App Review Antivirus vs RedLine Stealer malware Competition

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
Shadowra

cruelsister

Level 43
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
I had already seen this, yet Microsoft had added a detection to counter this... seems that cyber-criminals have found a way to bypass MS Defender
It's really not much of an inconvenience to do so. I made a private video, sort of a how-to, about this very thing last week but didn't bother to publish it.
 

Andrezj

Level 6
Verified
Well-known
Nov 21, 2022
248
it has been my AV of choice since version 1.x
I install WV on every device I touch :LOL: Much better than some paid AVs with big claims
sadly, it's also the reason why I visit MT much less frequently
@Evjl's Rain do you use all the wv features?
how has the protected folders and files feature performed during testing?
wv seems to be on same level as default kaspersky
any conflicts between wv and defender if run side by side?
how is wv protection using optimized default configuration?
 
  • Like
Reactions: simmerskool

Divine_Barakah

Level 33
Verified
Top Poster
Well-known
May 10, 2019
2,289
Wise Vector saw both--I'm Impressed. (y)
Better than some of the Big Guns there. .
It is just one sample and that is never enough to judge the quality of a product.

Its quite scary to think there are millions of people who rely soley on Malwarebytes, not knowing it provides sub-par protection due to not having an behavior blocker and targeting scripts.
Sub-par protection? This is far from the truth. While Mb is not the best, it offers great protection. Let’s not forget about its excellent web protection which in most cases detects malware before it even gets to the system.
 

ScandinavianFish

Level 7
Verified
Dec 12, 2021
317
Sub-par protection? This is far from the truth. While Mb is not the best, it offers great protection. Let’s not forget about its excellent web protection which in most cases detects malware before it even gets to the system.
Not really, as I said, it has no true behavior blocker, and its file scanner does not detect malicious scripts, its file scanner can be completely evaded by simply inflating the size of the malware to several hundreds of megabytes (which can still be stopped with an behavior blocker, which Malwarebytes does not have, meaning only its web protection may stop the connection to the C&C server).

Simply put, other antiviruses does an better job, for free.
 

Divine_Barakah

Level 33
Verified
Top Poster
Well-known
May 10, 2019
2,289
Not really, as I said, it has no true behavior blocker, and its file scanner does not detect malicious scripts, its file scanner can be completely evaded by simply inflating the size of the malware to several hundreds of megabytes (which can still be stopped with an behavior blocker, which Malwarebytes does not have, meaning only its web protection may stop the connection to the C&C server).

Simply put, other antiviruses does an better job, for free.
I see ur point. In fact, there is no way that a piece of malware ends on your desktop out of nowhere. There is a origin, a download, an email attachment or a file from a usb device. Antivirus components are there to complement each other. Eset for example does not have a true BB, but it provides excellent protection. Its web filter is one of the best. The same goes for MB. It has one of the best web protection and that does 90% of the job.

I am not claiming that MB has no flaws or shortcomings, but calling its protection sub-par is a huge underestimation.

One more thing. I want to thank @Shadowra for the amazing tests as always.

For the awesome MT members, please do not panic 😂 No need to rush and migrate to another solution. By the time this sample, or any other sample, reaches your devices, it would be detected by most security products.

I am sure @Shadowra does submit undetected samples to all vendors after testing l, right?

At the end it is healthy online practices that matter.
 

ScandinavianFish

Level 7
Verified
Dec 12, 2021
317
I see ur point. In fact, there is no way that a piece of malware ends on your desktop out of nowhere. There is a origin, a download, an email attachment or a file from a usb device. Antivirus components are there to complement each other. Eset for example does not have a true BB, but it provides excellent protection. Its web filter is one of the best. The same goes for MB. It has one of the best web protection and that does 90% of the job.

I am not claiming that MB has no flaws or shortcomings, but calling its protection sub-par is a huge underestimation.
90% of the people I see getting infected is because they (try to use) pirated/cracked/torrented software/games, hacks/cheats, keygens/activators. The problem with that is that they always bypass the file scanner of any security product, and because Malwarebytes has no behavior blocker, results in additional chance of infection, its exploit blocker is also incredibly weak, I have never seen it in action personally, even on heavily infected VM's.

Relying too much on an specific layer of protection is the biggest flaw of Malwarebytes.
 

Divine_Barakah

Level 33
Verified
Top Poster
Well-known
May 10, 2019
2,289
90% of the people I see getting infected is because they (try to use) pirated/cracked/torrented software/games, hacks/cheats, keygens/activators. The problem with that is that they always bypass the file scanner of any security product, and because Malwarebytes has no behavior blocker, results in additional chance of infection, its exploit blocker is also incredibly weak, I have never seen it in action personally, even on heavily infected VM's.

Relying too much on an specific layer of protection is the biggest flaw of Malwarebytes.
And if the file is detected, they disable protection to run the file 😅

MB has a lot to work on, but it also deserves some credit on some areas, too.
 

ScandinavianFish

Level 7
Verified
Dec 12, 2021
317
And if the file is detected, they disable protection to run the file 😅

MB has a lot to work on, but it also deserves some credit on some areas, too.
What pisses me off is the way they market themself, they claim to do better than other antivirus software, yet perform worse than pretty much everyone else, giving the user an false sense of security, even one of their nagging pop ups says "Click without doubt, knowing web protection has your back", essentially saying you can click and download anything with Malwarebytes installed, which is extremely careless and dangerous to say.
 

Divine_Barakah

Level 33
Verified
Top Poster
Well-known
May 10, 2019
2,289
What pisses me off is the way they market themself, they claim to do better than other antivirus software, yet perform worse than pretty much everyone else, giving the user an false sense of security, even one of their nagging pop ups says "Click without doubt, knowing web protection has your back", essentially saying you can click and download anything with Malwarebytes installed, which is extremely careless and dangerous to say.
If you're talking about old samples, then yes MB would perform worse than other products. But as for the web protection and their extension, it is very, very aggressive. In my case almost nothing malicious gets past it. In this age, it is not too hard to fix your weaknesses. Malwarebytes can acquire other companies or at least incorporate other engines. McAfee suffered, too, but it incorporated a couple of engines (do not know which) and that raised the bar.
 

Digmor Crusher

Level 25
Verified
Top Poster
Well-known
Jan 27, 2018
1,435
What pisses me off is the way they market themself, they claim to do better than other antivirus software, yet perform worse than pretty much everyone else, giving the user an false sense of security, even one of their nagging pop ups says "Click without doubt, knowing web protection has your back", essentially saying you can click and download anything with Malwarebytes installed, which is extremely careless and dangerous to say.
I don't see this anywhere, can you show us some examples please.
 
  • Like
Reactions: Divine_Barakah

Andrezj

Level 6
Verified
Well-known
Nov 21, 2022
248
What pisses me off is the way they market themself, they claim to do better than other antivirus software, yet perform worse than pretty much everyone else, giving the user an false sense of security
this is true of all security software
the application and use is always different than the marketing message or the interpretation of the marketing message in both subjective and objective ways

people routinely apply incorrect preconceived notions and expectation to marketing
"you are protected" is just a permissible, widely used generic marketing slogan as it does not mean "you are absolutely and perfectly protected", though many people would expect that it does mean the second quote

even one of their nagging pop ups says "Click without doubt, knowing web protection has your back", essentially saying you can click and download anything with Malwarebytes installed, which is extremely careless and dangerous to say.
the limitations of any kind of security software alert is well established by credible research and studies
when a user has to make a decision, the outcome depends mostly upon that user's knowledge, as research has proven that common sense and warnings are either no applied or just ignored by users at a significant level
removing the human risk from security is done primarily through automation and no alerts, but even in the use of those protection models the human sitting in front of the computer is going to ultimately have to make decisions under most any use case
it is not a matter if the user has to make a decision, it is a matter of when
it is for this reason that in enterprise who choose or are regulated and must apply high level security, taking away and preventing users from 1) doing stuff like home users and 2) having to make decisions is a basic control
 
Last edited:

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
@Evjl's Rain do you use all the wv features?
how has the protected folders and files feature performed during testing?
wv seems to be on same level as default kaspersky
any conflicts between wv and defender if run side by side?
how is wv protection using optimized default configuration?
1/ no I don't. I disabled firewall, web protection and folder protection because I don't use them
2/ protected folder seems to be quite effective in tests. However, in daily use, it's a bit annoying to me so I disabled
3/ I agree. It =< Kaspersky. Sometimes, against newer malwares, it can be better than Kaspersky but Kaspersky is the best in most conditions (except against PUPs/adwares)
4/ I consider WV > WD => WV is enough. WD is too heavy and not good enough
5/ As you can see, it outperformed most other AVs, except Kaspersky in default settings. I changed the Machine learning engine to High to make it a bit more powerful
 

Nikos751

Level 20
Verified
Malware Tester
Feb 1, 2013
971
I didn't put it in the video, however I was able to do the test on my own.
The 2 files are not detected by the analysis. At launch, Norton deletes the first one (the fake FL Studio) with SONAR since it dropp ClipBanker. (ClipBanker is detected by Norton in the Cloud)
The 2nd one is not recognized and Norton bombards with an alert "System Infected: RedLine Stealer". I did not see any connection...
NPE on the other hand disinfects the machine followed by KVRT.
Now that I took a look at this, combining the results from recent @Trident test, I see that in those 2 tests concerning stealers:
Kaspersky: 2/3
Eset 3/3
Norton 1/3 (only IPS warning for the others)
BitDefender 2/3 *I didn't like that KVRT needed to scan the files in order to detect the 2nd sample as damage is a possibility concerning time has passed.

they are different tests though, and cannot be fairly compared. What's somewhat clear is that Norton really has trouble with them.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top