1.Some do, not all, many come here to learn.

2. Some vendors push, not all. Outside of a couple of security forums I frequent I rarely see any vendors pushing anything. Of course I don't look at my phone 24/7.

3. Some paranoids compete, the rest of us just sit back and laugh at them.
 

Andy Ful

Level 51
Verified
Trusted
Content Creator
Defender did horrible in this test, I wonder how it would fare using Configure Defender, this test is making me re-think my use of Defender now.
You could get the stellar results in this test with any AV, when using Edge Dev with SmartScreen (block downloads with low prevalence). In the test, the malware samples were downloaded to the system through the Chrome browser from a temporary server and next executed.

This test shows what could happen if the AV Lab testers have joined the Dark Side. The way of preparing the malware is rarely used in the wild (python script to EXE). Also, the delivery method of Banking malware is different in the wild. The infection chain in the wild is more complex. It uses several infection stages and many suspicious actions, which can be detected by non-Banking AV modules before the Banking payload will enter the system.
If you would apply ConfigureDefender settings for WD, then in most cases the infection chain in the wild will be broken before the Banking payload could enter the system.

So, this test is similar to testing what will happen if you will drive 120 km/h in town when ignoring traffic lights. That would be very helpful as a crash test, but it will not be helpful to show which car is safer when driving with 60 km/h and respecting traffic lights.

The test (in the case of WD) showed that WD was not especially efficient in mitigating the post-infection techniques used by Banking malware. These results are probably not valid anymore, because soon after this test Microsoft extended WD protection and added many important post-infection behavioral features. Most of them will break the infection chain before loading the Banking payload, but some can also fight the payload directly.

If you use WD on the well updated Window 10 + ConfigureDefender MAX Protection level + native Edge only for Banking activities and Edge Chromium for daily browsing, then your are probably as safe as with 3rd party AV with dedicated Banking module.

If you seek something similar to Windows built-in Banking module, then you can run native Edge in Windows Sandbox (Windows 10 Pro, Enterprise or Education editions) and only for banking activities (no other web browsing during banking session).

Still, using the paid solution like for example Norton Security will be both safe and more comfortable.(y)
 
Last edited:

notabot

Level 15
You could get the stellar results in this test with any AV, when using Edge Dev with SmartScreen (block downloads with low prevalence). In the test, the malware samples were downloaded to the system through the Chrome browser from a temporary server and next executed.

This test shows what could happen if the AV Lab testers have joined the Dark Side. The way of preparing the malware is rarely used in the wild (python script to EXE). Also, the delivery method of Banking malware is different in the wild. The infection chain in the wild is more complex. It uses several infection stages and many suspicious actions, which can be detected by non-Banking AV modules before the Banking payload will enter the system.
If you would apply ConfigureDefender settings for WD, then in most cases the infection chain in the wild will be broken before the Banking payload could enter the system.

So, this test is similar to testing what will happen if you will drive 120 km/h in town when ignoring traffic lights. That would be very helpful as a crash test, but it will not be helpful to show which car is safer when driving with 60 km/h and respecting traffic lights.

The test (in the case of WD) showed that WD was not especially efficient in mitigating the post-infection techniques used by Banking malware. These results are probably not valid anymore, because soon after this test Microsoft extended WD protection and added many important post-infection behavioral features. Most of them will break the infection chain before loading the Banking payload, but some can also fight the payload directly.

If you use WD on the well updated Window 10 + ConfigureDefender MAX Protection level + native Edge only for Banking activities and Edge Chromium for daily browsing, then your are probably as safe as with 3rd party AV with dedicated Banking module.

If you seek something similar to Windows built-in Banking module, then you can run native Edge in Windows Sandbox (Windows 10 Pro, Enterprise or Education editions) and only for banking activities (no other web browsing during banking session).

Still, using the paid solution like for example Norton Security will be both safe and more comfortable.(y)
Chrome also puts MotW - shouldn't they be blocked, at least from running, in this setup as well ?
 

LDogg

Level 30
Verified
None. Because what works for one configuration or laptop. desktop et al, will not work for someone else. Plus ease of use, paranoia, resource uptake (CPU usage as well), GUI etc etc.

The question should be, outside of paranoia what do you think if the best AV you've experienced?

~LDogg
 

Burrito

Level 22
Verified
You could get the stellar results in this test with any AV, when using Edge Dev with SmartScreen (block downloads with low prevalence). In the test, the malware samples were downloaded to the system through the Chrome browser from a temporary server and next executed.

This test shows what could happen if the AV Lab testers have joined the Dark Side. The way of preparing the malware is rarely used in the wild (python script to EXE). Also, the delivery method of Banking malware is different in the wild. The infection chain in the wild is more complex. It uses several infection stages and many suspicious actions, which can be detected by non-Banking AV modules before the Banking payload will enter the system.
If you would apply ConfigureDefender settings for WD, then in most cases the infection chain in the wild will be broken before the Banking payload could enter the system.

So, this test is similar to testing what will happen if you will drive 120 km/h in town when ignoring traffic lights. That would be very helpful as a crash test, but it will not be helpful to show which car is safer when driving with 60 km/h and respecting traffic lights.

The test (in the case of WD) showed that WD was not especially efficient in mitigating the post-infection techniques used by Banking malware. These results are probably not valid anymore, because soon after this test Microsoft extended WD protection and added many important post-infection behavioral features. Most of them will break the infection chain before loading the Banking payload, but some can also fight the payload directly.

If you use WD on the well updated Window 10 + ConfigureDefender MAX Protection level + native Edge only for Banking activities and Edge Chromium for daily browsing, then your are probably as safe as with 3rd party AV with dedicated Banking module.

If you seek something similar to Windows built-in Banking module, then you can run native Edge in Windows Sandbox (Windows 10 Pro, Enterprise or Education editions) and only for banking activities (no other web browsing during banking session).

Still, using the paid solution like for example Norton Security will be both safe and more comfortable.(y)

Yes, this is it.

Words of wisdom from Andy.
 

notabot

Level 15
They were blocked by SmartScreen, but testers bypassed the SmartScreen alert to show the capabilities of tested AVs.
ok, on one hand it's fair if they want to test the AV in isolation, on the other hand Microsoft does not ship the AV in isolation and there are several modules preventing the execution of this payload.

Btw the infection chain would likely also be stopped by ASR rule on prevalence, age, trusted list criteria.

Still it's a fair point, that post-infection, there's less damage mitigation for this sort of trojan, whether that's interesting or relevant in real-world situations is a different matter.
 

Aggravatorx

Level 3
Verified
I remember awhile back cant remember which security company did it but they were caught putting out a virus so people would all be in a
panic and start purchasing security software and the frenzy began you need anti virus so many viruses out there and 100 + security programs
appeared who is better ect we all know this were here reading everyday for the average person just going online i say common knowledge
for the person in moms or dads basement 15-40 and porn addict or pirate software then yes you need the big guns but no matter what i use
i have not every seen a virus only fp and thats from king zemana (omg time to leave the basement) lol
 

notabot

Level 15
I remember awhile back cant remember which security company did it but they were caught putting out a virus so people would all be in a
panic and start purchasing security software and the frenzy began you need anti virus so many viruses out there and 100 + security programs
appeared who is better ect we all know this were here reading everyday for the average person just going online i say common knowledge
for the person in moms or dads basement 15-40 and porn addict or pirate software then yes you need the big guns but no matter what i use
i have not every seen a virus only fp and thats from king zemana (omg time to leave the basement) lol
I haven't seen a virus in recent years and I've only used macs (without an AV) or mostly Windows Defender, and back when it was Microsoft Security Essentials it wasn't the security powerhouse that it is today.
Safe habits, use only licensed (or open source) software, always update your software, prefer webmail to a local client, use a mainstream browser and be weary of sites you've never heard of before, this will keep the vast majority of infection sequences away.
 

blackice

Level 14
Verified
I haven't seen a virus in recent years and I've only used macs (without an AV) or mostly Windows Defender, and back when it was Microsoft Security Essentials it wasn't the security powerhouse that it is today.
Safe habits, use only licensed (or open source) software, always update your software, prefer webmail to a local client, use a mainstream browser and be weary of sites you've never heard of before, this will keep the vast majority of infection sequences away.
This is almost my exact same experience.
 

Andy Ful

Level 51
Verified
Trusted
Content Creator
I haven't seen a virus in recent years and I've only used macs (without an AV) or mostly Windows Defender, and back when it was Microsoft Security Essentials it wasn't the security powerhouse that it is today.
Safe habits, use only licensed (or open source) software, always update your software, prefer webmail to a local client, use a mainstream browser and be weary of sites you've never heard of before, this will keep the vast majority of infection sequences away.
Some other things can be probably added, but I would like to mention the knowledge about recognizing the spam, especially in businesses and organizations.
 

Antus67

Level 4
Verified
I've been on the web since1999 gone thru 4 computeers used numerous antivirus software have not been infected once...........luck of the Irish as the saying goes.
Andy Ful said it all safe habits and surfing
 

Umbra

Level 21
Verified
The only "virus" I saw was 20cyears ago, in factit was just a PUP and Avast failed to remove it...
Since all I know about malware were those I collected in MDL (famous at that time) and put on my system lol.