AVLab.pl Analysis of modules for protection of online banking and payments

[Adrian Ścibor]

Dear Community!

We have already published the newest report which is about and called "Analysis of modules for protection of online banking and payments". Inside the document, we try to raise awareness about banking mode - why it is so important for the user if they used this kind of modules with antiviruses in the background.

Here, you can read the test in online version: Analysis Of Modules For Protection Of Online Banking And Payments » AVLab Cybersecurity Foundation

A PDF version which is graphically better: https://avlab.pl/en/wp-content/uplo...protection-of-online-banking-and-payments.pdf

I attach a table as well as an image, while all the details and explanations can be found in the report.

Please share your feedback!
This is very important to us. You can comment on our work and give us a rating from 1 to 5 in the comments.

 

[Jonny Quest]

Thank you, Adrian, for this research work. And thank you, F-Secure

 

[Adrian Ścibor]

Thank you, Adrian, for this research work. And thank you, F-Secure

It's not the feedback I would have expected, but thanks!

 

[Jonny Quest]

It's not the feedback I would have expected, but thanks!

If you want some deeper feedback, you'll have to wait for a more advanced member to show up and post

 

[Adrian Ścibor]

Understood. I hope you will read the doc from cover to cover Have a great weekend!

 

[Zartarra]

Thanks again for the tests and results.

Disappointed result of Bitdefender.

What was the configuration of Microsoft Defender. Default settings or custom settings with ASR, Microsoft security guidelines?

 

[Adrian Ścibor]

Thanks again for the tests and results.

Disappointed result of Bitdefender.

What was the configuration of Microsoft Defender. Default settings or custom settings with ASR, Microsoft security guidelines?

We used default configuration for Microsoft Defender.

 

[RansomwareRemediation]

Eset ?

 

[Gandalf_The_Grey]

From the conclusion:

Analyzing the 5th scenario, one may have a different opinion. Namely, software for remote desktop, conferences, system management, is completely legal and treated as safe, so it can be allowed to operate. Nevertheless, we believe that the banking mode should be a particularly sensitive area to which nothing or almost nothing should have access.

This area, also in the context of remote management software, is best protected by F-Secure and mks_vir, as they have a model similar to the Zero-Trust architecture. Based on the results, this seems to be the most reasonable approach to securing a banking session, which is especially important for end users. Such protection provides the minimum permissions necessary to complete a funds transfer, and is based on a modern approach to proactive security in real time.

What is the difference with Avast, Quick Heal and Comodo, who also protected against remote control of computer?

 

[TairikuOkami]

I wished someone would seriously test effectiveness of DNS, since it can cover all steps by blocking: 1. initial phishing link, 2. downloading malware, 3. downloading payload, 4. C&C servers.
DNS is usually omitted as a supplement, but I believe it can replace AV altogether, especially since people do not know how to use AV properly, but DNS just works and it is easy to setup.
My colleagues are a great inspiration, they ignore updates, because they would have to restart the phone, they do not use 2FA, because it is bothersome, one just lost FB because of it.

 

[Gandalf_The_Grey]

I wished someone would seriously test effectiveness of DNS, since it can cover all steps by blocking: 1. initial phishing link, 2. downloading malware, 3. downloading payload, 4. C&C servers.
DNS is usually omitted as a supplement, but I believe it can replace AV altogether, especially since people do not know how to use AV properly, but DNS just works and it is easy to setup.
My colleagues are a great inspiration, they ignore updates, because they would have to restart the phone, they do not use 2FA, because it is bothersome, one just lost FB because of it.

They did some testing here:

AVLab.pl - Recommended DNS servers – which ones are the fastest and best protect the user?

Dear All, We have published a new DNS server comparison. We have tested response times using the top 1000 list of the Cloudflare Radar. In addition, we have checked the protection against phishing and malware. Link to the publication: Recommended DNS Servers: Speed And Protection Test » AVLab...

malwaretips.com

 

[TairikuOkami]

They did some testing here:

Yes, but it is just link testing, but I would be interested to see testing of infected PCs as well like any other AV test.

 

[Gandalf_The_Grey]

Yes, but it is just link testing, but I would be interested to see testing of infected PCs as well like any other AV test.

They will do a new test in 2024.

No, as I know, he didn't use any external configuration for NextDNS. Just simply IP address from vendor's webpage.

Maybe next time, when we go through with refreshing test edition in 2024. Until that time, any feedback from the community would be helpful.

You could suggest that in that thread.

AVLab.pl - Recommended DNS servers – which ones are the fastest and best protect the user?

Dear All, We have published a new DNS server comparison. We have tested response times using the top 1000 list of the Cloudflare Radar. In addition, we have checked the protection against phishing and malware. Link to the publication: Recommended DNS Servers: Speed And Protection Test » AVLab...

malwaretips.com

 

[Adrian Ścibor]

From the conclusion:

What is the difference with Avast, Quick Heal and Comodo, who also protected against remote control of computer?

There is no quite huge difference. The listed software detects and notifies the user that the PC remote control software is running in the background. You can decide what to do next, it is your decision, so I think that was enough to pass the test. I attached some images.

Yes, but it is just link testing, but I would be interested to see testing of infected PCs as well like any other AV test.

This could be an interesting test and comparison, but it would have to choose only those solutions that allow to detect and cut out malicious traffic.

 

[Gandalf_The_Grey]

There is no quite huge difference. The listed software detects and notifies the user that the PC remote control software is running in the background. You can decide what to do next, it is your decision, so I think that was enough to pass the test. I attached some images.


This could be an interesting test and comparison, but it would have to choose only those solutions that allow to detect and cut out malicious traffic.

Thanks, for the explanation and the attachments.
Now I understand the conclusion of this test better.
Comodo alerts for the remote connection and let the user decide what to do.
F-Secure terminates the remote connection and alerts the user.
F-Secure 's approach is safer, but can be inconvenient when helping someone.

 

[SeriousHoax]

An excellent test. As usual, the explanation of the testing method of the whole thing is appreciated.
Next time also include products like Kaspersky, ESET, Norton if possible.
For the readers here just to let you know, for Avast Free you need to install their Avast Secure Browser to enable banking mode and for paid versions of Avast, it can work on Edge/Chrome/Firefox.
@Adrian Ścibor Next time can you do something like a credit card-skimming attack testing for Banking/Shopping protection? Magecart malware for example can steal user's credit card data from infected site through malicious javascript.
That test would probably be harder to pass. If this test was a level 1 test, that would be level 2, IMO.