. Edit: and you say it blocked 91% of what 10k simultaneous executions from a forcefully compromised system... i mean, really, this is a completely theoretical situation. the world doesn't have spherical chickens, after all.

    • @pcsecuritychannel
      @pcsecuritychannel  5 лет назад +2

      There is no difference between the proposed test situation and a realistic attack vector, most attacks do happen due to compromised systems, vulnerability exploitation etc. and trust me, copying the files with Defender turned ON will make no difference (I've tried it). It just will take a ton of more time unnecessarily. If something is blocked when copying it would be blocked during execution as well (That's just how realtime protection works). The issues were caused by files that were "missed" and execution is the last step in the entry process (which is what the test was about) thus giving Defender the best odds of detecting stuff.
      Also, having files on the disk does not make it an "infected system". The infection happens when the malware executes successfully with malicious intent which is what you saw in the video.

  • @potato2387
    @potato2387 4 года назад +1

    It’s gotten much better, could you do another review?

  • @ggggcccc1622
    @ggggcccc1622 5 лет назад +30

    Customer: my system got hosed by a virus using Windows defender...
    MS Support-Prandeep:
    Please reboot your system and get into safe mode...

    • @dgjm7129
      @dgjm7129 5 лет назад +2

      Ms-Support Prandeep: and Delete system32

    • @MichaelHadac
      @MichaelHadac 5 лет назад

      So how do You RUN a New Windows 10 in safe mode. Used to be able to press F8 and choose..? Now, I don't know.. Thanks, M.

    • @skullz3722
      @skullz3722 5 лет назад

      @@MichaelHadac 1. Click the Windows button.
      2. Hold down Shift, While holding Shift click Restart.
      3. Select Troubleshoot, go to Advance Options.
      4. Find Start-up Settings.
      5. Look in Start-up Settings for and click Restart.
      6. You will see boot option displayed.
      7. Select Safe mode and then it will boot up in safe mode on restart.

  • @ckingpro
    @ckingpro 4 года назад +1

    You missed the point of sandboxing. It sandboxes Windows Defender itself so that it can't be easily exploited by say a malformed file when it is parsed. It's not meant to run malware in a sandbox

  • @tekmang6837
    @tekmang6837 4 года назад +1

    What's your take on those that say that AVs introduce more vulnerabilities in Windows since they can have security holes and they have deep hooks in the OS?

  • @johnsweda2999
    @johnsweda2999 5 лет назад

    Very good would be nice to see a follow-up on how are you cleared the system and recover any files I'm sure this would be very useful

  • @dimepo6425
    @dimepo6425 5 лет назад +3

    you can stop shilling built in windows defender has been proven to work very well

  • @Armand79th
    @Armand79th 5 лет назад +34

    "Defender" is so utterly broken, it's not even funny.
    It can be defeated in less than a minute.

  • @james42519
    @james42519 5 лет назад +3

    so you have to turn it off to even get it on there? well if it stops it from even getting on there it can't even run. you are bypassing a feature that prevents it from downloading

    • @jason5365
      @jason5365 5 лет назад

      I agree! I work in IT and I see Defender stopping a lot of files before they get on to the PCs (base on SCCM Defender reports).

    • @Thyrador
      @Thyrador 5 лет назад

      Never heard of external storages, huh? It shouldn't just keep you safe from downloading these things, obviously.

    • @james42519
      @james42519 5 лет назад +1

      did you miss the part where he turned it off to get it off the external storage? defender protects stuff being downloaded and stuff plugged into it. if it prevents it from being taken off the storage then it did it's job. i assumed when i said download i wasn't just saying internet but but from any source

    • @Thyrador
      @Thyrador 5 лет назад

      @@james42519 You do know you don't have to copy it to your local drive to run it? Free could've also run it from the external source.
      Also what about shared folders? Imagine another, not proper secured device accidentally put it into a folder, that's on a separate device (NAS for example).
      What I meant was: it might have not let him copy all of the malware from the external source, so there are plenty of ways this stuff can get into your pc.
      It also should prevent him from running these things.
      If Defender actually let you run this infected software, Defender failed it's purpose to, well, defend you. No matter how you got that stuff.

    • @james42519
      @james42519 5 лет назад +1

      why didn't he then? windows defender is still safe and stops about everything. should have not turned it off like he did still. if you can't copy it from flash drive without antivirus stoping it it did it's job. if you try and run from external there is a popup a lot of time and you have to allow it too.

  • @DJaquithFL
    @DJaquithFL 5 лет назад +1

    In the big scheme I don't care, that said if you're going to perform these completely unrealistic tests then try it both ways: AV *(on)* + malware install; AV *(off)* + malware install.

  • @poland4279
    @poland4279 5 лет назад +1

    When I plugged in my new mouse (straight out of the package) Windows Defender ran antimalware for some reason. This came from Amazon so no way it was harmful.

  • @ShubhamSingh-gw9kq
    @ShubhamSingh-gw9kq 4 года назад +1

    That was fun !!!
    Can you please advice me on how i should keep my PC safe, i wanted to run some pirated cracked softwares, but i am quite worried about the viruses they might bring with them
    I tried to do such things in vmware but it ran toooo slow
    what shoud i do will the restore point work or i have to run such softwares in dual booted systems
    Please answer

  • @rudranilghosh2713
    @rudranilghosh2713 5 лет назад +13

    Good now I can show my friends. Can you test Quick Heal Internet Security and Kaspersky Free Antivirus(again please)

    • @shivangswain
      @shivangswain 5 лет назад +2

      Quick Heal is not a reliable one. Use Kaspersky, it's better.

    • @rudranilghosh2713
      @rudranilghosh2713 5 лет назад +1

      @@shivangswain I know that, I'm a kaspersky IS user for about 5 years now, but in India quick heal is the most popular AV

  • @DJRobertoNL
    @DJRobertoNL 5 лет назад +1

    is it not about time to test F-secure again, it has been a year already.
    very curious about this product again. After your test i bought it... curious to see, if should extend my subscription again

  • @RheyF
    @RheyF 5 лет назад +9

    Since i used windows 10 i haven't installed any 3rd party anitvirus, im just using windows defender and i haven't any issues so far

    • @LynKazoyuu
      @LynKazoyuu 5 лет назад

      If you scan your PC rn with anything good it will find threats 100% sure

    • @LynKazoyuu
      @LynKazoyuu 5 лет назад +1

      @Dex4Sure I'm not. I don't download programs I don't use and I don't even go near fishy sites
      Use common sense

    • @HobkinBoi
      @HobkinBoi 5 лет назад +1

      Honestly, I dont use any other AV either. Really, the major thing is to just watch out for what you're downloading.
      Also another thing, adblocking can also drastically reduce your chances of getting hit with possible malware, as it prevents things like fake download buttons and scummy redirects. So you're less likely to click on something bad in the first place.

    • @RheyF
      @RheyF 5 лет назад

      @@HobkinBoi yes.... exactly.... my browser is used which is edge and opera has ghostery installed on it... so far so good...also i installed spybot...

    • @RheyF
      @RheyF 5 лет назад

      @Hugh Jarce hi even ads are being block... i used it in all browser edge and opera

  • @ong1
    @ong1 5 лет назад +3

    Imagine you have a special encrypted PASSWORD, then Windows threat protection REMOVED it.
    That’s a Bitcoin Password

  • @ahmetyazal1075
    @ahmetyazal1075 5 лет назад +8

    Avast (premier) and İObit malware figter (pro) and windows defender perfect combo try you?

    • @ahmetyazal1075
      @ahmetyazal1075 5 лет назад +2

      @Emme jac avast:top protect '_' windows defender:top protect '_'

    • @maario__0
      @maario__0 5 лет назад +12

      @@ahmetyazal1075 Friend, you have no idea.
      First of all, having 3rd antivirus on 1 computer is crazy, it will slow down the system a lot.
      And the second is that Avast (and avg since avast bought avg) and iobit are a real crap.
      The best is Bitdefender or Kaspersky

    • @ahmetyazal1075
      @ahmetyazal1075 5 лет назад +1

      @@maario__0 bitdefender,norton, kaspresky, mcafee, avast, avg, Windows defender, avira more&... ~best A-Vs~ ~~top protect~~ norton, avast, avg, kaspersky more&.. you protect: virüs, malware, trojan,ransomware more&...

    • @wrongermonk1065
      @wrongermonk1065 5 лет назад +2

      @@ahmetyazal1075 No. Both are trash. That wont get you anywhere. And 3 AVs will make your PC run like a potato.... Windows Defender isnt "top protect". More like "no protect".

    • @edwinpj7637
      @edwinpj7637 5 лет назад +3

      go for Bitdefender or Kaspersky for the best and 'lag-free' protection

  • @alexbright7735
    @alexbright7735 4 года назад

    Sorry new to the channel. Out of interest is the windows user account on your lab machine an administrator?

    • @pcsecuritychannel
      @pcsecuritychannel  4 года назад +1

      Yes, I use an admin account for all my tests. Maybe I’ll do a demo with a limited account too sometime.

    • @alexbright7735
      @alexbright7735 4 года назад

      @@pcsecuritychannel yes because I recall somewhere a study that said 99% of vulnerabilities are negated by using a limited account

  • @musicalplankton
    @musicalplankton 5 лет назад +1

    Ok I have a few things to say
    1. There was no update this time 😂
    2. Leo what was that ransomeware it looked like one you reviewed a while ago.
    3. Windows still has a ton of work ahead of itself

    • @PixelLabsMinecraft
      @PixelLabsMinecraft 5 лет назад

      The files were .harma so you should be able to find it from that

  • @pattdown9216
    @pattdown9216 4 года назад

    Thank u that was good and woth the time
    thank u for sharing im on ur site and Love the wallpaper :)

  • @DmitriyChaikovskiy
    @DmitriyChaikovskiy 5 лет назад

    Great video man !

  • @musicalplankton
    @musicalplankton 5 лет назад +2

    I would like to also put out there you did give emcsoft a advantage with its own background

  • @shanthamurthy1234
    @shanthamurthy1234 5 лет назад +3

    Please do Video on Deep-freeze Vs Malware.

  • @Eclypsee
    @Eclypsee 5 лет назад +3

    You got SHADE RANSOMWARE on your VM somehow

  • @_c_e_
    @_c_e_ 5 лет назад

    Just a nit pick, SETX is actually a Windows Command Shell command. Whilst true you can run most commands through powershell, you may run into some issues with the way powershell handles syntax. There are articles relating to this elsewhere.

  • @isaacx593
    @isaacx593 5 лет назад +1

    You did not switch on the Randsomware protection dude aka Control Folder settings

  • @danaj9336
    @danaj9336 5 лет назад +1

    Interesting test. Just wondering, how long did it actually run before failing? Hours? Days?

  • @vukzlatkovic1183
    @vukzlatkovic1183 5 лет назад +5

    Windows sandbox is an emulation of windows which you are able to run natvely and which erases itself upon restarting it l, and is used for testing software. Its not a security measure afaik

    • @AlpineTerrier
      @AlpineTerrier 5 лет назад +1

      Yes, this guy pretends to be smarter than he really is.