AV-Comparatives AV-Comparatives Real-World Protection Test Jul-Aug 2023

Disclaimer

  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Digmor Crusher

Digmor Crusher

Level 23
Verified
Top Poster
Well-known
Jan 27, 2018
1,265
codswollip said:
Always amazed that AV-Comparatives is still viewed as credible by anyone.
Click to expand...
Seeing that no one knows what samples they use or how they actually perform the tests they are as credible as any other testing site. It's the same as going to auto sites to review a vehicle, you'll get numerous opinions and it's up to you to filter them. I find it somewhat incredulous that anyone bashes these type of sites as 90% of the people doing so have no idea how they test and what it means. They are just one, of many , resources for people to form an educated opinion.
 
  • Like
  • Wow
  • Applause
Reactions: codswollip, Nevi, ForgottenSeer 100397 and 3 others
A

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,823
RansomwareRemediation said:
Do you really think that WD is a good antivirus?
Click to expand...
I think it's an okay antivirus.

RansomwareRemediation said:
In a real attack on your device, I highly doubt WD would be able to help you.
Click to expand...
Maybe, maybe not. But I wouldn't trust a third-party AV to protect my system either.
Regardless of the AV, it is and should always be the last line of defence. The user's the first and I'm confident in my ability to keep my system free from malware.
 
  • Like
Reactions: ForgottenSeer 100397
R

roger_m

Level 41
Verified
Top Poster
Content Creator
Dec 4, 2014
3,029
RansomwareRemediation said:
Regardless of the MB it consumes, the number of processes in RAM is too much. They already have almost the same processes as Mcafee.
Click to expand...
Why is that an issue for you? The only thing that matters to me with in terms of performance, is if an antivirus is making my computer run noticeably slower. I don't care how much RAM is used, or how many processes it creates, if my computer isn't running slower. If an antivirus was using gigabytes of RAM, but it wasn't affecting performance, I wouldn't care. I don't have any idea how much RAM my antivirus is using, as it's not something I care about. RAM usage only matters to me, when my PC's RAM usage is very high.
 
  • Like
  • +Reputation
  • Wow
Reactions: codswollip, Oldie1950, Nightwalker and 2 others
SpyNetGirl

SpyNetGirl

Level 3
Well-known
Jan 30, 2023
113
Arequire said:
I do think AV vendors mislead consumers, in that they make exaggerated claims about their ability to protect users from threats. Ultimately it's up to consumers to decide whether the cost is worth the increased/perception of increased protection (regardless of whether their decision is their own or influenced by a vendor's marketing).


It can but I very rarely hear about AVs getting exploited outside of vulnerability research and corporate environments. Plus Defender has be successfully exploited previously too.
Click to expand...

AV vendors totally mislead consumers because their products are not needed at all. Increased protection is already in Windows and nobody needs to pay for it.

Defender was exploited previously? is there any proof for that

Shadowra said:
I will test your Microsoft Defender Hardening very soon 😉 Your software interests me... :)
Click to expand...

Glad to know that! by the way, it's defense in depth, so to perform a realistic test you need to use all of the categories, not just Microsoft Defender. 🙂
Here is a document about pentesting

github.com

Harden-Windows-Security/Rationale.md at main · HotCakeX/Harden-Windows-Security

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Pers...
github.com github.com

Shadowra said:
Since the integration of AI Machine Learning, WD has become an excellent antivirus that even manages to outperform many market leaders. By default, it's excellent, and in High or Hard mode, it's like a fortress!

I've already managed to bypass WD by injecting arbitrary code, it works once, but not afterwards...
Click to expand...

Is there a PoC for that?
I'm interested in knowing full details about this

Shadowra said:
The technique I was using involved forcibly adding an executable to WD's Exceptions. Microsoft has added Behavior detection to counter this, and it no longer works.
Click to expand...

You did it with Administrator privileges? Because if you did then that's perfectly normal and it's not a vulnerability/bypass, as I explained in this document.
 
  • Like
  • +Reputation
  • Applause
Reactions: codswollip, TairikuOkami, Shadowra and 2 others
SpyNetGirl

SpyNetGirl

Level 3
Well-known
Jan 30, 2023
113
Arequire said:
www.bleepingcomputer.com

Microsoft patches Defender antivirus zero-day exploited in the wild

Microsoft has addressed a zero-day vulnerability in the Microsoft Defender antivirus, exploited in the wild by threat actors before the patch was released.
www.bleepingcomputer.com www.bleepingcomputer.com
Click to expand...

Thanks, here is a quote from what I wrote in the rationale post

These methods will create multiple layers of security; also known as defense in depth. Additionally, you can create Kernel-level Zero-Trust strategy for your system.

If there will ever be a zero-day vulnerability in one or even some of the security layers at the same time, there will still be enough layers left to protect your device. It's impossible to penetrate all of them.

Also, zero-day vulnerabilities are patched quickly, so keeping your device and OS up to date, regardless of what OS you use, is one of the most basic security recommendations and best practices you must follow.
Click to expand...
 
  • +Reputation
Reactions: Shadowra
SpyNetGirl

SpyNetGirl

Level 3
Well-known
Jan 30, 2023
113
Shadowra said:
What do you mean? My comparison or my bypass test?

If it's bypass, you've said it all ^^
Click to expand...

Please read the documents below, they will clear any confusions

github.com

Harden-Windows-Security/Rationale.md at main · HotCakeX/Harden-Windows-Security

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Pers...
github.com github.com

 
  • Applause
Reactions: Shadowra
F

ForgottenSeer 93475

Spartan said:
First time I see Avast/AVG acing it and first time I see Kaspersky which used to always lead the pack fall back so much.
Click to expand...
In fact, he was not late at all, but they put him back to the back of the class, as the people who believed their results did not like him to remain in the first class
Numeriku said:
View attachment 278614

Its only using like 450mb of ram after a few days, i think first couple of days it was getting used to the system.
Click to expand...
just this..
Screenshot_171.png

Max90 said:
They are missing crowd intelligence from the western world, less users is less telemetry and big data.
Click to expand...
this M.T not subreddit................plssssss
Max90 said:
@all members bashing AV-comparatives

They have to many quality seals (they have the most out of all professional lab testing organizations) I know for that you don't (just to name one quality certificate of AVC) an ISO certification when you are not transparent and have predictable, repeatable processes in place. AV-comparatives not publishing their processes to the public does not mean that their approach is not checked and certified. Also many Universities have ties with AV-comparatives. In the academic world there are also requirements and regulations how research is performed.

The fact that their results may differ from youtube testers, does not dis-qualify their testing method.
Click to expand...
All people who don't believe them have their reasons, av-comparatives were always manipulating their results, so stop forcefully asking them to believe them
Remember that it is not important that you have everything necessary to conduct the tests, but rather credibility is what is actually necessary
 
  • Like
Reactions: codswollip
Ink

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
For Windows, the only winner I see is Microsoft Defender Antivirus.

How many here look at AV-C, online reviews or video tests and think "I should use this AV because of it's performance in this specific test".

All these "tests" are simulations.
 
  • Like
  • HaHa
Reactions: roger_m, micasayyo, Oldie1950 and 1 other person
RansomwareRemediation

RansomwareRemediation

Level 4
Verified
Well-known
Jun 22, 2020
165
Ink said:
For Windows, the only winner I see is Microsoft Defender Antivirus.

How many here look at AV-C, online reviews or video tests and think "I should use this AV because of it's performance in this specific test".

All these "tests" are simulations.
Click to expand...
I insist, do you really think that WD is a good AV? In a real ransomware attack, it has been proven that WD is no good at protecting. Regardless of whether it is configured, and whether it has AI, all AVs have it. Not all tests are simulations.
 
  • Like
Reactions: micasayyo and Brie
B-boy/StyLe/

B-boy/StyLe/

Level 3
Verified
Well-known
Mar 10, 2023
144
SpyNetGirl said:
Defender was exploited previously? is there any proof for that
Click to expand...
I remember 10 years ago, ZeroAccess altered the permissions of Windows Defender and MSE folders (before the Windows Defender in Windows 10 era) and used a trick by placing junctions that completely disabled it. But this was valid for other security software as well. It was a very stubborn and creative malware. :)

hitmanpro.wordpress.com

HitmanPro rescues anti-virus programs from malware attack

ZeroAccess Bag of Tricks We’ve blogged a few times before about the tricks of the ZeroAccess malware family (aka ZAccess/Sirefef/Max++). For example, in July 2011 we blogged about ZeroAccess …
hitmanpro.wordpress.com hitmanpro.wordpress.com

From the FRST log:

ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
Click to expand...

From the Rkill log:
* ALERT: ZEROACCESS Reparse Point/Junction found!

* C:\Program Files\Windows Defender\MpCommu.dll => <Unknown Target> [File]
* C:\Program Files\Windows Defender\MpTpmAtt.dll => <Unknown Target> [File]
* C:\Program Files\Windows Defender\MsMpCom.dll => <Unknown Target> [File]
* C:\Program Files\Windows Defender\MsMpRes.dll => <Unknown Target> [File]
* C:\Program Files\Windows Defender\NisIpsPlugin.dll => <Unknown Target> [File]
* C:\Program Files\Windows Defender\NisLog.dll => <Unknown Target> [File]
* C:\Program Files\Windows Defender\NisWfp.dll => <Unknown Target> [File]
* C:\Program Files\Windows Defender\ProtectionManagement.dll => <Unknown Target> [File]
* C:\Program Files (x86)\Windows Defender\MpAsDesc.dll => <Unknown Target> [File]
* C:\Program Files (x86)\Windows Defender\shellext.dll => <Unknown Target> [File]
Click to expand...
Another common trick was to use the IFEO keys in the registry:

www.malwarebytes.com

An Introduction to Image File Execution Options | Malwarebytes Labs

Image File Execution Options are used to intercept calls to an executable. It's in use for debugging, replacing and stopping specific executables.
www.malwarebytes.com www.malwarebytes.com
 

Similar threads

Spartan
    • Like
AV-Comparatives AV-Comparatives Real-World Protection Test: FEB-MAR 2024
Replies
7
Views
1,146
Security Statistics and Reports
Trident
Trident
Spartan
    • Like
    • +Reputation
AV-Comparatives AV-Comparatives Real-World Protection Test Jul-Oct 2023
Replies
43
Views
3,835
Security Statistics and Reports
simmerskool
simmerskool
Spartan
    • Like
    • Thanks
    • +Reputation
AV-Comparatives AV-Comparatives Malware Protection Test: MAR 2024
Replies
18
Views
1,095
Security Statistics and Reports
blackice
blackice

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top