Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Absolutely the most powerful antivirus?
Message
<blockquote data-quote="Andy Ful" data-source="post: 842830" data-attributes="member: 32260"><p>You could get the stellar results in this test with any AV, when using Edge Dev with SmartScreen (block downloads with low prevalence). In the test, the malware samples were downloaded to the system through the Chrome browser from a temporary server and next executed.</p><p></p><p>This test shows what could happen if the AV Lab testers have joined the Dark Side. The way of preparing the malware is rarely used in the wild (python script to EXE). Also, the delivery method of Banking malware is different in the wild. The infection chain in the wild is more complex. It uses several infection stages and many suspicious actions, which can be detected by non-Banking AV modules before the Banking payload will enter the system.</p><p>If you would apply ConfigureDefender settings for WD, then in most cases the infection chain in the wild will be broken before the Banking payload could enter the system.</p><p></p><p>So, this test is similar to testing what will happen if you will drive 120 km/h in town when ignoring traffic lights. That would be very helpful as a crash test, but it will not be helpful to show which car is safer when driving with 60 km/h and respecting traffic lights.</p><p></p><p>The test (in the case of WD) showed that WD was not especially efficient in mitigating the post-infection techniques used by Banking malware. These results are probably not valid anymore, because soon after this test Microsoft extended WD protection and added many important post-infection behavioral features. Most of them will break the infection chain before loading the Banking payload, but some can also fight the payload directly.</p><p>[URL unfurl="true"]https://www.microsoft.com/security/blog/2019/10/08/in-hot-pursuit-of-elusive-threats-ai-driven-behavior-based-blocking-stops-attacks-in-their-tracks/[/URL]</p><p></p><p>If you use WD on the well updated Window 10 + ConfigureDefender MAX Protection level + native Edge only for Banking activities and Edge Chromium for daily browsing, then your are probably as safe as with 3rd party AV with dedicated Banking module.</p><p></p><p>If you seek something similar to Windows built-in Banking module, then you can run native Edge in Windows Sandbox (Windows 10 Pro, Enterprise or Education editions) and only for banking activities (no other web browsing during banking session).</p><p></p><p>Still, using the paid solution like for example Norton Security will be both safe and more comfortable.<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite130" alt="(y)" title="Thumbs up (y)" loading="lazy" data-shortname="(y)" /></p></blockquote><p></p>
[QUOTE="Andy Ful, post: 842830, member: 32260"] You could get the stellar results in this test with any AV, when using Edge Dev with SmartScreen (block downloads with low prevalence). In the test, the malware samples were downloaded to the system through the Chrome browser from a temporary server and next executed. This test shows what could happen if the AV Lab testers have joined the Dark Side. The way of preparing the malware is rarely used in the wild (python script to EXE). Also, the delivery method of Banking malware is different in the wild. The infection chain in the wild is more complex. It uses several infection stages and many suspicious actions, which can be detected by non-Banking AV modules before the Banking payload will enter the system. If you would apply ConfigureDefender settings for WD, then in most cases the infection chain in the wild will be broken before the Banking payload could enter the system. So, this test is similar to testing what will happen if you will drive 120 km/h in town when ignoring traffic lights. That would be very helpful as a crash test, but it will not be helpful to show which car is safer when driving with 60 km/h and respecting traffic lights. The test (in the case of WD) showed that WD was not especially efficient in mitigating the post-infection techniques used by Banking malware. These results are probably not valid anymore, because soon after this test Microsoft extended WD protection and added many important post-infection behavioral features. Most of them will break the infection chain before loading the Banking payload, but some can also fight the payload directly. [URL unfurl="true"]https://www.microsoft.com/security/blog/2019/10/08/in-hot-pursuit-of-elusive-threats-ai-driven-behavior-based-blocking-stops-attacks-in-their-tracks/[/URL] If you use WD on the well updated Window 10 + ConfigureDefender MAX Protection level + native Edge only for Banking activities and Edge Chromium for daily browsing, then your are probably as safe as with 3rd party AV with dedicated Banking module. If you seek something similar to Windows built-in Banking module, then you can run native Edge in Windows Sandbox (Windows 10 Pro, Enterprise or Education editions) and only for banking activities (no other web browsing during banking session). Still, using the paid solution like for example Norton Security will be both safe and more comfortable.(y) [/QUOTE]
Insert quotes…
Verification
Post reply
Top