AV-TEST ATP Test: Defending Against Data Stealers and Ransomware (October 2023)

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Gandalf_The_Grey

Level 82
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,189
Tests in the lab at AV-TEST quickly show that although data stealers and ransomware always pursue the same end goal, they use very different approaches in their attempts to attack successfully. For each type of malware, a variety of attacking techniques used by attackers can be identified. In the latest Advanced Threat Protection test, ten different malware samples attacked the test systems in ten real-life scenarios. In response, the 22 security solutions for corporate users and consumer users were required to also identify the “self-signing of binary files”, “stolen signature identity”, and “misuse of the Microsoft Software Installer” techniques. The test results rapidly show that the security solutions examined are usually extremely well-trained and are therefore able to recognize all attacking techniques and protect the access points under Windows.

When malware strikes a system, it uses a tactic of disguise, deception and attack. Based on this tactic, cyber gangsters have now developed and perfected a variety of different approaches to attacking Windows systems. Some of these special attacking techniques include self-signing binary files and using stolen signature identities. Another sneaky approach involves misusing the Microsoft Software Installer to execute malware. In the latest Advanced Threat Protection test, the experts in the laboratory ran ten real-life scenarios in which the test systems were attacked by five data stealer samples and five ransomware samples.

The 22 security products for corporate users and consumer users were set the task of demonstrating how well they could fend off the ten ransomware and data stealer samples in the test conducted in September and October 2023. For each attack, the lab awarded a maximum of 3 points for the threat prevention of the tested solutions, and the points were added together after all ten scenarios. In the test table, the highest value in the protection score was therefore 30 points. The test on company products examined the solutions by Acronis, AhnLab, Avast, Check Point, Kaspersky (with two versions), Malwarebytes, Microsoft, Seqrite, Symantec, WithSecure and VMware.

The security products examined for home users came from AhnLab, Avast, AVG, F-Secure, Kaspersky, Malwarebytes, McAfee, Microsoft, Norton and PC Matic.
Interesting to see that some block all initial access (for example Microsoft Defender Antivirus), others only on execution (for example Norton 360) and others are a mix, but except 1, all block all attacks in this test.
 

simmerskool

Level 36
Verified
Top Poster
Well-known
Apr 16, 2017
2,547
Interesting to see that some block all initial access (for example Microsoft Defender Antivirus), others only on execution (for example Norton 360) and others are a mix, but except 1, all block all attacks in this test.
Good test (I guess) but it makes me wonder how ransomware is such a big problem if eg MS Defender seems to do such a good job blocking this malware, and it is part of windows OS... :unsure:
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top