Same old "dog with flees" song again on F-secure and WithSecure.
Tip: you forgot to mention their poor growth and financial situation. Maybe next time just copy a link to your previous post about F-secure?
Analysis of modules for protection of online banking and payments – 2026 edition
- Thread starter Adrian Ścibor
- Start date
Tip: you forgot to mention their poor growth and financial situation. Maybe next time just copy a link to your previous post about F-secure?
F
ForgottenSeer 123960
These tests are base line tests. In no way do they mimick real world usage. They are if you will, stress tests of the product, but barely this to be honest.
I'm willing to bet most of you participating in this thread have not had an infection in quite some time. I'm also willing to bet you have used more than one product during that time. What does this tell you?
If you are going to invest the time, use it to focus on staying informed on current threats, CVEs and Phishing campaigns.
I'm willing to bet most of you participating in this thread have not had an infection in quite some time. I'm also willing to bet you have used more than one product during that time. What does this tell you?
If you are going to invest the time, use it to focus on staying informed on current threats, CVEs and Phishing campaigns.
I see the practical use of being informed about Phishing campaigns and get some education on phishing campaigns, but to start studying them sounds a little over the top.
But you lost me on investing time in CVE's? Using your logic (never had an infection in quite some time) why would people spend time on researching CVE's?
Being informed by professional test organizations seems a less time consuming and more effective way (their knowledge on security is much more advanced).
Disclaimer: I use my own limited knowledge as reference, in no way would I underestimate, dismiss or question the (claimed) knowledge of Divergent on this topic.
Last edited:
Even though its a baseline test i am dissapointed to see the results of trendmicro : they have implimented a.i. recently and the have dedicated sandboxed browser ( payguard ) was the antivirus module set to hypersensitive? Or just stock settings?
F
ForgottenSeer 114717
MRG Effitas does. It still does.
Others did, in the past.
AV-Comparatives and AV-Test, no they do not test banking modes.
Leo: "What is banking mode and how would I test it?"
Me: "Leo, my quote is 500 Euros per hour to teach you. You're already a millionaire. So you can afford it. Or you can figure it out yourself and spend at least $2,000 in time and money per hour using AI., perhaps more. You could also travel to BlackHats and Wild West and other such similar gatherings and spend a lot more money. Estimate is 40 hours or 20,000 Euros - cash money, unless you want me to build your test framework, methodology, and all that. Then 100,000 Euros because I have to bring in a couple others. We'll get you sorted out. You'll come around."
Last edited by a moderator:
F
ForgottenSeer 114717
AMSTO sets a baseline set of standard that members "accept." Some begrudgingly so.
You hit that nail right on the head. Consumers should put in the time and effort to learn and then they can be informed enough to know what tests are about, how they work, why these facts are true, what they're really getting, and protect themselves and those they wish to protect against these:
1. Malicious scripts ("scriptors" to use the @cruelsister word - to hesheit's credit) [NOTE; This category is easiest to mitigate];
2. Exploits (CVEs) and their mitigations;
3. Fileless;
4. Financial transaction attacks (e.g. banking trojans, crypto token and wallet attacks, etc);
5. Supply Chain attacks; and
6. Browser attacks and compromises.
Way too much work?
Then they can learn how to use AI and "get up to speed" on what they need to know within 10 hours or less.
"Figuring out AVs, malware, exploits, AV test labs, how to read an AV test lab test report, and other stuff so I know what I am doing for fun [and being a good informed citizen]."j
F
ForgottenSeer 114717
Phishing links are "up" on average for 2 hours or less on average. Adding this protection capability to any product is worthwhile to security software vendor only up to a certain point.
The objective of security software is not to meet consumers' unrealistic expectations about what a security software should or should not do or what they believe it does or their extrapolations to unrealistic levels of assumed protections. The security software objective is NOT to "Collect it all, to know it all, to build it all, to protect everyone from it all, YESTERDAY." The objective is to provide default allow, with "decent" protection that meets some fuzzy, hotly debated standards in a manner that minimizes support requests, while hiring the least amount of employees possible, minimizing overhead as much as possible, charging the highest market prices for the product possible to earn as much revenue and net profit as possible while leaving buyers to themselves. Nowhere in that objective model is "To protect people from themselves."
For enterprise and governments, the answer to the "We need support" declaration or demand is: "This is a support contract quote, here is the cost, now pay us."
The objective of security software is not to meet consumers' unrealistic expectations about what a security software should or should not do or what they believe it does or their extrapolations to unrealistic levels of assumed protections. The security software objective is NOT to "Collect it all, to know it all, to build it all, to protect everyone from it all, YESTERDAY." The objective is to provide default allow, with "decent" protection that meets some fuzzy, hotly debated standards in a manner that minimizes support requests, while hiring the least amount of employees possible, minimizing overhead as much as possible, charging the highest market prices for the product possible to earn as much revenue and net profit as possible while leaving buyers to themselves. Nowhere in that objective model is "To protect people from themselves."
For enterprise and governments, the answer to the "We need support" declaration or demand is: "This is a support contract quote, here is the cost, now pay us."
I agree, IMO a reference point, but probably not most of our real world use experience. Over the years and using multiple AV's the worst thing that's been flagged recently was a PUP from a zip file in an older free apps folder (which I need to get rid of anyway) on my flash drive by both Eset and F-Secure (the dog and flea AV...LOL).
It can also be the same way, again, IMO regarding PhishTank. It's a great place to see if you browser protection or DNS provider is functioning, but most of the links are so bizarre who is ever going to intentionally go to and use one of those sites in real world? And I get it, part of those tests is to confirm if you were to unintentionally go to a site like that, your browser extension, the DNS would flag it. I think some of us like the thrill of the hunt, the thrill of comparisons, the flavor of the month. That even though I haven't had malware, it's just a matter of time, a countdown to doomsday if I don't change what we/I'm using, or have been using.
I still like this post
F
ForgottenSeer 114717
I know you and the others that your work with go out of way to design, implement, and execute tests that are realistic, real-world (ITW and happen in meatspace routinely), well designed, impartial or unbiased, and fair. And I already know that you've quoted and sold tests that turned out to cost you more time and effort, but yet you did not go back to the client(s) and say "Hey, I have to increase the price." In the early days of AVLab you made a lot of sacrifices. You try to add a lot of value for the Euro/Dollar paid by clients.
Years ago, you and I once crossed paths but never actually spoke to each other. I just listened what you stated to others at that time.
You are a credit to the profession (regardless of the various keyboard warriors that discredit your tests and their results).
“Banking Test Simulation” does not mean using banking modes as a feature available in AV software.
Please, read the report:
Indeed, hence the NO in my answer (and the picture explaining what was tested)
F
ForgottenSeer 114717
Hi @Adrian Ścibor I'm just wondering, would the F-Secure stand alone Scam/Browser/Banking app still provide the security needed, apart for the AV (Total or Internet Security)? This test was more at the browser level than the download and the AV's real time protection, correct?
It has all of the real time shields and settings of Internet Security and Total. I just thought for curiosity sake, I'd run the 7 day trial version to see how it got along with Avast free. So far, so good. I'm not using the Avast browser extension, its Web Guard takes care of that.
It has all of the real time shields and settings of Internet Security and Total. I just thought for curiosity sake, I'd run the 7 day trial version to see how it got along with Avast free. So far, so good. I'm not using the Avast browser extension, its Web Guard takes care of that.
Last edited:
100% not true
This banking protection test has nothing to do with web protection, which is why the banking module is important if someone pays close attention to it.
There is no Simulation Test for Abelsoft Banking Browser !Hello community!
We have prepared the 2026 banking test. In the test scenarios we developed, we checked technical compliance for detecting attacks based on the methodology.
Software we tested:
- AVAST Premium + Bank Mode
- BITEDEFENDER Total Security + Safe Pay
- COMODO Internet Security Pro + Secure Shopping
- ESET Home Security Premium + Safe Banking & Browsing
- F-SECURE Total + Bank Mode
- G DATA Internet Security + (not available)
- KASPERSKY Plus + Safe Money
- MICROSOFT Defender + (not available)
- MKS_VIR Internet Security + Safe Browser
- NORTON 360 (not available)
- QUICK HEAL Total Security + Safe Banking
- TREND MICRO Maximum Security + Pay Guard
The PDF report consists of the following chapters:
- Why does online payments protection matter?
- Methodology
- Test scenarios overview (description and MITRE table)
- Basic information on tested security suites
- Settings of the tested solutions
- Results
- Our conclusions from the test
The details are available here
Analysis of modules for protection of online banking and payments – 2026 edition » AVLab Cybersecurity Foundation
Using solutions recommended by the AVLab Cybersecurity Foundation can significantly reduce the risk of a successful cyber attack.avlab.pl
Please feel free to comment. I will try to answer any questions you may have
F
ForgottenSeer 114717
MRG states that its banking simulator does test the AV banking mode. In fact, it states that is why it developed and continues to use its banking simulators.
However, it does not list in detail all the actions (or tests) performed during the simulated banking test. So that is "fuzzy".
And with that, your point is fair for disagreement.
If this response makes sense from Gemini Pro, then it may be a good combination, Avast Free + F-Secure Scam Protection? I could just use F-Secure Internet Security as I do really like it, but it was randomly slowing my notebook down when opening apps, and Avast has been very smooth and responsive. I also think Avast is a stronger AV all in all.
F
ForgottenSeer 123960
At the end of the day, you have to use the setup you’re most comfortable with and that runs smoothly on your specific hardware. If Avast isn't slowing your notebook down, that's a solid choice. However, keep in mind that the absolute best defense for things like online banking isn't just software, it's using a dedicated, separate device that you don't use for general, riskier web browsing. Just make sure that banking device is always kept up to date with the latest security patches.
Yep, I just do banking and checking email with Chrome (being logged into my Google account), which is the fully sanctioned browser of F-Secure, and use Brave for everything else
Are those signed/unsigned apps?
Avast hardened mode only blocks exe files, in case you didn't know.
Wouldn't it be better to install F-Secure in a VM and do your banking in that VM while keeping Avast on your system as the main AV?
You may also like...
-
Advanced In-The-Wild Malware Test in March 2026 including effectiveness analysis and telemetry- Started by Adrian Ścibor
- Replies: 22
-
What modules should a free antivirus offer as the bare minimum in 2026?- Started by RoboMan
- Replies: 72
-
Analysis of system protection against active online malware – July 2025
- Started by Adrian Ścibor
- Replies: 165
-
McAfee Total Protection 3-Dev. 2026 | Security Software, Antivirus, VPN, Scam Protection | 1-Year Subscription EUR13.52- Started by Brownie2019
- Replies: 0
-
ESET Internet Security Key (1 Year / 1 PC) € 7,34
- Started by Brownie2019
- Replies: 7