AV-Comparatives Malware Protection Test - March 2021

Discussion in 'other anti-virus software' started by Spartan, Apr 15, 2021.

  1. Spartan

    Spartan Registered Member

    Joined:
    Jun 21, 2016
    Posts:
    1,424
    Location:
    Dubai
    Chart = https://www.av-comparatives.org/comparison/?usertype=consumer&chart_chart=chart9&chart_year=2021&chart_month=3&chart_sort=1&chart_zoom=2

    Full Article = https://www.av-comparatives.org/tests/malware-protection-test-march-2021/
     
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Microsoft Defender, Panda and Trend Micro are really dependant on their clod protection in this test.
     
  3. gery

    gery Registered Member

    Joined:
    Mar 8, 2008
    Posts:
    2,175
    gdata is not
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Actually, I'm a bit shocked at how bad Win Defender is in blocking malware without the cloud, only Malwarebytes and Trend Micro performed worse. And even with cloud protection enabled, Win Defender still failed to block 15 malware samples, I'm not too happy about this. Perhaps I should switch to a third party AV, on the other hand it also depends a bit on your risk profile.
     
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    You shouldn't be. It has been this way in this test series for as long as I can remember.

    Note: WD's vast improvement in its malware detection is due to block-at-first-sight cloud scanning. Prior to doing so, WD's detection rates were abysmal.
     
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    IMO in reality selecting "right" AV is not crucial for system security. Your behavior, practising safe computing, updating OS and apps, are IMO more important. AV is just last safety net if everything else fails. In most cases, if you practise safe computing, you will probably never see it in action.
     
  7. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    4,208
    i'd add regular backups to that plan. preferably to an offline storage location and to a cloud service.
     
  8. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    This! There is nothing more important to any set up than this. If you're using any type of computer you need to be imaging to an external and cloud. Make sure it's encrypted first though. Safety nets are nice to have when you need them.
     
  9. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    4,208
    yep. encryption is a must.
     
  10. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    Exactly.
     
  11. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,286
    Location:
    Las Vegas
    100% in agreement.
     
  12. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    I agree :thumb:

    I only mentioned what you can do to prevent infection. In case you get infected nothing is better than good backups.
    If you have data, that you don't want to be shared publicly, then you need some other tools to protect it from being accessed by malware.
     
    Last edited: Apr 18, 2021
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes, forgot about that. This basically means that the locally based AV engine is pretty crappy.

    No correct, this is what I meant with the risk profile. If you download software from trusted download sites, it's not that easy encounter malware. But I still don't really like it, an AV shouldn't only rely on the cloud. That's why at first I was interested in Cylance which is now also available in Europe. But it's probably mostly hype. BTW, Win Defender also didn't get a good review on this site, see links.

    https://www.safetydetectives.com/best-antivirus/cylance-smart-antivirus/
    https://www.safetydetectives.com/blog/windows-defender-vs-antiviruses-is-defender-enough-for-you/
     
  14. Freki123

    Freki123 Registered Member

    Joined:
    Jan 20, 2015
    Posts:
    336
    https://www.safetydetectives.com/blog/windows-defender-vs-antiviruses-is-defender-enough-for-you/
    For me some of his points are realy dependend on your usage:

    • Malware detection rates are lower than many third-party competitors.
    • Parental controls are limited to the Microsoft Edge browser. (I got not kids so couldn't care less)
    • The main user interface is clunky and not easy to navigate. (Don't care configured with H_C)
    • PC system health report is basic (no performance boosting or system cleanup). (I want an AV not a tuning suite)
    • There’s no cross-platform support (except for enterprise users). (What cross platform? I wanted an windows AV)
    • Lacks additional tools which third-party antiviruses have, like a VPN, password manager, dark web monitoring, or identity theft protection.
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes I agree, what I like about Win Defender is that it's light on the system and isn't bloated with all kinds of unneeded features. And now that I think of it, when you enable "cloud protection" it won't automatically upload files from your system unless "automatic sample submission" is also enabled. But the question is, what exactly do you then gain from cloud protection, this is a bit unclear.

    https://www.howtogeek.com/323537/ho...e-submission-and-cloud-based-protection-work/
     
  16. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    4,208
    jpg.png
     
  17. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
  18. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    4,208
    yep, that's a caveat to bear in mind.
     
  19. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    4,208
    jpg2.jpg
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes, I think it's clear by now that Win Def ATP is a different product which works together with Win Defender AV. However, malware analysis on the M$ cloud is being performed with the help of Win Def ATP, from what I understood.

    Good point, but it's still a bit unclear. I have found some more info. From what I understood, even without uploading any samples, Win Def AV might still block new "never seen before" malware but the thing is it will still need to upload the sample to get a verdict. So without uploading any samples, how does the cloud give you extra protection what you can't get from the locally based AV engine?

    https://www.microsoft.com/security/...gainst-never-before-seen-malware/?source=mmpc
     
  21. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    No. They both perform some type of cloud scanning. The difference is what the cloud scanning is doing.

    WD non-ATP version performs cloud scanning on unknown downloaded .exe's. View this as a short duration 10 sec. sandbox analysis. The scan can be extended via Group Policy (Pro+ versions) or third party tweak tool to 60 secs.

    WD ATP on the other does the following per the linked article I posted above:
    In essence, WD ATP is performing deviation from normal behavior analysis. Also WD ATP is designed to be used via a server based monitoring console as other third part AV equivalent apps have. The assumption being there is a live person monitoring corp. network activity. I do believe there are rules that can be deployed to automate some of the decision making.

    Note: that WD only users are restricted to ASR rule detection method only. These are in reality HIPS like absolute block only rules. OSA also works the same way; it blocks the activity w/o user option to allow the activity.
     
    Last edited: Apr 22, 2021
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    No you're misunderstanding, I'm saying that when they perform malware analysis in the cloud, they are probably using Win Def ATP to perform this. This is one way to use Win Def ATP and of course it's normally used to monitor the network. But anyway, it's still a bit unclear if cloud based protection needs to always upload samples in order to block malware. This is from the howtogeek.com article:

     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.