Apparently cyber-criminals are trying to get malware downloaded onto victim's device through youtube edit: so there is a chance of getting a virus from this video (not specifically from this video, just from the website itself)
@@robloxplayercoolgirl5981 Through a script the attacker (cyber-criminal) injected, i recommend downloading AVG Antivirus to block the malware being downloaded because when i was browsing youtube, AVG had a popup saying it blocked a Trojan virus from being downloaded Edit: The free version of AVG is good enough
@@Wombat24455 Okay, but that means you can get a virus through a yt video? I've imagined that it could happen, but i never knew it actually could >~< There are no antiviruses on my dad's laptop, and I use dad's laptop, I'm on it right now. I'm gonna ask dad if we can get an antivirus..
To be fair, for something that comes as the default, built-in anti-virus, 90+% isn't all that bad. Think of it in the context of reality: (A) You don't get carpet bombed into submission with 1500 different malware, you get one piece of malware, if any. (B) Common sense will allow you to avoid at least 9/10ths of malware to begin with, so this is an additional 9/10ths on top of that, which brings the overall effective protection to at least 99%
Thank you, In the process of purchasing the first PC desktop I’ve bought in years. Been debating whether to rely on MS Defender or purchase additional protection, debate settled. New to TPSC, really enjoy your reviews.
if you're new to pc's and stuff i would personally get a good antivirus software (bought), but if you know certain things, than you most likely not gonna get viruses
@@ViperoK Yes it does but it can also play havoc with aps that access their own files or write to their own directory so it's not worth turning it on at the moment until MS sorts it's shit out.
@@velp7718 Yes it does but it can also play havoc with aps that access their own files or write to their own directory so it's not worth turning it on at the moment until MS sorts it's shit out.
lets all remember that he had to turn off real-time protection to actually be able to place the viruses in his computer. Thats a pretty strong first barrier
I'm screaming the same thing lol. If you are depending on any AV to save you from executing malicious code good luck. Always, always, always take a layered approach. Good network security, followed by good backups, AV should be the last line of defense to tell you you need to nuke and pave a system. One last thing, if a user in an Enterprise environment is able to successfully infect a PC windows defender will not be the root cause and some shitty Network Security Engineer is gonna get canned 😂
Thank you so much for your work. I was seriously considering relegating AV duty from Bitdefender to Windows, given recent "perfect" lab results, but this just affirms my decision to go with a dedicated security suite on all our devices.
I think some antivirus experts should get onboard with the whole defender program, so they can help improve it and increase the chance of it catching malware.
its all about money, There is more money in being better than windows defender and making competition than taking a small % cut of money to improve it. If windows deffender did a good job so many other av would go un used.
That could land Microsoft in a lot of trouble. Even with current Windows Defender, Microsoft is sued by some AV developer. They say that Microsoft is doing discriminatory business practice, which I think does not make sense. Why trying to give some basic protection considered discriminatory. If MS make Defender too good, they can get in a lot of trouble.
@@UltimateAlgorithm Haven't heard of that case, but I am willing to bet it had something to do with MS only allowing the user to disable Defender if they had a white listed 3rd party AV. In other words, MS was selectively blocking AV. This only affected Windows 10 home, but that is most users.
@@amirabudubai2279 and for good reason. AV starts it service early in boot process. Would you allow any application to do that? That is a terrible idea.
What are you talking about It's already good enough and catches 99% of viruses. And if you have a feeling it's a false positive, test it on virustotal.
For ransomware protection using Windows 10 built-in tools, the only reliable way to protect oneself is the Controlled Folder Access feature. In the latest Windows 10 version the user has an easier way to unblock the apps that are wrongly blocked by controlled folder access. Unless the user has his/her own 3rd party security tool that he/she uses, it's always a good idea to create a dedicated folder on the hard drive and add it to controlled folder access, then put all the important data there. It's not the most elegant solution but it will protect your data from encryption.
I have to go add programs manually. And for Open office you can add .BIN to the name in the select box since it's the .BIN and not the .EXE that wants to add a file in the latest documents folder.
@@LaserFur you can ease the process of adding programs with PowerShell. And in the latest version of Windows 10 You can also see the most recent blocked apps list in Windows defender and whitelist them easier.
@@laurpflorin Not as useful when it just says "setup.exe" or "runDLL.exe" I need to know what folder it ran from and what command line it had. I think some companies are going to have to adapt to not being able to drop some random exe in a temp directory and run it and it and expect that to be able to update the browser. (looking at you chrome)
Can you please tell how to create controlled access folder. I am newbie and want protection from ransomware on windows 7.i have already ESET smart security and MalwareBytes.
I believe likely what happened when the scan stopped mid way was due to memory usage rather than taking too long. Windows programs will frequently crash when they can't allocate enough memory (and even if memory isn't actually full, high memory usage can still make a system unstable). Generally this is not due to the programs themselves simply using a lot of memory it almost always comes down to lots of processes using a smaller amount of memory and often times this sort of instability only happens at higher CPU usages as well (both of which was definitely seen in the video). Sometimes lots of allocating and deallocating of process memory has caused corruption for me in the past in many programs. (I've even had OS corruption from memory usage)
For someone new to the channel, how do you collect your malware? Also what have you found to the best at preventing malware, and what have you found to be the best at removing malware?
I think you somehow misunderstood the purpose of the Defender sandbox here. It is nothing at all about running any other application in a sandbox or limiting the actions of any other application to a sandbox environment. It's just about splitting the Defender process itself into two processes, separating the actual anti-malware module from the content parser and user interface process. The latter can then run with lower privileges within the sandbox. Just like any modern web browser is doing. If malware directly attacks Windows Defender and try to elevate it's privileges by hijacking the Defender process via a bug in its scanner module, it can only hijack the CP process which is running in the sandbox. However, the scanned application itself is not meant to be started within any sandbox environment. Thus, the sandbox feature is not expected to have any beneficial effect on stopping malware from doing other malicious stuff except when it tries to exploit Windows Defender vulnerabilities.
I wonder if enabling all ATP (Microsoft 365 E5) protections would help to get a better score. I would like to see if ATP is a valid competitor vs Crowstrike and Cylance.
Windows defender is one of the best second opinion scans to run on your system these days as its an excellent removal scanner. The problem is that its the baseline for avbypassing and that shows. The most popular av will always run behind but it has gotten to the point the periodic scanner can be useful.
It probably picks up some of the .exes as malware, and the control of having 1500ish malware samples that the antivirus/antimalware can pickup isn't really a control anymore. Real-time protection should stop malware from executing just as well as it would stop it from being copied over; it's the same scan process, except it's scanning before it executes rather than scanning as it's being copied. There's a reason the python script prompts you to put Real-Time Protection back on.
For what it is Windows Defender is a remarkably good antivirus solution. If your semi-competent using computers and are aware of basic safety like not downloading mp3.exe files defender is all you need. The tests TPSC runs is not representative of a real world scenario. No one just accidentally runs every piece of malware on the internet.
Lol both of you noobs. I haven't paid for a game in over a decade and I didn't have a single virus. You think warez are the same as they were in the 00s?
My question is , since all the malware is running together, do you think there's alot of cases where the malware takes eachother out? Maybe one just completely scrambles the other? Malware Battle Royale?
I know its unlikely that someone is gonna have that many threats running at one time like in the test, but dang, despite getting gangbanged defender continued to fight even when it lost :P
Thank you for all the hard work you do on this channel and keeping us informed. Yes I was very surprised at those results after the test. Here we are at the end of 2019 almost, with Windows OS build 1909 and yet Windows Defender is abysmal. Even more worrying is the outsourcing of the software programming to various companies abroad, and who may not use the highest levels of testing and quality assurance. Now the ordinary person may think your tests are too harsh. Not at all ! you throw every big nuisance during your tests and as many of the worst in malware that the internet can provide so yes, excellent testing !. We all have to be less naive when we roam the internet, we need to be pro-active, careful and have the best anti-virus software. From your previous videos I can see that there are a few good commercial brands that still offer good protection year after year whatever iteration those companies put out. None are perfect, some use bigger resources than others, some cause problems for avid PC gamers, some don’t have a high detection rate, but most are ok for everyday use. It’s all about education, and as you say being informed. But we must all realise as we surf the net, and click on all and sundry, to be vigilant at all times. The same goes for our emails, to be careful what we open. No longer is it like the old days when you had to actually run a .exe file to get infected. It’s a far scarier world now with scripts being automatic and running instantly in the background. So, thank you again for keeping us informed and providing good advice with respect to security products on our PC.
@@abhishekmaurya3453 So defense in depth then, right? Implicit deny. Comodo uses this same approach and still malware finds a way around its defenses. Assuming you whitelist what applications are allowed, this could definitely be a good way to protect the end-user's system. It's still a valid test because it confirms that what Microsoft is claiming about their feature, "Ransomware Protection" is valid.
Can you test sandboxie? It would be interesting to see how it compares. I get the feeling it might actually be a bit better. I find this interesting because WD consistently gets decent results in synthetic tests, but these results would clearly indicate otherwise.
I believe you are misunderstanding what the sandbox is for and it really wouldn't show up in a test like this. It's an architectural change to prevent Defender from it being the source of infection. Parsing files is hard and this would help prevent the act of scanning viruses from being a vector for viruses.
You should check if any of the viruses manage to leak to other users on the same computer. Windows Defender doesn't hold your hand, but it should stop any privilege escalation exploits
Don’t forget: The only reason those viruses worked was because he *disabled real-time protection and put the viruses on* had RTP been on the viruses most likely wouldn’t have gotten on his VM
On the subject of A.I. and false positives Emsisoft's behaviour blocker hates videogames. It seems like everything I download something from Steam it gets flagged multiple times during install and on first launch. You also have to update the rule ever. single. time. the game is updated. I reported the false positive on Age of Wonders Planetfall right after the game came out and the behaviour blocker STILL flags the games main executable as a trojan downloader. I like Emsisoft, its basically the only antivirus that respects user privacy but they really need to fix this issue. It's been happening for years.
@@pcsecuritychannel I just installed Remnant: From the Ashes and behaviour blocker flagged it as a code injector. I'm not trying to belabour the point I just thought the timing was funny!
@@OverHaze Security is always a dance... annoying or a pain, or else let stuff though. It goes back to the issue of a safe computer is one buried in a bunker off the Internet, but it's not very easy to use. It's kinda riding that line between annoying notices and whitelisting, or getting something in. I'll take whitelisting in my realm, because if anything gets in, I've got ten times the work of a whitelist. I respect how annoying it is though, because insurance is generally annoying - in all types.
@@cschwehr We Control came out a few days ago Emsisoft flagged both of the games .exe's as malware and quarantined them without notification. No idea why there was no notification. In fairness the false positive was corrected quite quickly. Still, I don't know of any other antivirus that reacts to games as aggressively as Emsisoft.
I guess I'll be sticking with VMware. One note is that this new sandbox mode needs HyperV to be installed. and Hyper V can't be installed if you use 64 bit VM's in VMware.
Im having the same exact problem and iv been on it for about a year now teaching my self. very thing u just said is exactly what uv figured out i just havet gotten rid of it just yet
@@ronaldddoooo the video I was watching (which was done this year) was doing basically the same thing as this video was doing, the detection rate was around 98% out of 1700 files ( a mix of viruses, Trojans, and ransomware, and other malware.
Sorry if this has already been answered... Just curious about if you find different results when testing threats that have been around long enough to have proper signatures in various products vs. relatively new, emerging threats...? I’m guessing the latter is harder to do, since by the time you can collect such samples they’ve already been identified as threats... Maybe I could phrase the question a bit differently: Do you see a higher protection level against older threats or new-ish threats?
How did the malware attempt to spread to your host machine even when Shared Folders were Read-only, Clipboard Sharing and Drag and Drop were Host to Guest only? And is there any way to prevent that from happening?
You can't ever be 100% safe. It is always possible for the malware to utilise zeroday exploit in the VM software itself to infect the system, however that's VERY rare. Most guest -> host infections occur due to either having shared folders or internet connection between guest and host enabled. To be as safe as possible delete any shared folders and disable internet connection /LAN on your guest system.
@Hugh Jarce It won't help very much as long as your 'testing computer' is connected to the same network as the others are. You have to either have separate network or internet disabled before testing.
Malware: injected in explorer.exe Malware: keylogger Activated. Malware: All saved passwords was stolen. Windows Defender: .. Windows Defender: Threads found
But there is one key issue with the test... yes defender could, in theory, do much more isolation... but to get the malware on there you admitted to having to bypass the first line of defense for defender.... turning it off so it can't scan the files in the transfer. so you are starting with a compromised system, rather than a clean system and seeing if defender lets the stuff get copied in/saved in and then installed as it would in a real-world scenario. no one turns off their detectors before putting files on the pc. Edit: and you say it blocked 91% of what 10k simultaneous executions from a forcefully compromised system... i mean, really, this is a completely theoretical situation. the world doesn't have spherical chickens, after all.
There is no difference between the proposed test situation and a realistic attack vector, most attacks do happen due to compromised systems, vulnerability exploitation etc. and trust me, copying the files with Defender turned ON will make no difference (I've tried it). It just will take a ton of more time unnecessarily. If something is blocked when copying it would be blocked during execution as well (That's just how realtime protection works). The issues were caused by files that were "missed" and execution is the last step in the entry process (which is what the test was about) thus giving Defender the best odds of detecting stuff. Also, having files on the disk does not make it an "infected system". The infection happens when the malware executes successfully with malicious intent which is what you saw in the video.
@@MichaelHadac 1. Click the Windows button. 2. Hold down Shift, While holding Shift click Restart. 3. Select Troubleshoot, go to Advance Options. 4. Find Start-up Settings. 5. Look in Start-up Settings for and click Restart. 6. You will see boot option displayed. 7. Select Safe mode and then it will boot up in safe mode on restart.
You missed the point of sandboxing. It sandboxes Windows Defender itself so that it can't be easily exploited by say a malformed file when it is parsed. It's not meant to run malware in a sandbox
What's your take on those that say that AVs introduce more vulnerabilities in Windows since they can have security holes and they have deep hooks in the OS?
so you have to turn it off to even get it on there? well if it stops it from even getting on there it can't even run. you are bypassing a feature that prevents it from downloading
did you miss the part where he turned it off to get it off the external storage? defender protects stuff being downloaded and stuff plugged into it. if it prevents it from being taken off the storage then it did it's job. i assumed when i said download i wasn't just saying internet but but from any source
@@james42519 You do know you don't have to copy it to your local drive to run it? Free could've also run it from the external source. Also what about shared folders? Imagine another, not proper secured device accidentally put it into a folder, that's on a separate device (NAS for example). What I meant was: it might have not let him copy all of the malware from the external source, so there are plenty of ways this stuff can get into your pc. It also should prevent him from running these things. If Defender actually let you run this infected software, Defender failed it's purpose to, well, defend you. No matter how you got that stuff.
why didn't he then? windows defender is still safe and stops about everything. should have not turned it off like he did still. if you can't copy it from flash drive without antivirus stoping it it did it's job. if you try and run from external there is a popup a lot of time and you have to allow it too.
In the big scheme I don't care, that said if you're going to perform these completely unrealistic tests then try it both ways: AV *(on)* + malware install; AV *(off)* + malware install.
When I plugged in my new mouse (straight out of the package) Windows Defender ran antimalware for some reason. This came from Amazon so no way it was harmful.
That was fun !!! Can you please advice me on how i should keep my PC safe, i wanted to run some pirated cracked softwares, but i am quite worried about the viruses they might bring with them I tried to do such things in vmware but it ran toooo slow what shoud i do will the restore point work or i have to run such softwares in dual booted systems Please answer
is it not about time to test F-secure again, it has been a year already. very curious about this product again. After your test i bought it... curious to see, if should extend my subscription again
Honestly, I dont use any other AV either. Really, the major thing is to just watch out for what you're downloading. Also another thing, adblocking can also drastically reduce your chances of getting hit with possible malware, as it prevents things like fake download buttons and scummy redirects. So you're less likely to click on something bad in the first place.
@@ahmetyazal1075 Friend, you have no idea. First of all, having 3rd antivirus on 1 computer is crazy, it will slow down the system a lot. And the second is that Avast (and avg since avast bought avg) and iobit are a real crap. The best is Bitdefender or Kaspersky
@@ahmetyazal1075 No. Both are trash. That wont get you anywhere. And 3 AVs will make your PC run like a potato.... Windows Defender isnt "top protect". More like "no protect".
Ok I have a few things to say 1. There was no update this time 😂 2. Leo what was that ransomeware it looked like one you reviewed a while ago. 3. Windows still has a ton of work ahead of itself
Just a nit pick, SETX is actually a Windows Command Shell command. Whilst true you can run most commands through powershell, you may run into some issues with the way powershell handles syntax. There are articles relating to this elsewhere.
Windows sandbox is an emulation of windows which you are able to run natvely and which erases itself upon restarting it l, and is used for testing software. Its not a security measure afaik
*infects computer with hundreds of viruses*
"this is actually so much fun, not gonna lie."
If one of those was memz lol
ShxdoDxrpZ lmao
it's a vm, not the actual pc itself, so yeah
@@de_stroyed Duh
I was literally just reading this as he says it
I feel like i could catch a malware virus just by watching this video.
Me: *laughs in immunity to .exe files*
Apparently cyber-criminals are trying to get malware downloaded onto victim's device through youtube
edit: so there is a chance of getting a virus from this video (not specifically from this video, just from the website itself)
@@Wombat24455 O.o wait what? In what way?! 😰😬
@@robloxplayercoolgirl5981 Through a script the attacker (cyber-criminal) injected, i recommend downloading AVG Antivirus to block the malware being downloaded because when i was browsing youtube, AVG had a popup saying it blocked a Trojan virus from being downloaded
Edit: The free version of AVG is good enough
@@Wombat24455 Okay, but that means you can get a virus through a yt video? I've imagined that it could happen, but i never knew it actually could >~< There are no antiviruses on my dad's laptop, and I use dad's laptop, I'm on it right now. I'm gonna ask dad if we can get an antivirus..
To be fair, for something that comes as the default, built-in anti-virus, 90+% isn't all that bad.
Think of it in the context of reality:
(A) You don't get carpet bombed into submission with 1500 different malware, you get one piece of malware, if any.
(B) Common sense will allow you to avoid at least 9/10ths of malware to begin with, so this is an additional 9/10ths on top of that, which brings the overall effective protection to at least 99%
Ooh, memz, I wonder what that is. Probably something that makes my PC faster. Ooh it says it's a virus, nah, probably not important..
Thank you, In the process of purchasing the first PC desktop I’ve bought in years. Been debating whether to rely on MS Defender or purchase additional protection, debate settled. New to TPSC, really enjoy your reviews.
This is giving me an unbelievable amount of anxiety.
if you're new to pc's and stuff i would personally get a good antivirus software (bought), but if you know certain things, than you most likely not gonna get viruses
HYPERS Thats why it gives me anxiety. This video betrays every single computer safety philosophy that I have developed over my lifetime.
@@HypeWrecks I know, right? My momma always told me not to systematically execute 1500 samples of malware.
Cavey Möth Its the golden rule of computer security,
@@HypeWrecks The cascading waterfall of errors is just a Windows feature.
This must be what my parents saw when I downloaded games as a kid
:D
9:25 I love how the icons on the desktop and windows defender synced up with the music
@Aaron Moody what
@@crasheba1533 what
@@ViperoK Yes it does but it can also play havoc with aps that access their own files or write to their own directory so it's not worth turning it on at the moment until MS sorts it's shit out.
@@mparagames what
@@velp7718 Yes it does but it can also play havoc with aps that access their own files or write to their own directory so it's not worth turning it on at the moment until MS sorts it's shit out.
I feel like my computer is getting dirty just watching this.
Do something quick before your computer do something dirty to you *insert Lenny face here*
9 year olds clicking on Free fortnite vbucks
Malware installed : “its free real estate”
aka my brother
this is like watching ultron and jarvis fighting but way more mild
Add vision 😭
lets all remember that he had to turn off real-time protection to actually be able to place the viruses in his computer. Thats a pretty strong first barrier
I'm screaming the same thing lol. If you are depending on any AV to save you from executing malicious code good luck. Always, always, always take a layered approach. Good network security, followed by good backups, AV should be the last line of defense to tell you you need to nuke and pave a system. One last thing, if a user in an Enterprise environment is able to successfully infect a PC windows defender will not be the root cause and some shitty Network Security Engineer is gonna get canned 😂
Some perhaps. The same result may have played out by the few that got passed that first barrier.
Kaspersky still protects your PC even if it's completely off😐. It's like OK you buy me? I'm forced to protect you
@@henterpriser5779 Until they send all your data to the KGB.
@@mrblanche xD
Ah yes, the smell of a fresh malware in the morning
No better way to start the day
lmfao
Thank you so much for your work. I was seriously considering relegating AV duty from Bitdefender to Windows, given recent "perfect" lab results, but this just affirms my decision to go with a dedicated security suite on all our devices.
Summary:
1. Windows Defender is really slow checking files
2. Bad detection ratio
3. Makes Windows slower compared to other AVs like BitDefender
I think bitdefender makes windows slow. But I have 128GB RAM so it doesn't matter to me
@@theeskimo9875 ruclips.net/video/4UhUZCZMJHg/видео.html
@@theeskimo9875
Weird flex, but okay
How does anyone have 128 gigabytes of ram?
Bitdefender may be the best av for Windows but the only problem on this av is ram leak specially for a pc with 1-2 GB
Those hash names got me ptsd from the time where i was founding and deleting viruses manually
That is so accurate.
Excellent forensic run. My BP went up just watching this!
Loved your thorough, calm and clinical approach. That is until...
"I trusted you!" LOL
I think some antivirus experts should get onboard with the whole defender program, so they can help improve it and increase the chance of it catching malware.
its all about money, There is more money in being better than windows defender and making competition than taking a small % cut of money to improve it. If windows deffender did a good job so many other av would go un used.
That could land Microsoft in a lot of trouble. Even with current Windows Defender, Microsoft is sued by some AV developer. They say that Microsoft is doing discriminatory business practice, which I think does not make sense. Why trying to give some basic protection considered discriminatory. If MS make Defender too good, they can get in a lot of trouble.
@@UltimateAlgorithm Haven't heard of that case, but I am willing to bet it had something to do with MS only allowing the user to disable Defender if they had a white listed 3rd party AV. In other words, MS was selectively blocking AV. This only affected Windows 10 home, but that is most users.
@@amirabudubai2279 and for good reason. AV starts it service early in boot process. Would you allow any application to do that? That is a terrible idea.
What are you talking about It's already good enough and catches 99% of viruses. And if you have a feeling it's a false positive, test it on virustotal.
Imagine not watching the pc screen for a while and then you see this
Especially 9:11
This reminds me of my old computer, the sad thing is that thing didn't have virus
@@SergeantExtreme wtf
For ransomware protection using Windows 10 built-in tools, the only reliable way to protect oneself is the Controlled Folder Access feature.
In the latest Windows 10 version the user has an easier way to unblock the apps that are wrongly blocked by controlled folder access.
Unless the user has his/her own 3rd party security tool that he/she uses, it's always a good idea to create a dedicated folder on the hard drive and add it to controlled folder access, then put all the important data there. It's not the most elegant solution but it will protect your data from encryption.
I have to go add programs manually. And for Open office you can add .BIN to the name in the select box since it's the .BIN and not the .EXE that wants to add a file in the latest documents folder.
@@LaserFur you can ease the process of adding programs with PowerShell. And in the latest version of Windows 10 You can also see the most recent blocked apps list in Windows defender and whitelist them easier.
@@laurpflorin Not as useful when it just says "setup.exe" or "runDLL.exe" I need to know what folder it ran from and what command line it had. I think some companies are going to have to adapt to not being able to drop some random exe in a temp directory and run it and it and expect that to be able to update the browser. (looking at you chrome)
@@laurpflorin just to add. Thanks I didn't notice they added it there.
Can you please tell how to create controlled access folder. I am newbie and want protection from ransomware on windows 7.i have already ESET smart security and MalwareBytes.
"This one's good! We have a nice waterfall over here" That warmed my heart ❤
Great video and as always well made!! I hope in the future we get a video as the one you did few years back with the free security challenge
I believe likely what happened when the scan stopped mid way was due to memory usage rather than taking too long. Windows programs will frequently crash when they can't allocate enough memory (and even if memory isn't actually full, high memory usage can still make a system unstable). Generally this is not due to the programs themselves simply using a lot of memory it almost always comes down to lots of processes using a smaller amount of memory and often times this sort of instability only happens at higher CPU usages as well (both of which was definitely seen in the video).
Sometimes lots of allocating and deallocating of process memory has caused corruption for me in the past in many programs. (I've even had OS corruption from memory usage)
13:09
In the words of one wise Joel, who couldn't close a certain window:
"Uh-oh, guys... ...problem!"
How many bonzibuddys will i see in this comment section...
For someone new to the channel, how do you collect your malware? Also what have you found to the best at preventing malware, and what have you found to be the best at removing malware?
@The PC Security Channel [TPSC] I saw Python was compromised. That could be why the scan stopped without completing.
I think you somehow misunderstood the purpose of the Defender sandbox here. It is nothing at all about running any other application in a sandbox or limiting the actions of any other application to a sandbox environment.
It's just about splitting the Defender process itself into two processes, separating the actual anti-malware module from the content parser and user interface process. The latter can then run with lower privileges within the sandbox. Just like any modern web browser is doing.
If malware directly attacks Windows Defender and try to elevate it's privileges by hijacking the Defender process via a bug in its scanner module, it can only hijack the CP process which is running in the sandbox.
However, the scanned application itself is not meant to be started within any sandbox environment. Thus, the sandbox feature is not expected to have any beneficial effect on stopping malware from doing other malicious stuff except when it tries to exploit Windows Defender vulnerabilities.
I like how you present this video , it served me well and your voice is very suitable for this test
I wonder if enabling all ATP (Microsoft 365 E5) protections would help to get a better score. I would like to see if ATP is a valid competitor vs Crowstrike and Cylance.
Very interesting video. Having decent music play on the speedups is a big bonus.
Windows defender is one of the best second opinion scans to run on your system these days as its an excellent removal scanner. The problem is that its the baseline for avbypassing and that shows. The most popular av will always run behind but it has gotten to the point the periodic scanner can be useful.
In this test suck
Came for the Defender test. Stayed for the Beethoven soundtrack.
So what happens if you didn't turn the real-time protection off?
It probably picks up some of the .exes as malware, and the control of having 1500ish malware samples that the antivirus/antimalware can pickup isn't really a control anymore. Real-time protection should stop malware from executing just as well as it would stop it from being copied over; it's the same scan process, except it's scanning before it executes rather than scanning as it's being copied. There's a reason the python script prompts you to put Real-Time Protection back on.
Basically it stops things from happening even when you don’t run scans so it catches threats in real time
Windows Defender is best for the people who don't click shiny "Download" button on the web.
LOL UNDERRATED.
3:08 ah yes, fresh malware for breakfast
At this point I feel like AV companies are paying Microsoft to keep WD shity
For what it is Windows Defender is a remarkably good antivirus solution. If your semi-competent using computers and are aware of basic safety like not downloading mp3.exe files defender is all you need. The tests TPSC runs is not representative of a real world scenario. No one just accidentally runs every piece of malware on the internet.
@@nocommentary9928 "No one just accidentally runs every piece of malware on the internet." - You are so wrong
@@reckie1000 they obviously haven't met my parents
@@nocommentary9928
My uncle clicks on every ad he sees
LMAO I was hoping for a lot better than that! Will renew my Emsisoft for sure!
This is basically what my system would do in the 90's/early 2000's after downloading Warez and Gamez.. .ahh good ole days.
0day cracks forever!!! Pull the trigger and hope you don't fuck up your computer for that sweet, sweet freeloading. Those were the days...
Lol both of you noobs. I haven't paid for a game in over a decade and I didn't have a single virus. You think warez are the same as they were in the 00s?
My question is , since all the malware is running together, do you think there's alot of cases where the malware takes eachother out? Maybe one just completely scrambles the other? Malware Battle Royale?
We got a, number one victory royale
Yeah windows we bout to get down
Get down 10 kills on the board right now
Just wiped out hard drive town
I know its unlikely that someone is gonna have that many threats running at one time like in the test, but dang, despite getting gangbanged defender continued to fight even when it lost :P
That's Because the creator of this video hates windows defender
why u not put ads on your videos, your content is awesome
Thank you for the kind words.
Leo has a job. Thats why.
Tungki Reza Prasakti Indonesian
Thank you for all the hard work you do on this channel and keeping us informed. Yes I was very surprised at those results after the test. Here we are at the end of 2019 almost, with Windows OS build 1909 and yet Windows Defender is abysmal. Even more worrying is the outsourcing of the software programming to various companies abroad, and who may not use the highest levels of testing and quality assurance. Now the ordinary person may think your tests are too harsh. Not at all ! you throw every big nuisance during your tests and as many of the worst in malware that the internet can provide so yes, excellent testing !. We all have to be less naive when we roam the internet, we need to be pro-active, careful and have the best anti-virus software. From your previous videos I can see that there are a few good commercial brands that still offer good protection year after year whatever iteration those companies put out. None are perfect, some use bigger resources than others, some cause problems for avid PC gamers, some don’t have a high detection rate, but most are ok for everyday use. It’s all about education, and as you say being informed. But we must all realise as we surf the net, and click on all and sundry, to be vigilant at all times. The same goes for our emails, to be careful what we open. No longer is it like the old days when you had to actually run a .exe file to get infected. It’s a far scarier world now with scripts being automatic and running instantly in the background. So, thank you again for keeping us informed and providing good advice with respect to security products on our PC.
Aren't email stuff basically from the 90s or early 2000s? I also disagree with the comment about Windows Defender, it does its job well enough.
Everyone was waiting for this.
Indeed
What a disappointment tho
@@megumin6548Meh as well.
@@malwaretestingfan yup meh.....
you should have do an Hardcore malware check in Windows Defender (It's the one that says it takes 15 minutes)
You should try this same test, but with Controlled Folder Access enabled. I'd be curious to see if still gets "ransomwared"
I second this.
i third this
I'm sure that will prevent ransomware. It is so strict it doesn't even allow own windows software unless you allow manually. 🤦♂️
@@abhishekmaurya3453 So defense in depth then, right? Implicit deny. Comodo uses this same approach and still malware finds a way around its defenses. Assuming you whitelist what applications are allowed, this could definitely be a good way to protect the end-user's system. It's still a valid test because it confirms that what Microsoft is claiming about their feature, "Ransomware Protection" is valid.
That windows 7 wallpaper on your profile image :)
You mean all the recent articles about how good Windows Defender is now where just blowing smoke up my a$$? Shocking!
Please do Kaspersky Free again.
Kaspersky
Download
@@rudigerschaebbicke8839 Why the Free? One can but the full Poaid version for about $20 - $25 per year - that is about $2/month or less
@@ethimself5064 cause free is 0$/month
@@dgjm7129 Free does not work as well as paid - Thanks
@@ethimself5064 Ehh just don't expect alot for free. So yes. Sometimes paid is better than free
Can you test sandboxie? It would be interesting to see how it compares. I get the feeling it might actually be a bit better.
I find this interesting because WD consistently gets decent results in synthetic tests, but these results would clearly indicate otherwise.
Its fun seeing the little time go by in the bottom right corner
Test AppGuard Solo. Their is more than just Anti-virus and Anti-Maleware
Thanks,
Robert
I believe you are misunderstanding what the sandbox is for and it really wouldn't show up in a test like this. It's an architectural change to prevent Defender from it being the source of infection. Parsing files is hard and this would help prevent the act of scanning viruses from being a vector for viruses.
Integrating with Defender ATP would help isolating the endpoints when there is something suspicious
You should check if any of the viruses manage to leak to other users on the same computer. Windows Defender doesn't hold your hand, but it should stop any privilege escalation exploits
Don’t forget: The only reason those viruses worked was because he *disabled real-time protection and put the viruses on* had RTP been on the viruses most likely wouldn’t have gotten on his VM
Thank you guys.
On the subject of A.I. and false positives Emsisoft's behaviour blocker hates videogames. It seems like everything I download something from Steam it gets flagged multiple times during install and on first launch. You also have to update the rule ever. single. time. the game is updated. I reported the false positive on Age of Wonders Planetfall right after the game came out and the behaviour blocker STILL flags the games main executable as a trojan downloader. I like Emsisoft, its basically the only antivirus that respects user privacy but they really need to fix this issue. It's been happening for years.
Haze Touché
@@pcsecuritychannel I just installed Remnant: From the Ashes and behaviour blocker flagged it as a code injector. I'm not trying to belabour the point I just thought the timing was funny!
@@OverHaze Security is always a dance... annoying or a pain, or else let stuff though. It goes back to the issue of a safe computer is one buried in a bunker off the Internet, but it's not very easy to use. It's kinda riding that line between annoying notices and whitelisting, or getting something in.
I'll take whitelisting in my realm, because if anything gets in, I've got ten times the work of a whitelist.
I respect how annoying it is though, because insurance is generally annoying - in all types.
@@cschwehr We Control came out a few days ago Emsisoft flagged both of the games .exe's as malware and quarantined them without notification. No idea why there was no notification. In fairness the false positive was corrected quite quickly. Still, I don't know of any other antivirus that reacts to games as aggressively as Emsisoft.
What about the MWB & Defender combo? It would be amazing if you'd test that as it's a very popular solution.
I guess I'll be sticking with VMware. One note is that this new sandbox mode needs HyperV to be installed. and Hyper V can't be installed if you use 64 bit VM's in VMware.
Sandbox is trash anyways proven by this vid
it did not look like you ran that in windows sandbox
Im having the same exact problem and iv been on it for about a year now teaching my self. very thing u just said is exactly what uv figured out i just havet gotten rid of it just yet
This channel should support my windows xp
You should enable controlled folder access and ransomware protection!
Wait, he ran this test with those disabled ?
@@madmax2069 yep!
@@ronaldddoooo well no wonder it didn't do as well as other videos that I've seen testing it.
@@madmax2069 oh, ok...
@@ronaldddoooo the video I was watching (which was done this year) was doing basically the same thing as this video was doing, the detection rate was around 98% out of 1700 files ( a mix of viruses, Trojans, and ransomware, and other malware.
This actually scared me because I only use Windows Defender.
I think I will be switching to Bitdefender (based on your testing playlist)!
i like that defender has the same notif sound as other windows ‘system’ notifs and is neutral sounding to me
I love how you say "don't worry" when you de-activate the protection, it's so funny since we actually don't give a sh... about your PC :)
Sorry if this has already been answered... Just curious about if you find different results when testing threats that have been around long enough to have proper signatures in various products vs. relatively new, emerging threats...? I’m guessing the latter is harder to do, since by the time you can collect such samples they’ve already been identified as threats...
Maybe I could phrase the question a bit differently: Do you see a higher protection level against older threats or new-ish threats?
I like your content, seem very honest and give us useful tips. Will be subscribing
Can you possibly test Windows Defender's built-in ransomware protection in the future? I'm curious to see how well it works.
As soon as the background wallpaper changed you knew shit hit the fan
How did the malware attempt to spread to your host machine even when Shared Folders were Read-only, Clipboard Sharing and Drag and Drop were Host to Guest only? And is there any way to prevent that from happening?
Remove the share before executing the malware test?
You can't ever be 100% safe. It is always possible for the malware to utilise zeroday exploit in the VM software itself to infect the system, however that's VERY rare. Most guest -> host infections occur due to either having shared folders or internet connection between guest and host enabled. To be as safe as possible delete any shared folders and disable internet connection /LAN on your guest system.
@Hugh Jarce It won't help very much as long as your 'testing computer' is connected to the same network as the others are. You have to either have separate network or internet disabled before testing.
Beautiful review, request: trend micro 2020
Malware: injected in explorer.exe
Malware: keylogger Activated.
Malware: All saved passwords was stolen.
Windows Defender: ..
Windows Defender: Threads found
But there is one key issue with the test... yes defender could, in theory, do much more isolation... but to get the malware on there you admitted to having to bypass the first line of defense for defender.... turning it off so it can't scan the files in the transfer. so you are starting with a compromised system, rather than a clean system and seeing if defender lets the stuff get copied in/saved in and then installed as it would in a real-world scenario. no one turns off their detectors before putting files on the pc. Edit: and you say it blocked 91% of what 10k simultaneous executions from a forcefully compromised system... i mean, really, this is a completely theoretical situation. the world doesn't have spherical chickens, after all.
There is no difference between the proposed test situation and a realistic attack vector, most attacks do happen due to compromised systems, vulnerability exploitation etc. and trust me, copying the files with Defender turned ON will make no difference (I've tried it). It just will take a ton of more time unnecessarily. If something is blocked when copying it would be blocked during execution as well (That's just how realtime protection works). The issues were caused by files that were "missed" and execution is the last step in the entry process (which is what the test was about) thus giving Defender the best odds of detecting stuff.
Also, having files on the disk does not make it an "infected system". The infection happens when the malware executes successfully with malicious intent which is what you saw in the video.
It’s gotten much better, could you do another review?
Customer: my system got hosed by a virus using Windows defender...
MS Support-Prandeep:
Please reboot your system and get into safe mode...
Ms-Support Prandeep: and Delete system32
So how do You RUN a New Windows 10 in safe mode. Used to be able to press F8 and choose..? Now, I don't know.. Thanks, M.
@@MichaelHadac 1. Click the Windows button.
2. Hold down Shift, While holding Shift click Restart.
3. Select Troubleshoot, go to Advance Options.
4. Find Start-up Settings.
5. Look in Start-up Settings for and click Restart.
6. You will see boot option displayed.
7. Select Safe mode and then it will boot up in safe mode on restart.
You missed the point of sandboxing. It sandboxes Windows Defender itself so that it can't be easily exploited by say a malformed file when it is parsed. It's not meant to run malware in a sandbox
What's your take on those that say that AVs introduce more vulnerabilities in Windows since they can have security holes and they have deep hooks in the OS?
Very good would be nice to see a follow-up on how are you cleared the system and recover any files I'm sure this would be very useful
you can stop shilling built in windows defender has been proven to work very well
"Defender" is so utterly broken, it's not even funny.
It can be defeated in less than a minute.
so you have to turn it off to even get it on there? well if it stops it from even getting on there it can't even run. you are bypassing a feature that prevents it from downloading
I agree! I work in IT and I see Defender stopping a lot of files before they get on to the PCs (base on SCCM Defender reports).
Never heard of external storages, huh? It shouldn't just keep you safe from downloading these things, obviously.
did you miss the part where he turned it off to get it off the external storage? defender protects stuff being downloaded and stuff plugged into it. if it prevents it from being taken off the storage then it did it's job. i assumed when i said download i wasn't just saying internet but but from any source
@@james42519 You do know you don't have to copy it to your local drive to run it? Free could've also run it from the external source.
Also what about shared folders? Imagine another, not proper secured device accidentally put it into a folder, that's on a separate device (NAS for example).
What I meant was: it might have not let him copy all of the malware from the external source, so there are plenty of ways this stuff can get into your pc.
It also should prevent him from running these things.
If Defender actually let you run this infected software, Defender failed it's purpose to, well, defend you. No matter how you got that stuff.
why didn't he then? windows defender is still safe and stops about everything. should have not turned it off like he did still. if you can't copy it from flash drive without antivirus stoping it it did it's job. if you try and run from external there is a popup a lot of time and you have to allow it too.
In the big scheme I don't care, that said if you're going to perform these completely unrealistic tests then try it both ways: AV *(on)* + malware install; AV *(off)* + malware install.
When I plugged in my new mouse (straight out of the package) Windows Defender ran antimalware for some reason. This came from Amazon so no way it was harmful.
That was fun !!!
Can you please advice me on how i should keep my PC safe, i wanted to run some pirated cracked softwares, but i am quite worried about the viruses they might bring with them
I tried to do such things in vmware but it ran toooo slow
what shoud i do will the restore point work or i have to run such softwares in dual booted systems
Please answer
Good now I can show my friends. Can you test Quick Heal Internet Security and Kaspersky Free Antivirus(again please)
Quick Heal is not a reliable one. Use Kaspersky, it's better.
@@shivangswain I know that, I'm a kaspersky IS user for about 5 years now, but in India quick heal is the most popular AV
is it not about time to test F-secure again, it has been a year already.
very curious about this product again. After your test i bought it... curious to see, if should extend my subscription again
Since i used windows 10 i haven't installed any 3rd party anitvirus, im just using windows defender and i haven't any issues so far
If you scan your PC rn with anything good it will find threats 100% sure
@Dex4Sure I'm not. I don't download programs I don't use and I don't even go near fishy sites
Use common sense
Honestly, I dont use any other AV either. Really, the major thing is to just watch out for what you're downloading.
Also another thing, adblocking can also drastically reduce your chances of getting hit with possible malware, as it prevents things like fake download buttons and scummy redirects. So you're less likely to click on something bad in the first place.
@@HobkinBoi yes.... exactly.... my browser is used which is edge and opera has ghostery installed on it... so far so good...also i installed spybot...
@Hugh Jarce hi even ads are being block... i used it in all browser edge and opera
Imagine you have a special encrypted PASSWORD, then Windows threat protection REMOVED it.
That’s a Bitcoin Password
Avast (premier) and İObit malware figter (pro) and windows defender perfect combo try you?
@Emme jac avast:top protect '_' windows defender:top protect '_'
@@ahmetyazal1075 Friend, you have no idea.
First of all, having 3rd antivirus on 1 computer is crazy, it will slow down the system a lot.
And the second is that Avast (and avg since avast bought avg) and iobit are a real crap.
The best is Bitdefender or Kaspersky
@@maario__0 bitdefender,norton, kaspresky, mcafee, avast, avg, Windows defender, avira more&... ~best A-Vs~ ~~top protect~~ norton, avast, avg, kaspersky more&.. you protect: virüs, malware, trojan,ransomware more&...
@@ahmetyazal1075 No. Both are trash. That wont get you anywhere. And 3 AVs will make your PC run like a potato.... Windows Defender isnt "top protect". More like "no protect".
go for Bitdefender or Kaspersky for the best and 'lag-free' protection
Sorry new to the channel. Out of interest is the windows user account on your lab machine an administrator?
Yes, I use an admin account for all my tests. Maybe I’ll do a demo with a limited account too sometime.
@@pcsecuritychannel yes because I recall somewhere a study that said 99% of vulnerabilities are negated by using a limited account
Ok I have a few things to say
1. There was no update this time 😂
2. Leo what was that ransomeware it looked like one you reviewed a while ago.
3. Windows still has a ton of work ahead of itself
The files were .harma so you should be able to find it from that
Thank u that was good and woth the time
thank u for sharing im on ur site and Love the wallpaper :)
Great video man !
I would like to also put out there you did give emcsoft a advantage with its own background
Please do Video on Deep-freeze Vs Malware.
You got SHADE RANSOMWARE on your VM somehow
Just a nit pick, SETX is actually a Windows Command Shell command. Whilst true you can run most commands through powershell, you may run into some issues with the way powershell handles syntax. There are articles relating to this elsewhere.
You did not switch on the Randsomware protection dude aka Control Folder settings
Interesting test. Just wondering, how long did it actually run before failing? Hours? Days?
Windows sandbox is an emulation of windows which you are able to run natvely and which erases itself upon restarting it l, and is used for testing software. Its not a security measure afaik
Yes, this guy pretends to be smarter than he really is.