AV-Comparatives Firewall Test 03/2014

Jaspion

Jaspion

Level 17
Verified
Jun 5, 2013
841
Maybe you already said enough. So, wait a minute, I believe I was under the wrong impression here. I thought that using normal every-day programs such as your browser, mail, games, banking, etc, the situation above could happen if you logged into a compromised public network. But, you're saying that it can't happen, unless I run a malicious file in the first place?
 
Nico@FMA

Nico@FMA

Level 27
Verified
May 11, 2013
1,687
Jaspion said:
Maybe you already said enough. So, wait a minute, I believe I was under the wrong impression here. I thought that using normal every-day programs such as your browser, mail, games, banking, etc, the situation above could happen if you logged into a compromised public network. But, you're saying that it can't happen, unless I run a malicious file in the first place?
Click to expand...

No thats not what i am saying, if you login to a infected site or compromised networks then unless you got proper protection + a good setup you are going to experience problems. Granted not every protection will protect you against all as there is NONE such program.
But generally if you read back the previous posts then if your overall setup is sound and properly configured then login in to a infected site or C-network will usually trigger the protection available on your pc and warn you about it, or stop a certain action & attempt.
And in regards to running a malicious file, thats not what i was saying, what i was saying is this:

Imagine you got kaspersky internet security (Just to name a good suit) but you install it on a windows that has not been updated since the stone age, you do not have up to date drivers and you do not maintain basic practices regarding security then ask your self how long will KAV be able to protect you? I can tell you right here right now it will lose 80% of its potential protection capacity just because the frame work aka OS is not hardened by patching and such.

Now have kaspersky on a well maintained up to date and sound system, then KAV can actually protect you WAY beyond its own capacity because additional hardening of your OS and such will actually help it greatly. And thus if you would login to bogus site & connection will not cause as much trouble as people think.

So without the proper framework you are death in the water before a attack even hits you. So if you want to have a decent standoff against online dangers then without the proper config this is going to impossible to achieve no matter where you use your Internet, but if you take care of your ABC's and you handle your PC with care then out of the 100 attacks you will be able to stop 80% before they even happen just on basic settings. The other 20% can be stopped as well and NO you will not gain 100% but then again the odds that you come across a LIVE infected banking site that has such advanced malware on it to infect or steal your data are NILL.
usually infected networks and sites have simple exploits on it that do not hit proper protected systems...considering there are more then enough users out there that do not have any protection.
So why go trough the trouble to break properly protected systems with sophisticated attacks and malwares which is just a small margin of the computer users if the MAJOR bulk of the computer users do not even know what antivirus or protection means.
Studies pointed out that out of the 100 computers connecting to a banking site only 15 of them have a properly configured system, and another 15% has a partially configured system, so this leaves 60% WIDE open for a simple exploit to infect.

See my point?
 
  • Like
Reactions: Nikos751 and Jaspion
Jaspion

Jaspion

Level 17
Verified
Jun 5, 2013
841
n.nvt said:
No thats not what i am saying, if you login to a infected site or compromised networks then unless you got proper protection + a good setup you are going to experience problems. Granted not every protection will protect you against all as there is NONE such program.
But generally if you read back the previous posts then if your overall setup is sound and properly configured then login in to a infected site or C-network will usually trigger the protection available on your pc and warn you about it, or stop a certain action & attempt.
And in regards to running a malicious file, thats not what i was saying, what i was saying is this:

Imagine you got kaspersky internet security (Just to name a good suit) but you install it on a windows that has not been updated since the stone age, you do not have up to date drivers and you do not maintain basic practices regarding security then ask your self how long will KAV be able to protect you? I can tell you right here right now it will lose 80% of its potential protection capacity just because the frame work aka OS is not hardened by patching and such.

Now have kaspersky on a well maintained up to date and sound system, then KAV can actually protect you WAY beyond its own capacity because additional hardening of your OS and such will actually help it greatly. And thus if you would login to bogus site & connection will not cause as much trouble as people think.

So without the proper framework you are death in the water before a attack even hits you. So if you want to have a decent standoff against online dangers then without the proper config this is going to impossible to achieve no matter where you use your Internet, but if you take care of your ABC's and you handle your PC with care then out of the 100 attacks you will be able to stop 80% before they even happen just on basic settings. The other 20% can be stopped as well and NO you will not gain 100% but then again the odds that you come across a LIVE infected banking site that has such advanced malware on it to infect or steal your data are NILL.
usually infected networks and sites have simple exploits on it that do not hit proper protected systems...considering there are more then enough users out there that do not have any protection.
So why go trough the trouble to break properly protected systems with sophisticated attacks and malwares which is just a small margin of the computer users if the MAJOR bulk of the computer users do not even know what antivirus or protection means.
Studies pointed out that out of the 100 computers connecting to a banking site only 15 of them have a properly configured system, and another 15% has a partially configured system, so this leaves 60% WIDE open for a simple exploit to infect.

See my point?
Click to expand...
Yes. Thank you very much.
 
  • Like
Reactions: MrXidus and Nico@FMA
woomera

woomera

Level 7
Verified
Jan 15, 2012
594
but there's no direct link to it in their website which is odd. i didnt see it anywhere!
 
Raul90

Raul90

Level 14
Feb 5, 2012
658
I read about a reply from Fabian Wosar from Emsisoft on the comparatives result on another site and OA devs are looking into to it. As of this writing he(Fabian) cannot replicate what AVC has obtained.

Originally posted by Faian Wosar - LINK 1

I spent the last day trying to replicate their results but haven't been able to do so to be honest. In general both ECHO REPLY as well as NetBIOS ports are considered "restricted". That means, even if you allowed the application who serves them by accident, unless the computer or the network that sent the request is marked as trusted, packets will be dropped. RDP is disabled by default in Windows and it needs to be enabled manually, which is why there is no default restricted port rule for it. But both NetBIOS as well as pings should have been blocked no matter what.

I asked the AVC staff for more detailed information. In general they are very cooperative and easy to work with, so I hope we find out what went wrong in their tests so we can fix it.
Click to expand...

Originally posted by Faian Wosar - LINK 2

To give a quick update: I tried to replicate their results but was unable to. Online Armor behaved the way I expected it to which is:

1. Block access to all file sharing ports unless it the access originates from a trusted network/computer.
2. Block ping requests unless the requests originates from a trusted network/computer.
3. Allow access to the RDP port, no matter which network, as the RDP port is not a restricted port by default.

I contacted AVC. Unfortunately they no longer had the original test systems, but they kindly agreed to replicate the test and collect some additional logs for us. The problem we are facing at the moment is that at least according to the logs Online Armor performed exactly as it should be, blocking all the access attempts from the untrusted network:

Code:
[02/04/14 10:17:34] 2068/814 UDP <- 192.168.20.100:137, 192.168.20.133:137, System(4/0)
[02/04/14 10:17:34] 2068/814 Blocked by restricted port list

[02/04/14 10:17:37] 2068/814 TCP <- 192.168.20.100:139, 192.168.20.133:49822, System(4/0)
[02/04/14 10:17:37] 2068/814 Blocked by restricted port list

However, even though the network connection attempts were blocked according to the logs, AVC was still able to create/edit files remotely. At this point it is clear that somehow Online Armor messes up on their test system, but we don't know why yet. AVC offered remote access to their test setup and we will surely take advantage of that offer, but it will take a bit longer until we know exactly what is causing it.
Click to expand...

Rest assured that Emsisoft will check it out and will report once again about it.
 
  • Like
Reactions: Ink
Solarquest

Solarquest

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
n.nvt said:
No thats not what i am saying, if you login to a infected site or compromised networks then unless you got proper protection + a good setup you are going to experience problems. Granted not every protection will protect you against all as there is NONE such program.
But generally if you read back the previous posts then if your overall setup is sound and properly configured then login in to a infected site or C-network will usually trigger the protection available on your pc and warn you about it, or stop a certain action & attempt.
And in regards to running a malicious file, thats not what i was saying, what i was saying is this:

Imagine you got kaspersky internet security (Just to name a good suit) but you install it on a windows that has not been updated since the stone age, you do not have up to date drivers and you do not maintain basic practices regarding security then ask your self how long will KAV be able to protect you? I can tell you right here right now it will lose 80% of its potential protection capacity just because the frame work aka OS is not hardened by patching and such.

Now have kaspersky on a well maintained up to date and sound system, then KAV can actually protect you WAY beyond its own capacity because additional hardening of your OS and such will actually help it greatly. And thus if you would login to bogus site & connection will not cause as much trouble as people think.

So without the proper framework you are death in the water before a attack even hits you. So if you want to have a decent standoff against online dangers then without the proper config this is going to impossible to achieve no matter where you use your Internet, but if you take care of your ABC's and you handle your PC with care then out of the 100 attacks you will be able to stop 80% before they even happen just on basic settings. The other 20% can be stopped as well and NO you will not gain 100% but then again the odds that you come across a LIVE infected banking site that has such advanced malware on it to infect or steal your data are NILL.
usually infected networks and sites have simple exploits on it that do not hit proper protected systems...considering there are more then enough users out there that do not have any protection.
So why go trough the trouble to break properly protected systems with sophisticated attacks and malwares which is just a small margin of the computer users if the MAJOR bulk of the computer users do not even know what antivirus or protection means.
Studies pointed out that out of the 100 computers connecting to a banking site only 15 of them have a properly configured system, and another 15% has a partially configured system, so this leaves 60% WIDE open for a simple exploit to infect.

See my point?
Click to expand...

I understand that no program(s) will provide a 100 % protection and that many offer a good/very good protection.
I also believe that little things can make a big difference, so even a 0.xx% higher detection rate (AV and/or Firewall) can make a huge difference in terms of cost, anger, time, infection or not.
I always update Win and all programs on my pc; I install security programs to protect my pc/laptop anytime and everywhere, independent if I'm 100% attentive and aware of what I'm doing and where I'm going on the WW (so very careful) or if I go or do things less secure without knowing it (or because I have or want to).
On my Pc I would like to have the programs that protect it best in both cases. I don't want "the best" since I know this can change in a short time, but one of the best.
When I see the test and the following posts I get confused. On one side I see the ++, the +..on the other I read that all programs in the list offer good protection (with an updated system).
In your opinion, what Firewall protect best an updated system? How good is windows firewall in windows 7?
On the market do you see a security product that offers one of the best AV AND one of the best Firewall or if you wanted a very solid protection, would you use an AV with a separate firewall? Which ine?
If you use EMSI antimalware what firewall would you add to have a round solution?

What do you mean with "you only need to have a solid config that includes the standard ABC practices, and proper all round solution"? Do you mean that we need to have an updated system and programs, a security suite and safe habits? thank you
 
Last edited:
Nico@FMA

Nico@FMA

Level 27
Verified
May 11, 2013
1,687
Solarquest said:
I understand that no program(s) will provide a 100 % protection and that many offer a good/very good protection.
I also believe that little things can make a big difference, so even a 0.xx% higher detection rate (AV and/or Firewall) can make a huge difference in terms of cost, anger, time, infection or not.
I always update Win and all programs on my pc; I install security programs to protect my pc/laptop anytime and everywhere, independent if I'm 100% attentive and aware of what I'm doing and where I'm going on the WW (so very careful) or if I go or do things less secure without knowing it (or because I have or want to).
On my Pc I would like to have the programs that protect it best in both cases. I don't want "the best" since I know this can change in a short time, but one of the best.
When I see the test and the following posts I get confused. On one side I see the ++, the +..on the other I read that all programs in the list offer good protection (with an updated system).
In your opinion, what Firewall protect best an updated system? How good is windows firewall in windows 7?
On the market do you see a security product that offers one of the best AV AND one of the best Firewall or if you wanted a very solid protection, would you use an AV with a separate firewall? Which ine?
If you use EMSI antimalware what firewall would you add to have a round solution?

What do you mean with "you only need to have a solid config that includes the standard ABC practices, and proper all round solution"? Do you mean that we need to have an updated system and programs, a security suite and safe habits? thank you
Click to expand...

What do you mean with "you only need to have a solid config that includes the standard ABC practices, and proper all round solution"? Do you mean that we need to have an updated system and programs, a security suite and safe habits? thank you

Yes

That said there is no best as even Windows firewall can do a good job if you know how to use it. Protection comes in many forms and shapes and one is better then the other but in the end of the day the biggest protection is YOU.
By keeping things in check and use your brain.
I suggest you could read my guides (see signature) or hook up some of the other guides here in MT they contain all the info you ever going to need to secure your PC and to get some basic understanding about things you might not have known yet.
In regards to market trends about which AV is good or not there are so many differences and yet they are all the same.
Marketing is Marketing and is there to sell stuff, but there are a few house hold names that are good by default.
Symantec, ESET, Kasperky, Sophos, Panda, BD just to name a few you really cannot go wrong with them.
As for resources usage each program has its plus and downsides for example @Umbra Polaris wrote something about End point protection you might wanna read it as it points out the differences between AV + FW combo's and how home and industrial products really work. Back on topic tests are just tests and they are really a snap shot moment in the real world a low scoring package might beat all others i have seen this many times with Sophos and Symantec. Same goes for Kasperky they usually score just above the middle and sometimes being a runner up in the list. But in the field they are a TOP brand with 1st class protection.
ESET is another high performer.
So really its up to you and what you feel comfortable with.... And no Marketing or Test should change that... afteral its your PC with your software and configuration and above all your understanding of how it works. And to that specific scenario belongs a fitting security package. And it does not matter if thats brand O or brand X because you are the one that needs to maintain it and if you got low skills then you certainly are not going to be happy if you use some industrial package with 10000 options, then you might wanna have something simpler that might give you a lower protection but because you can understand it more easy and its less difficult the protection level will increase to a point where you are as secure as you can be within your scenario.

Cheers
 
  • Like
Reactions: avast! Protection and Deleted member 178
D

Deleted member 178

the program must adapt to you , not you adapting to the program.

just take one you think will be worthy (check via watching videos showing its features , not malware tests ^^) , once selected , install it and if you first impression is that it is too complicated , remove it and check another one until you are satisfied.

start simple, learn how to use a product for a decent time, improve your skills then move (if needed ) to a more complex one.

personally this was my path:

Avast > Norton IS > Comodo FW and many others.
 
  • Like
Reactions: Nikos751 and Nico@FMA
Nikos751

Nikos751

Level 20
Verified
Malware Tester
Feb 1, 2013
977
Umbra Polaris said:
the program must adapt to you , not you adapting to the program.

just take one you think will be worthy (check via watching videos showing its features , not malware tests ^^) , once selected , install it and if you first impression is that it is too complicated , remove it and check another one until you are satisfied.

start simple, learn how to use a product for a decent time, improve your skills then move (if needed ) to a more complex one.

personally this was my path:

Avast > Norton IS > Comodo FW and many others.
Click to expand...
Is avast firewall that good for you;
 
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • Thanks
    • Applause
AV-Comparatives Consumer Summary Report 2024
Replies
16
Views
1,545
Security Statistics and Reports
Vitali Ortzi
Vitali Ortzi
Gandalf_The_Grey
    • Like
    • Hundred Points
    • Applause
AV-Comparatives Fake-Shops Detection Test November 2024
Replies
2
Views
614
Security Statistics and Reports
Vitali Ortzi
Vitali Ortzi
Gandalf_The_Grey
    • Like
AV-Comparatives Announcing the New EDR-Detection-Validation Test
Replies
0
Views
357
Security Statistics and Reports
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top