너무 길이서 다 읽어볼 수 없고 이것도 대충 읽어보면 Defender가 그렇게 좋진 못한듯 합니다.. 뭐 적어도 랜섬웨어 방어에서는!!
Kaspersky vs Windows Defender: Test vs Malware and Ransomware with 600+ Malware Links. Do you need a 3rd party antivirus or stick to windows defender? This video should highlight some of the differences.
Kaspersky is one of the members of our annual Mal X programme so they receive additional test reports and data from us. However, all public tests are conducted fully independently with no interference.
hello and welcome to the PC security
0:02 Channel as you can see for this test we
0:04 have two VMS side by side on the left we
0:07 have Windows Defender set up and ready
0:09 to go on the right we have Kaspersky
0:11 standard a well-known third-party AV
0:13 we're going to test both these systems
0:16 against an array of malware directly
0:18 from the source we have automation
0:20 scripts that are going to visit hundreds
0:23 of malware websites and we're going to
0:25 see what the user experience looks like
0:27 on both systems as that's happening so
0:29 without further Ado let's get started
0:31 and We're Off to the Races the first
0:33 test is underway as you can see both
0:35 products are blocking threats we're
0:38 seeing alerts from both Windows Defender
0:40 and Kaspersky now while this is running
0:42 I just want to mention a couple of
0:44 things about the environment so settings
0:46 wise everything is turned on for Windows
0:49 Defender that includes blocking
0:51 potentially unwanted programs blocking
0:54 suspicious apps app and browser control
0:56 as you can see is turned on on the side
0:58 of Kaspersky it's pretty much the same
1:00 so we have blocking of potentially
1:02 malicious tools now already we've got a
1:06 few differences between the products so
1:07 Kaspersky of course has a different
1:10 reporting mechanism it's deleting
1:12 objects in real time and telling us
1:14 exactly which file is affected whereas
1:16 with Windows we just see across and then
1:19 some notifications about malware being
1:21 detected and then we have to click on
1:25 view details to see exactly what the
1:28 malware is by the way if you're noticing
1:30 the numbers on the left for links not
1:34 particularly synchronized that's because
1:36 we're running this multi-threaded so
1:38 we're starting multiple downloads at the
1:40 same time some of them may finish
1:42 earlier some of them may finish later
1:44 and that's why the numbers may not be
1:46 sequential but that's totally fine the
1:48 test is running as expected also worth
1:50 noting that Kaspersky of course has a
1:53 lot more granularity in its settings and
1:56 things that you can modify within the
1:58 fall antivirus system
1:59 that's one of the differences between
2:01 Windows Defender and some third-party
2:04 AVS is that Windows Defender is still a
2:07 bit Limited in terms of the UI another
2:09 thing worth noting is that in the case
2:11 of Kaspersky did see some web alerts in
2:13 the case of links directly being blocked
2:16 as we're trying to visit them I didn't
2:18 see anything similar with Windows
2:19 Defender but we're gonna find out
2:21 because the script does detect if a
2:23 download is blocked directly we are
2:25 going to see those numbers once the task
2:27 is complete now in the case of Kaspersky
2:30 we have few threats that still need to
2:32 be resolved apply to all delete and that
2:35 should take care of that I'm gonna do
2:37 the same for everything else also a
2:39 quick disclaimer while the tests are
2:40 running Kaspersky is a member of our
2:43 malix program which means they receive
2:45 additional reports and test data from us
2:48 however every public test you see is
2:51 always conducted independently and
2:53 there's no interference from anybody in
2:55 fact even I have no idea what's going to
2:57 happen here interestingly both tests
2:59 seem to finish at pretty much exactly
3:02 the same time we visited 670 URLs I
3:06 believe the threshold was a thousand but
3:08 of course we're only visiting URLs that
3:11 are going to give us an exe download
3:13 Kaspersky has blocked 2.09 percent of
3:17 links Windows 0.45 that's only counting
3:20 links that just could not be downloaded
3:22 directly so I did expect it to be low in
3:26 the case of Windows Defender as you can
3:28 see some pups are found so we do have
3:31 that setting enabled we're trying to
3:33 resolve them but it is a bit slow to
3:35 respond as you can see in the case of
3:37 Kaspersky everything seems to be already
3:39 resolved another thing worth noting is
3:42 the final number of files we were able
3:44 to successfully download so on the right
3:47 we have 79 files remaining we're still
3:50 waiting for the numbers on Windows
3:51 Defender side because Windows Defender
3:53 is still actively removing threats
3:56 and this brings us to one of the issues
3:59 here so as you can see Windows Defender
4:01 UI does start to get very glitchy when
4:04 you run out of space in terms of the
4:06 threats being reported and I just feel
4:09 like this should be resolved in a
4:12 product that's part of the OS like
4:14 surely we can get a number of threats
4:17 detected and a better UI to see the
4:20 different details and you know not this
4:23 buggy mess of a flashing screen and then
4:26 iterating over and over again I mean
4:29 just look at it I'm trying to resolve
4:31 these threats I'm clicking on start
4:32 actions
4:34 for a moment it says feel free to
4:37 continue using your system nothing to
4:39 worry about and then a few moments later
4:41 the screen starts flashing and we're
4:43 seeing threats again and despite me
4:46 um several times clicking on remove on
4:48 this file it's just not resolved it
4:51 would also be a bit unnerving as a user
4:53 if this was my main system and I was
4:56 actually worried about the malware and
4:58 that's the second time I'm clicking on
5:00 remove for the pup I guess part of it is
5:03 also that Windows Defender is slow in
5:06 dealing with these threats and it's not
5:08 able to report effectively while it's in
5:11 the process of removal but anyway we're
5:13 gonna give it its time and we'll see
5:16 and fondly now just the UI just crashes
5:20 if we take a look at the folders now
5:22 we've got over 300 files still on the
5:25 Windows Defender side 79 on side of
5:27 Kaspersky but of course Windows Defender
5:29 is still removing stuff and finally
5:32 we've got the numbers for Windows
5:34 Defender and it seems it removed 476
5:37 with 138 remaining while I say that if
5:40 you look at the folder there are 122
5:43 items so it does seem like Windows
5:44 Defender removed a few more and we're
5:46 still getting alerts so perhaps even
5:49 though our script thinks it is complete
5:52 it looks like Windows Defender is still
5:54 removing threats screen is still
5:56 flashing so I'm just going to give it
5:58 some more time Meanwhile we're gonna do
6:00 a false scan on the side of Kaspersky
6:02 we're also going to do the same with
6:04 Windows Defender when it's complete just
6:06 to make sure there are no additional
6:07 threats that either of these products
6:09 detects it looks like Kaspersky has
6:12 deleted two additional objects
6:13 interestingly it seems like we've got 37
6:17 items left once Windows Defenders
6:19 finally done removing items we're also
6:22 going to do a scan like we did in the
6:23 case of Kaspersky to see if there are
6:25 any additional items that are detected
6:27 but already that's very interesting to
6:29 see that Windows Defender actually ends
6:31 up with a lower number in the end even
6:32 though it's much slower to get there
6:34 seems like we're finally done removing
6:36 threats even though it's hard to say
6:38 with this UI and it's crashed again
6:42 I've clicked the button as many times as
6:44 humanly possible and we're still left
6:46 with 37 items nothing else is being
6:48 removed so I think we're just gonna call
6:50 it day here now we're also going to
6:52 automate the execution of all of these
6:54 faults on both these systems and then
6:56 we're going to some scans with Hitman
6:58 Pro second opinion scanner to see what
7:00 gets through
7:02 [Applause]
7:07 [Music]
7:09 all right we're back we've executed the
7:12 malware reset the system and now we're
7:15 doing our second opinion scans as you
7:16 can see multiple things were installed
7:18 we're seeing new icons on desktop in the
7:21 case of Kaspersky I did see a joke
7:23 malware execute will be interesting to
7:25 see if it's actually malicious if it
7:28 persists and does something with the
7:29 system because there were some annoying
7:31 pop-ups while the test was running but
7:33 if it's just joke malware maybe it just
7:35 goes away on restart the scans are now
7:37 complete and interestingly we've got
7:39 some malware detections on the side of
7:41 Kaspersky but a couple of them are in a
7:44 temp folder and the third one seems like
7:47 an uninstaller of a pup so the uninstall
7:51 program itself is detected in the case
7:53 of Windows Defender we've got a lot of
7:56 registry keys remnants from re-image
7:59 repair so nothing really serious in
8:01 either case even though we have quite a
8:04 few applications installed not a lot of
8:06 them were detected by Hitman Pro either
8:08 in both cases we have coin Surf and
8:10 chrominus icons on desktop couple more
8:13 icons in the case of Kaspersky again I
8:16 don't really see anything serious in
8:19 either case unless the uninstall.exe is
8:22 a fake Trojan or something like that
8:24 which is the only file we have outside
8:26 of tem files
8:28 so we're just gonna explore it and then
8:30 visit the folder run the uninstall.exe
8:33 program
8:34 see if it does something other than
8:36 uninstall oh we've got an eraser and it
8:38 just removed itself so that is
8:41 definitely a false positive that's what
8:43 it looks like because it seems to be an
8:45 actual uninstaller of the program so
8:49 nothing really on the side of Kaspersky
8:51 either other than a couple of temp files
8:53 it's a good result for both products but
8:56 I hope that going through the test in
8:58 this way showed you some of the
9:00 differences and how they function but I
9:02 have to say Windows Defender detecting
9:04 as many pups as it did was definitely a
9:06 surprise for me good to see that it has
9:08 improved on that front now we're going
9:10 to move on to the next part of the test
9:12 which is going to be the ransomware test
9:15 and in this case we have 74 Infamous
9:19 ransomware samples from The Last Five
9:21 Years these are serious threats that are
9:23 going to encrypt our data if given the
9:25 chance we're going to execute them from
9:28 a network directory as we always do
9:30 that's what the dash n is for and we're
9:32 going to see which system is less
9:34 affected so once again we're going to
9:36 run the script on both the systems
9:38 threats are already being blocked
9:41 interestingly in the case of Windows
9:43 Defender we already have ransomware
9:45 taking over the screen we've got app
9:47 Society ransomware we've got something
9:49 else happening on the desktop as well
9:52 that's a little bit concerning
9:54 got some errors popping up you can see
9:56 the proactive detection on the case of
9:58 Kaspersky which is just finished is 100
10:01 case of Windows Defender oh we've got
10:05 black claw running at the moment
10:07 gonna try to shut this down so we can
10:10 look at our script we've got a proactive
10:12 detection of about 92 percent which
10:14 means some faults are being allowed to
10:16 execute we are still seeing the prompt
10:19 ransomware is being found Windows
10:20 Defender is trying to deal with it but
10:22 unfortunately it's not dealing with all
10:24 of them and we've already got some
10:26 Ransom notes on the desktop test is now
10:28 complete as you can see we've got
10:31 five misses that may not seem like a lot
10:34 but even missing one ransomware could
10:36 lead to your Falls being encrypted and
10:39 in this case our faults are indeed
10:42 encrypted by black claw if we take a
10:45 look at the documents inside of
10:47 Kaspersky our faults seem to be all
10:49 right
10:51 if you open up a text file you can see
10:54 the difference between an encrypted file
10:57 and a non-encrypted file as you can see
10:59 you can read the play on the right the
11:01 great works of Shakespeare and on the
11:03 left we have them translated into God
11:06 knows what language
11:07 just kidding that's what encrypted text
11:10 looks like
11:11 and unfortunately in the case of Windows
11:13 Defender our data is encrypted and
11:15 non-recoverable now many of these are
11:17 well-known threats so I would have
11:19 expected Windows Defender to know about
11:21 them to be able to block them but I
11:23 think part of the reason it doesn't do
11:25 very well in these ransomware tests is
11:27 also the way it functions because a lot
11:29 of the time it is sending data to the
11:32 cloud waiting for analysis before it can
11:34 make a decision on the machine and when
11:36 it comes to complex malware that
11:38 executes really fast Windows Defender
11:40 just probably fails to track them the
11:42 reason I say that is because again I've
11:44 seen inconsistent results in this part
11:47 of the test they've been times where
11:48 I've run it where it's detected more
11:50 it's detected less it's also worth
11:52 noting from some of our previous tests
11:55 that the detection ratio with Windows
11:57 Defender gets much worse if you disable
11:59 the internet whereas with Kaspersky you
12:02 can disable the internet you can even
12:04 turn off most of the signature component
12:06 and as long as you just have the system
12:08 Watcher component enabled it is still
12:10 able to at least prevent your data from
12:12 being encrypted I'm not going to rerun
12:14 that test right now because even with
12:16 the internet turned on as you can see
12:18 we've got data encrypted in one side so
12:21 it would feel like beating a dead horse
12:22 but I will link the other tests in the
12:24 description where you can see that
12:26 happening another thing worth noting in
12:28 the case of Windows Defender you have
12:30 controlled folder access which I would
12:33 highly recommend using if you do use it
12:35 because that is one way to at least
12:37 control the damage that can be done by
12:39 ransomware by protecting some of your
12:41 most important folders but of course
12:42 it's not ideal because you can't protect
12:45 all your folders and if you do other
12:47 applications can't access them either so
12:49 I hope you enjoyed this video hope you
12:51 found these results interesting and
12:53 insightful a lot of these tests are
12:55 surprising to me as well because I have
12:58 no idea what's going to happen going
12:59 into them but we will be doing more of
13:01 them in the future so make sure you're
13:03 subscribed if you want to see that
13:05 please like and share the video If you
13:06 enjoyed it of course if you have any
13:08 questions or comments feel free to post
13:10 them down below below I do read all the
13:12 comments I get thank you all so much for
13:15 watching this is Leo and as always stay
13:18 informed stay secure and happy New Year
13:21 everyone