Yikes. The scary thing is that the real failure rate is probably even higher because samples on sample sites are more likely to have signatures.

Honestly, I'd like to see how other free antivirus manage the same 100 infostealers test

And yet MS want us to trust they can keep our data safe in Recall & Copilot (native App).

You might be the only one on KZbin who consistently tests Windows Defender and always keeps it thoroughly evaluated.

Windows defender needs a massive UI/UX overhaul. Knowing Microsoft it'll probably take 5 years

Make the same test with Kaspersky and bitdefender as well please.

I want to see malwarebytes vs. 100 viurs

On reddit these days, you will find the most common response to a user question about getting an antivirus to be "just use MS Defender, it's more than enough". I try to chime in that it's not that solid and might not be a good idea if you need a robust system, but the common consensus is that most users will never need more than Defender.

i wanna see if DefenderUI improves it a little bit since it did on ransomware test the last time you made a comparison with and without it

Windows Defender is that, better than not having any antivirus

I'd also like to see "Windows Defender vs Top 100 perfectly innocent programs", because the false positives with Defender are ridiculous these days. Every time we renew our signing key (which has to be done every 3-4 years) it decides we're a virus for a few days.

expected much better than 78% from windows defender

Professional software engineer here. What really needs to happen is that major vendors adopt the UWP permission model so that Microsoft gets the support it needs to slowly force that model to users. Permission based app sandboxing is how mobile operating system have been doing it for over a decade and Linux is shifting towards this too with Flatpak. Every app should just be able to read and modify its own stuff, and when it wants to do anything else, it needs to ask explicit permission for that. The more permissions and kind of permissions it asks determines how risky it is and can be presented accordingly. The current UAC windows are a joke compared to a proper permission system like Flatpak. It is crazy that in 2024 the standard way of doing things on Windows is still giving *every* executable unquestioned access to the entire system, browser files, etc. This is what makes info stealers possible in the first place. The solution is not trying to develop better malware detection. It is to fix the fundamental flaws of the system. And yes, Microsoft did try this with Windows 8 and failed horribly, but that was mostly due to loads of other factors, most of which have improved dramatically since then.

I think virtual operating systems are such a powerful security tool.

Not bad, considering that was Windows Security at default settings, I recommend that people use DefenderUI to set Windows Security to Aggressive settings. Leo needs to do this same test with that setup.

Got my info stolen last week so yeah this is very relevant

It would have been nice to see a network live log of all the outgoing traffic made from the VM running the infostealers. It may be possible that Defender blocked the connections but did not delete the exe.

You are technically classing detections as deciding to delete a file. If it kills the process it spawns preventing it from stealing anything I'd say it did it's job at a minimum level, even though file is still left on the system. Without checking network traffic and processes spawned on execution of each it's very hard to say if it did anything to protect you at all.

Can you do a video about modern antivirus vs old malware? For example if I download shady torrents that were uploaded 4 years ago, are modern antivirus more likely to detect them since the malware hasn't been updated for 4 years and is out of date?

Appreciate your videos. Very informative as always.

A true comparison would to have each scanner do their own scan and not have them continue on after defender. They probably would have done worse than 78%

the info stealers especially new ones that aren't in the signatures are quite tricky to detect. they don't affect any files, they don't try to infect any files. they just send the data to the server

Yes, we'd like to see more videos like this. Thank you 🙂

Thank you for the independent testing. We as consumers can be aware of these tests and security information because of independent cyber security channels like this. Also if you could test quickheal av products, would be nice. Thank you

Incredible video! Thank you for this gem! 💖

78% detection ratio is way better than 0%. i can remember days you were lucky if a main stream AV had a detection ratio of 78% and windows defender would have detected none. so in that sense 78% is a vast improvement. I thnk we probably all use more than just windows defender.

You should do this again, and at the start show that you have the latest security updates and Windows updates installed. Also, should try this again with defender for Business.

thankThank you for the comparisons, I find your analysis very helpful! As for expectations: -I did expect a higher detection rate, given the three of the better “free” solutions for the task. -the accuracy %, eqv to the overall detection rate, seems quite good for the “baked-in” solution. -you’re right with the “baked-in” solution; having a greater detection advantage, I would’ve expected more though? given the sheer quantity of vector data sources. great point! already sub’d or I’d do it again :)

And what happens to our data when internxt folds?

Okay, this sounds easy but, why don't Microsoft scan for top 100 viruses every day and just update Defender's database? Would this work?

Could you do the same but with Windows Hardened : 1. Using MAX setting of Configure Defender (minus the "protected folders"), which is what I saw recommended. 2. Hard Configurator - recommended settings. 3. HotCakeX/Harden-Windows-Security - with your recommended settings. 4. (removing powershell 2.0, and preventing executions of scripts from current powershell and powershell 7, inside group policy.) Reason being: It allows to have a free and built-in protection and shows whether the tools above, are enough to prevent most of the malware and attack vectors. While being straight forward and easy to configure. Is that something that resonates with you?

Good Review. Please do a new review on Quihoo 360 Total Security & the latest 360 Quihoo Browser when you get time. Thanks Leo!

What coincidental timing! Just the other day I had to scrub LummaStealer off my dad's computer. It did not get caught by Malwarebytes, and it did not get caught by a quick scan by Defender either. I had to do a full scan of the hard drive. Malwarebytes caught 18 pieces of malware, around half of them Trojans and the rest PUPs, plus I had to uninstall Epi Browser downloaded by one of the malware. The full disk scan caught LummaStealer and something called Malgent. I wonder if there might be more malware on that hard drive.

Please do the same test with Bitdefender.

windows defender with defenderui recommended settings vs top 100 info-stealers. would be interesting to see!

Would be good to download the 100 again and see how many the others catch

Would the detection be better if windows defender is set to HIGH via configure defender?

Can you make a video about mobile antiviruses? Do they even work? How effective they are? There are Kaspersky/Bitdefender mobile, do they work as good as they do on PC?

Next video: windows defender vs top 200 infostealers

You should have scanned with Malwarebytes

Well, hear me out, I'm one of those 66% that use MS defender. It's free and it's already there. I'm comfortable running with no protection at all, not because "it won't happen to me" mindset, but because I use this PC to game (and only game) and I want every last performance I can get. An AV (in general) doesn't have great reputation for being light. Plus all of the good performing solution is not free and I'm not willing to pay for it. I do still keep MS defender active, just in case. It's not good but at least it's something. And I'm a home user nerdy geeky PC guy so I do have better chance of not doing dumb things. The only thing that can do real damage to me is info stealer. Ransomware? I can just wipe everything, redownload my game, resync cloud save, restore from cold backup (which I have 3-2-ish backed up, 3-2 but not 1...) and done. Now if I have cousin that like to do shady thing click on every shady link that they can find and I'm not living with them to stop their dumbness, I would totally consider a paid good solution.

That is an unfortunately low detection rate (~78%) for top 100 infostealer samples, but to know if anything is actually sent off, it would probably require something like wireshark, fiddler or a network firewall. That probably requires a lot of effort to make into a video. :( The lack of MDE data transparency is indeed a massive weak point, the fact admins still need to navigate to windows eventlog to collect basic information, and use MS's script to collect remotely useful diagnostic information is just crazy. The MDE M365 security portal lags significantly behind other enterprise solutions and have settings really tucked away in layers of menus. As for the low detection rate, I really do hope more people have adblocker, DNS filtering, and any additional low performance impact tools that help, it's too late when someone's pension or bank accounts drained.

next video try kasperksy vs infostealers i would ike to know how kaspersky deals with them when you run them if the data is sent or not

Please try other antivirus scanners!

4:13 HitmanPro no longer uses Kaspersky engine? What do you think about adding Kaspersky Virus Removal Tool to the list here?

I was actually expecting it to be less effective.

this is a standard copy of Windows Defender... I would like to see this against a HARDENED copy of Windwos Defender using DefenderUI and tightened down

I don't know about the average user, but for me, at 78%, I'll take it, mainly because I'm responsible enough not to download or click something sketchy. It's also good for the average non techy user if they're careful enough.

can a keystealer like luma get in your account if you dont keep session open on for example google account on the computer or only if you use the keep me logged in option?

Kaspersky for me, does what I want. On my 3rd subscription

Good work and appreciated as always! Mind sending me the anonymized party script, so I can check and record how other AVs would behave, please?

If you want really fresh infostealers just download attachments from your emails from random companies asking for ad sponsorship.

I wonder why av test org has different results. Almost 100% detections for Microsoft Defender out of over 10 thousand samples and 99% detections out of 307 zero day threats.

you should have done an extra manual folder scan for windows defender?

It's ridiculous, really... how are there not proper anti-virus and firewalls embedded or pre installed co-ops with some of these companies when we buy our digital gear? We know there's zero day tests and red hackers, and no one in all these years has thought to prevent these negligences?

As computer's tenchnician, I'm used to clean computers protected with Windows Defender... but infected.

Are we talking defender free or the paid defender through M365 which is actually good.

I'm more curious what the attack vectors are for these infostealers. Are they being slipped into malvertisements or are they only able to be injected into downloadable files such as games and STLs? Can they harm you without being executed by the user? Etc. Whats the threat level that they pose?

I always laugh ad individuals especially on reddit that tell people who ask advice tell them that Windows defender is all they need and that paid/free top AVs are a waste of money/scam. Windows Defender is okay as a free bare minimum security offering, it is not going to offer you anywhere near the Security of companies that have spent millions if not billions over the years on RND such as ESET, Kaspersky or Bitdefender, Bitdefender and Kaspersky both offer free versions too that offer far superior security and detection rates when compared to Windows Defender.

So if infostealers can get through and other infections what is the point of TPM when it gets bypassed.

What about tools like Defender UI or Defender Hardener to configure it more securely, are those vapor ware, is there any actual way to configure Defender better or more accurarely?

Hi, in that case do you recommend Norton power eraser over malware bytes?

I fall prey to the info stealer while using Defender and from that day I'm using Kaspersky Free AV.

Ultimate protection... Window Difender with Outbound Connections disabled by default !!!

Would the results be better if you would do an additional manual scan with Windows Defender? Because now you rely on Windows Defender blocking everything immediately once it's executed. PC security is really hard. I don't want to bloat my system with all kinds of protection apps. But it's hard to choose which anti-virus and anti-malware to pick. And should it all be real time or some just for regular scans.

I suppose the first line of defense is not running those executables and only downloading from trusted sources?

Unfortunately this time you did not come the result with Defender UI 😕

Would the browser download scan detect them before finalizing the file?

So this tells me two things. Firstly those people who say "Defender is all you need..." don't know what they are talking about. And those that rubbish Norton for their resource issues from about twenty years ago also don't know what they are talking about.

Can my brain stop infostealers? Let's find out!

Kaspersky free is a Conplete improvement over Windows defender and react faster than windows defender so i would like to see same infostealers vs Kaspersky free or paid version

You can improve Windows Defender via DefenderUI

i love the tests bur are they accurate? shouldn't each malware sample want to run in it's own environment without the other malware trying to run at the same time?

Would you be able to do a licensed version of Windows defender ATP, from a business premium / E3 license, to see if it does anything "more"?

I have a legit copy of full license of malwarebite, is it any good ? ty

It’s too bad antiviruses aren’t effective against malicious websites and scammers that fool naive people into letting them into the computer. You would think the combination of remote access software plus command line might pop up a warning from the AV, at least.

would love to see K7 and Trend Micro vs Maleware

I use Avast free version for my desktop PC. The problem is the Server system. There is no free version of Avast. What do you suggest? I am using server for education, not for business.

Thank you.

What do you think about Defender UI?

And this is why we trust Nortons and Mcafee ... hahahaha... yeah, right!

I thought redline got raided, does it still work?

Will zero trust on defender ui or configure defender help improve detection rates?

that 22% can happen to be real at any detection so is pretty bad if u ask me.

I wonder if you can made video on HP Wolf Security.

I would like to see the upgraded version of Windows Defender go against it. with the 365 subscription Or I think it's upgraded, I'm not sure.

What antivirus would you recommend? Which one is the best and how much does it cost?

I'm disappointed with the 85% result. You should address the issue of a Chinese hacking group accessing American telecommunications. The FBI and NSA recommend using WhatsApp and Signal for secure communication.

Do you think 2FA not good enough to protect my gmail ?

78% + a bit of common sense and y'all be safe.

how about build in mrt scanner

so... ignoring norton, the 2 others detected only 3 more... 81%... not bad defender... 😅

What about DefenderUI?

What do you recommend instead of Windows Defender?

Awesome Thank you for Sharing! 💯✴

can you try this with defender UI

I wonder is this the Paid version Microsoft 365 where Microsoft offer paid defender feature or is it still same as free version.

I think people use windows defender as their only AV because so many online technicians and self-proclaimed "IT gurus" are hyping it as the best free alternative to paid AV programs .. that it's highly effective and lightweight, is not bundled with additional software and of course knows the Windows inside out because it is Microsoft's own product. I personally have turned it off completely, btw :))

Most of the KZbinr got hack got me thinking Google does not do a great job as in the user can't choose only 1 authentication method like just using the authentication app and also I'm not sure why Google can't let user lock down on the changes on Password/Phone Number/Backup Email ect like changing any of the above have a strict rule where you must enter the 6 digit authentication app. Also why Google can't make a browser extension where instead of cookie it uses browser extension as a method of session authentication and for their chrome browser they can make it baked into it? Also why Google or any websites does not just make use of our phone as an alternative authentication to access our account like our phone now all have bake in fingerprint or apple id as in this alternative method once its done it's lock permanently

Hi Please test the Kaspersky Anti-Ransomware tool and make a video about it