AVLab.pl Analysis of modules for protection of online banking and payments

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Adrian Ścibor

From AVLab.pl
Thread author
Verified
Well-known
Apr 9, 2018
176
Dear Community!

We have already published the newest report which is about and called "Analysis of modules for protection of online banking and payments". Inside the document, we try to raise awareness about banking mode - why it is so important for the user if they used this kind of modules with antiviruses in the background.

Here, you can read the test in online version: Analysis Of Modules For Protection Of Online Banking And Payments » AVLab Cybersecurity Foundation

A PDF version which is graphically better: https://avlab.pl/en/wp-content/uplo...protection-of-online-banking-and-payments.pdf

I attach a table as well as an image, while all the details and explanations can be found in the report.

Please share your feedback!
This is very important to us. You can comment on our work and give us a rating from 1 to 5 in the comments.
 

Attachments

  • avlab banking protection - table.png
    avlab banking protection - table.png
    203.2 KB · Views: 226

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,565
From the conclusion:
Analyzing the 5th scenario, one may have a different opinion. Namely, software for remote desktop, conferences, system management, is completely legal and treated as safe, so it can be allowed to operate. Nevertheless, we believe that the banking mode should be a particularly sensitive area to which nothing or almost nothing should have access.

This area, also in the context of remote management software, is best protected by F-Secure and mks_vir, as they have a model similar to the Zero-Trust architecture. Based on the results, this seems to be the most reasonable approach to securing a banking session, which is especially important for end users. Such protection provides the minimum permissions necessary to complete a funds transfer, and is based on a modern approach to proactive security in real time.
What is the difference with Avast, Quick Heal and Comodo, who also protected against remote control of computer?
 

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,479
I wished someone would seriously test effectiveness of DNS, since it can cover all steps by blocking: 1. initial phishing link, 2. downloading malware, 3. downloading payload, 4. C&C servers.
DNS is usually omitted as a supplement, but I believe it can replace AV altogether, especially since people do not know how to use AV properly, but DNS just works and it is easy to setup.
My colleagues are a great inspiration, they ignore updates, because they would have to restart the phone, they do not use 2FA, because it is bothersome, one just lost FB because of it.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,565
I wished someone would seriously test effectiveness of DNS, since it can cover all steps by blocking: 1. initial phishing link, 2. downloading malware, 3. downloading payload, 4. C&C servers.
DNS is usually omitted as a supplement, but I believe it can replace AV altogether, especially since people do not know how to use AV properly, but DNS just works and it is easy to setup.
My colleagues are a great inspiration, they ignore updates, because they would have to restart the phone, they do not use 2FA, because it is bothersome, one just lost FB because of it.
They did some testing here:
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,565
Yes, but it is just link testing, but I would be interested to see testing of infected PCs as well like any other AV test.
They will do a new test in 2024.
No, as I know, he didn't use any external configuration for NextDNS. Just simply IP address from vendor's webpage.

Maybe next time, when we go through with refreshing test edition in 2024. Until that time, any feedback from the community would be helpful.
You could suggest that in that thread.
 

Adrian Ścibor

From AVLab.pl
Thread author
Verified
Well-known
Apr 9, 2018
176
From the conclusion:

What is the difference with Avast, Quick Heal and Comodo, who also protected against remote control of computer?
There is no quite huge difference. The listed software detects and notifies the user that the PC remote control software is running in the background. You can decide what to do next, it is your decision, so I think that was enough to pass the test. I attached some images.

Yes, but it is just link testing, but I would be interested to see testing of infected PCs as well like any other AV test.
This could be an interesting test and comparison, but it would have to choose only those solutions that allow to detect and cut out malicious traffic.
 

Attachments

  • 1.png
    1.png
    78.6 KB · Views: 122
  • 5.png
    5.png
    136.7 KB · Views: 122

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,565
There is no quite huge difference. The listed software detects and notifies the user that the PC remote control software is running in the background. You can decide what to do next, it is your decision, so I think that was enough to pass the test. I attached some images.


This could be an interesting test and comparison, but it would have to choose only those solutions that allow to detect and cut out malicious traffic.
Thanks, for the explanation and the attachments.
Now I understand the conclusion of this test better.
Comodo alerts for the remote connection and let the user decide what to do.
F-Secure terminates the remote connection and alerts the user.
F-Secure 's approach is safer, but can be inconvenient when helping someone.
 

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,632
An excellent test. As usual, the explanation of the testing method of the whole thing is appreciated.
Next time also include products like Kaspersky, ESET, Norton if possible.
For the readers here just to let you know, for Avast Free you need to install their Avast Secure Browser to enable banking mode and for paid versions of Avast, it can work on Edge/Chrome/Firefox.
@Adrian Ścibor Next time can you do something like a credit card-skimming attack testing for Banking/Shopping protection? Magecart malware for example can steal user's credit card data from infected site through malicious javascript.
That test would probably be harder to pass. If this test was a level 1 test, that would be level 2, IMO.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top