App Review Antivirus vs RedLine Stealer malware Competition

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
Shadowra

RoboMan

Level 35
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,487
I see, I thought it was a different sample that @Shadowra tested, I was curious to see that if your infection was a rule or a exception in how Norton deals with Redline Stealer malware family.

Did you move on to another antivirus solution? Maybe Kaspersky?
Back to Kaspersky. The russian lord never fails.
 

Andrezj

Level 6
Verified
Well-known
Nov 21, 2022
248
We may be entering a new era of everybody running 3rd party AVs again. Or Microsoft will make serious improvements.
the most run av in the world for home users is microsoft defender, the user base is hundreds of millions, that will not change because defender comes with the operating system
microsoft designed windows and its products such as offiice, to be hardened, but it only supports and promotes that to enterprise which pay for all the additional protections
those products when hardened are very secure, microsoft defender combined with the enterprise features is a much different product
microsoft passes down defender to home users in a basic configuration as a community service
 

Shadowra

Level 37
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,630
the most run av in the world for home users is microsoft defender, the user base is hundreds of millions, that will not change because defender comes with the operating system
microsoft designed windows and its products such as offiice, to be hardened, but it only supports and promotes that to enterprise which pay for all the additional protections
those products when hardened are very secure, microsoft defender combined with the enterprise features is a much different product
microsoft passes down defender to home users in a basic configuration as a community service

Totally agree :)
Moreover, it can be reinforced with tools, but Microsoft Defender is enough for most people (even if some malwares start to have bypasses to bypass Microsoft Defender but its AI is quite reactive I think)
 

Andrezj

Level 6
Verified
Well-known
Nov 21, 2022
248
What goes around........blah, blah. blah.;) It goes in cycles, MD will fall out of favour for a few years and then everyone will jump on the bandwagon again.
social media behavior
These tests usually result in an increase of security paranoia, at least for some people ... :D
rotate through products until they return to the one they switched from originally
 

Andrezj

Level 6
Verified
Well-known
Nov 21, 2022
248
Microsoft Defender is enough for most people (even if some malwares start to have bypasses to bypass Microsoft Defender but its AI is quite reactive I think)
microsoft said it believes that windows s mode, based upon its internal statistics, provided the highest level of protection for home users
it limited installs to microsoft store and microsoft programs, so it proved unpopular for many users, so microsoft is trying sac specifically for home users
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,870
F-Secure's detection name kind of indicates that this is a generic detection for any file that is inflated, not exclusive to malware. So it's not a detection for these stealers per se, but it should work as long as these malware writer keep using inflated malware file. Legit programs are not likely to use inflated files, so it's not a bad thing to create a generic detection to detect them all in an easy shortcut way.
 

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
Hardening reduces the usability and flexibility of Windows. As does SUA. Some of which could be solved by more security minded programming by developers. However, there’s a reason neither is implemented by default in Windows.

I have no problem with Defender. I used Microsoft Security Essentials in the worst years and never got infected, possibly because I don’t open email attachments and only download software from the official site. I’m boring and it works.
 

Andrezj

Level 6
Verified
Well-known
Nov 21, 2022
248
Hardening reduces the usability and flexibility of Windows. As does SUA. Some of which could be solved by more security minded programming by developers. However, there’s a reason neither is implemented by default in Windows.
hardening does not reduce usability, it just involves more steps, but once configured it is set and forget
the reason microsoft includes none of that is because all those features are paid products
the sua is disabled by default because the local administrator account is meant to be used to configure windows and then enable a sua and use that, the failure is that microsoft does not educate users the reasons to use a sua
as long as there are "users that want to use stuff" they will infect themselves no matter what security is provided, that whole way of thinking - it must be easy and convenient, despite all the consequences - is the reason for much of world's malware problem
developers are hardly to blame for user actions
 

Anthony Qian

Level 10
Verified
Well-known
Apr 17, 2021
454
Assuming @Anthony Qian is right, which is usually true, then F-Secure will work for this. I would assume they’d also be covered by the Avira signatures, but just a guess.
For Trojan malware, Avira detection name usually has “TR”/“Trojan:TR” prefix while F-Secure has “Trojan:Win32/64” prefix. As per @Shadowra, it seems that one sample is caught by Avira engine and the other by its own engine. ;)
 
Last edited:

devjit2020

Level 2
Apr 7, 2022
91
Thanks for the test @Shadowra .TBH I'm a bit disappointed with mbam. They have a pretty long way to catch up although they advertise themselves as an AV. I remember when I used to keep it as a must have for cleaning an infected PC. Even today it's good at detecting exe files and it has a thorough registry scanner (unlike ESET). But as some people in the forum pointed out I have yet to see it detecting malicious scripts.
 

ScandinavianFish

Level 7
Verified
Dec 12, 2021
317
Thanks for the test @Shadowra .TBH I'm a bit disappointed with mbam. They have a pretty long way to catch up although they advertise themselves as an AV. I remember when I used to keep it as a must have for cleaning an infected PC. Even today it's good at detecting exe files and it has a thorough registry scanner (unlike ESET). But as some people in the forum pointed out I have yet to see it detecting malicious scripts.
Malwarebytes whole marketing strategies are targetted towards distrungled people who had to use it to clean systems when their "tRadITIONaL aNtIvirUs" missed something, the problem with that is that at it was the on-demand scanner that did the job, not the real time protection, which happens to be sub-par. Now they just use fancy marketing words such as AI and "signature-less" to entice the less tech-savvy people who think antiviruses only detect viruses, not malware, and that they use legacy detection methods (which I happen to have seen a couple times), into buying something that don't even provide adequate protection on its own in an real world scenario as it doesn't target scripts, nor employs an behavior blocker, so its highly dangerous that they register in Security Center by default.

Another thing that pisses me off is their Remidiation Map, which is highy misleading as 90% of the detections are Adware or Potentially Unwanted Programs, not malware.
 
Last edited:

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,870
Found a variant yesterday that added the whole C drive into exclusion before doing its thing, making Microsoft Defender completely blind 🤡
Imagine if someone run this by mistake. Almost never a malware will be detected by Microsoft Defender on that system anymore. What kind of security app allows adding exclusions like this?🤦‍♂️
md.png
 

Shadowra

Level 37
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,630
Found a variant yesterday that added the whole C drive into exclusion before doing its thing, making Microsoft Defender completely blind 🤡
Imagine if someone run this by mistake. Almost never a malware will be detected by Microsoft Defender on that system anymore. What kind of security app allows adding exclusions like this?🤦‍♂️
View attachment 271546

I had already seen this, yet Microsoft had added a detection to counter this... seems that cyber-criminals have found a way to bypass MS Defender
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top