Serious Discussion Turtle‘s Enhanced Realworld Tests ( updated )

ShenguiTurmi

ShenguiTurmi

Level 3
Thread author
Well-known
Feb 28, 2023
128
harlan4096 said:
Also, We don't allow malware video tests that are not in English, since it's the official language in the forum... We can't understand anything in those tests...
Click to expand...
I tried to use English as much as possible in all my multi-language security software, as well as the content of this post, but the problem with the video wasn't very easy to solve, because I can't access Youtube/Odysee in China so I had no way to upload the video to those sites.
Perhaps just keeping the results and not posting the video is an option?
 
  • Like
Reactions: Nevi, simmerskool, [correlate] and 3 others
harlan4096

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,675
As for the free versions, most of them have no difference in protection between the free version of the product's functionality and the paid version (something like Kaspersky Free has exactly the same functionality as the paid basic version in terms of protection), while others, such as CatchPulse, have a whitelisting policy for the paid version and have no possibility of testing it.
Click to expand...

I can't agree... You talk about KFree same as KStandard/KPlus (Intrusion Prevention + FireWall)??? but then I see BitDefender paid also tweaking some of its settings to Aggressive??? I don't think this is even remotely a fair comparison 🙄 and the same for other products with tweaked settings to Aggressive and/or enabling not default settings...
 
  • Like
Reactions: Nevi, simmerskool, Berny and 4 others
ShenguiTurmi

ShenguiTurmi

Level 3
Thread author
Well-known
Feb 28, 2023
128
harlan4096 said:
I can't agree... You talk about KFree same as KStandard/KPlus (Intrusion Prevention + FireWall)??? but then I see BitDefender paid also tweaking some of its settings to Aggressive??? I don't think this is even remotely a fair comparison 🙄 and the same for other products with tweaked settings to Aggressive and/or enabling not default settings...
Click to expand...
If we're talking only about Kaspersky, this is an additional case.
Because of Kaspersky's activation policy, you can only activate the local version in China and Russia, not the other versions (that's why Kaspersky was one of the few software that used the Chinese version in my tests), and Kaspersky's paid version in China is 21.3, while the other countries and the free version is 21.14, which is a very long time difference between the two versions.
So my choice is to write that it is the free version, maybe not fair, but I have made it clear.

This is a trial download link from Kaspersky China website.
You can see it version is 21.3.10.391.......
 
  • Like
Reactions: [correlate]
ShenguiTurmi

ShenguiTurmi

Level 3
Thread author
Well-known
Feb 28, 2023
128
harlan4096 said:
You can install an English version in trial for the test, I'm Spanish but here I have to speak in English, and also in my VMs I have the system and the products I test in English :)
Click to expand...
I understand what you mean and I know what you want me to do, but unfortunately, you won't encounter the situation I encountered. This is not a problem with learning a language (as you can see, I used the English version completely in Avast testing because Avast does not have a region lock).

QQ截图20231021161801.png

This is why my VM cannot be in English, and I believe MalwareTips will not allow me to use illegal authorization to publish videos and posts. (From the translation on the right, just for you to read, not the system language).

QQ截图20231021162329.png

That's why my Kaspersky is not in English.
This is a regional lock. If I use a Chinese credit card but the country fills in other information, it will inevitably be detected as fraudulent by NEXWAY and the order will be cut off. However, the Chinese version trial does not require placing an order or filling out credit card information.

I don't want to argue too much because you don't understand what happened.
Just like if I use Kaspersky's paid version, but the version is 21.3, the problem becomes why I want to use the old version.
 
  • Like
Reactions: [correlate], Shadowra and ForgottenSeer 97327
F

ForgottenSeer 97327

harlan4096 said:
I can't agree... You talk about KFree same as KStandard/KPlus (Intrusion Prevention + FireWall)??? but then I see BitDefender paid also tweaking some of its settings to Aggressive??? I don't think this is even remotely a fair comparison 🙄 and the same for other products with tweaked settings to Aggressive and/or enabling not default settings...
Click to expand...
Ahhh it must hurts when your baby is not treated fair. ;) I think you are right all products should be tested on default, but as the OP posted some corporate products need configuration and some(geo) restrictions can't be overcome by the OP. So I would plead some leniency towards the language restrictions.

Maybe next test split home products from corporate products (@ShenguiTurmi), thanks for publishing the results in graphs.
 
  • Like
  • HaHa
  • +Reputation
Reactions: simmerskool, Zartarra, Kongo and 4 others
ShenguiTurmi

ShenguiTurmi

Level 3
Thread author
Well-known
Feb 28, 2023
128
harlan4096 said:
It's as simple as this: if I go to Kaspersky paid product and set: Intrusion Prevention module to: Unknown apps to UnTrusted, I get "100% Fort Knox" result...
Click to expand...
I haven't adjusted any settings for consumer grade products, except for TrendMicro, as it has automatic high sensitivity.
For Enterprise product:

www.av-comparatives.org

Advanced Threat Protection Test 2022 - Enterprise

Check out AV-Comparatives' newly released Advanced Threat Protection Test 2022 for Enterprise security products
www.av-comparatives.org www.av-comparatives.org
As you can see, AVC even adjusted Crowdstrike to Extra Aggressive.

Max90 said:
Ahhh iit must hurts when your baby is not treated fair. ;) I think you are right all products should be tested on default, but as the OP posted some corporate products need configuration, meaning comparatives including corporate products are never fairly tested.

Maybe next test split home products from corporate products (@ShenguiTurmi), thanks for publishing the results in graphs.
Click to expand...
Thx. Sure, This in first time I add Enterprise product for my test. I will separate them in the future.
 
  • Like
Reactions: [correlate]
harlan4096

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,675
There is no babies here...

I think you are right all products should be tested on default, but as the OP posted some corporate products need configuration, meaning comparatives including corporate products are never fairly tested.
Click to expand...

I don't agree, to do some additional configuration is one thing, but, for example, set to Aggressive in only ones, and NOT the others, or just enable some non default in ones and not in others, IT IS A DIFFERENT THING!
 
  • Like
  • +Reputation
Reactions: simmerskool, Berny, Kongo and 6 others
ShenguiTurmi

ShenguiTurmi

Level 3
Thread author
Well-known
Feb 28, 2023
128
harlan4096 said:
There is no babies here...



I don't agree, to do some additional configuration is one thing, but, for example, set to Aggressive in only ones, and NOT the others, or just enable some non default in ones and not in others, IT IS A DIFFERENT THING!
Click to expand...
As I mentioned earlier, the enterprise level settings I use are those used in daily life. This is the highest setting for avoiding excessive false positives in daily work.
Enterprise grade products are never ready to use out of the box. If you keep them all as they are, you can even get a Crowdstrike and Elastic that are completely unprotected because their default policy does not include Anti Malware!
 
  • Like
Reactions: [correlate] and Shadowra
harlan4096

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,675
  • Like
  • Applause
Reactions: simmerskool, Berny, [correlate] and 4 others
harlan4096

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,675
I haven't used any contact as a K. forum Admin (I'M JUST A HUMBLE MOD THERE) to get that link, if You go here:

eap.kaspersky.com

Kaspersky\VPN\KSOS 21.15.8.493 RC

Official build has arrived: https://dm.s.kaspersky-labs.com/en/Kaspersky4Win/21.15.8.493/startup.exe
eap.kaspersky.com eap.kaspersky.com

A user posted that link, just changing part of the link, You can get others country regions downloads, as I explained yesterday here:

malwaretips.com

Serious Discussion - Kaspersky\VPN\KSOS 2021MR15 betas

What's new in the latest version of the application The latest version of the application introduces the following new features and improvements: You can now search the functionality of the application. Improved Smart Home Monitor. The user's main router can now be monitored for open ports...
malwaretips.com malwaretips.com
 
  • Like
  • Applause
Reactions: simmerskool, Berny, [correlate] and 5 others
Shadowra

Shadowra

Level 34
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,312
Max90 said:
Ahhh it must hurts when your baby is not treated fair. ;) I think you are right all products should be tested on default, but as the OP posted some corporate products need configuration and some(geo) restrictions can't be overcome by the OP. So I would plead some leniency towards the language restrictions.

Maybe next test split home products from corporate products (@ShenguiTurmi), thanks for publishing the results in graphs.
Click to expand...

I don't think @harlan4096 would enjoy dismantling @ShenguiTurmi for free because Kaspersky failed at home.
I managed to watch one of his videos and the protocol is really nice: he tries to penetrate the system as best he can with samples or Powershell scripts...

Then for his country, I won't draw a picture, but China blocks a lot of sites. But at least having Windows in English would be a good start, we're here to help each other, aren't we?

Translated with www.DeepL.com/Translator (free version)
 
  • Like
Reactions: simmerskool, Zartarra, ZeroDay and 7 others
F

ForgottenSeer 97327

Shadowra said:
I don't think @harlan4096 would enjoy dismantling @ShenguiTurmi for free because Kaspersky failed at home. (1)


Then for his country, I won't draw a picture, but China blocks a lot of sites. But at least having Windows in English would be a good start, we're here to help each other, aren't we? (2)
Click to expand...
1. That is why I posted: I agree home products should be tested on default

2. That is why I posted: I would plead some leniency towards the language restrictions.
 
  • Like
Reactions: simmerskool, [correlate], Dave Russo and 2 others
ShenguiTurmi

ShenguiTurmi

Level 3
Thread author
Well-known
Feb 28, 2023
128
Shadowra said:
I don't think @harlan4096 would enjoy dismantling @ShenguiTurmi for free because Kaspersky failed at home.
I managed to watch one of his videos and the protocol is really nice: he tries to penetrate the system as best he can with samples or Powershell scripts...

Then for his country, I won't draw a picture, but China blocks a lot of sites. But at least having Windows in English would be a good start, we're here to help each other, aren't we?

Translated with www.DeepL.com/Translator (free version)
Click to expand...
Sincerely thank you.
I initially conducted tests to rank the effectiveness of various security software, but after my second test, WiseVector proactively contacted me and I discussed the testing process with them. Then, they released a new version to completely prevent Empire's file less attacks.
Afterwards, Huorong/QiAnXin also contacted me and I reviewed the entire testing process with them, believing that it would also be helpful to them. Now that's my main purpose, that's why I'm continuing this test. So starting from the third issue, I will not only publish the results on security forums in China, but also on MalwareTips, because I hope to write in detail how the samples were generated and what modifications were made, so that security software vendors can directly follow it to enhance their protection.
I can use these tools and hackers can also use them, so enhancing protection is not a bad thing for anyone, which is also the reason why I am disclosing it in detail.
I don't work for any security software vendor, and I'm not a full-time researcher. I just want to do my best to make the internet more secure. That's why I never provide ranking charts for the tests I publish, but I try to provide detailed explanations of the attack process and sample sources.

Because of this original intention, I seem to have overlooked the people who hope to use my tests as rankings, and I will pay attention to them in the future. Start by distinguishing between enterprise level and consumer level.
 
  • Like
  • Thanks
  • Hundred Points
Reactions: Zartarra, ForgottenSeer 97327, [correlate] and 3 others
ShenguiTurmi

ShenguiTurmi

Level 3
Thread author
Well-known
Feb 28, 2023
128
harlan4096 said:
I haven't used any contact as a K. forum Admin (I'M JUST A HUMBLE MOD THERE) to get that link, if You go here:

eap.kaspersky.com

Kaspersky\VPN\KSOS 21.15.8.493 RC

Official build has arrived: https://dm.s.kaspersky-labs.com/en/Kaspersky4Win/21.15.8.493/startup.exe
eap.kaspersky.com eap.kaspersky.com

A user posted that link, just changing part of the link, You can get others country regions downloads, as I explained yesterday here:

malwaretips.com

Serious Discussion - Kaspersky\VPN\KSOS 2021MR15 betas

What's new in the latest version of the application The latest version of the application introduces the following new features and improvements: You can now search the functionality of the application. Improved Smart Home Monitor. The user's main router can now be monitored for open ports...
malwaretips.com malwaretips.com
Click to expand...
Thank you for providing the 23.15 beta version. I activated it with KTS license and it became K Plus.
Unfortunately, there was no difference in the results. Because I couldn't post the video, I randomly took a few screenshots.
If you can contact Kaspersky officials, I strongly recommend that you provide feedback on the issue with Nimbo C2. They can indeed generate VHO detection on the original Nimbo C2 exe, but it is not effective on the DLL. And unless BypassUAC is attempted, System Watcher will also be completely blind to Nimbo C2's activities, including keylog and file transfer.
QQ截图20231021172231.png

QQ截图20231021172526.png

QQ截图20231021174821.png
 
  • Like
  • Thanks
Reactions: [correlate], Dave Russo, harlan4096 and 4 others

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
    • Applause
AV-TEST Fending off Ransomware even Against State-of-the-art Attack Techniques
Replies
17
Views
1,696
Security Statistics and Reports
NormanF
N
M
    • Like
    • Applause
    • +Reputation
Improving text editing on the web, one feature at a time
Replies
0
Views
119
Microsoft Edge
Microsoft Edge Team
M
Guilhermesene
    • Like
    • Applause
Hot Take [Tutorial] Update Kaspersky when starting the system automatically
Replies
9
Views
744
Kaspersky
Jonny Quest
Jonny Quest

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top