Security News AV-Comparatives Real-World Protection Test October 2018

Microsoft has picked itself up. So these are mere browser dependent testing.

Legitimate software can be compromised (CCleaner). One can download what appears to be good software or file.

In more holistic testing, BitDefender and Kaspersky typically come out on top.
 
  • Like
Reactions: elquenunca, vtqhtr413 and oldschool
Mariihh said:
F-Secure has always been superior to Emsisoft, I don't know why the surprise :giggle:
Click to expand...

Emsisoft has struggled in recent tests and on the hub. Also Emsisoft did poorly on the performance test. I tried Emsisoft last week and it felt really heavy on my PC (Ryzen, 1070Ti, Nvme drives) and really didn't perform well on my own malware pack testing on HE. My thought was it would be fine paired with adjunct tech like OSA or preferably VoodooShield.

However if I have to pair an anti-EXE with a suite, I probably don't want to spend a lot of money on that suite when free/dirt cheap solutions are available that can do that just fine.
 
  • Like
Reactions: Mariihh, catjc, Handsome Recluse and 1 other person
ForgottenSeer 58943 said:
Emsisoft has struggled in recent tests and on the hub. Also Emsisoft did poorly on the performance test. I tried Emsisoft last week and it felt really heavy on my PC (Ryzen, 1070Ti, Nvme drives) and really didn't perform well on my own malware pack testing on HE. My thought was it would be fine paired with adjunct tech like OSA or preferably VoodooShield.

However if I have to pair an anti-EXE with a suite, I probably don't want to spend a lot of money on that suite when free/dirt cheap solutions are available that can do that just fine.
Click to expand...
That's why antivirus tests are so... "irrelevant". Their whole technology or back-end work can be fu$%& up with one single Windows update or patch. It's unpredictable and will impact on the performance and protection tests, hence why the same products reaches different peeks on the same tests.
 
  • Like
Reactions: Weebarra, catjc, Handsome Recluse and 2 others
If I wanted to pair solutions I'd pick Bullguard Premium over Emsisoft because Bullguard is dirt cheap, has a real firewall, Bit Defender sigs, then toss VS/OSA onto it and call it a day. (with VS/OSA making up for the sleepy BB in Bullguard) Vipre probably fits into that category as well I guess.

BTW: Trustport AV lost their AVG/Avast license, so it's single engine Bit Defender database now. Not relevant to this discussion but figured I would mention it since Trust post isn't trustworthy as they still claim they have 2 engines when they don't.
 
  • Like
Reactions: Weebarra, catjc, Handsome Recluse and 2 others
notabot said:
Which consumer products had detected & blocker ccleaner’s compromised binaries ?
Click to expand...

Probably none, Cylance may have though because it is fairly specialized at detecting such things but without knowing we can't say. A little story about that whole CCleaner thing. I subscribed to Ccleaner Cloud(Agomo) for my home for almost 3 years. Before the Ccleaner thing became known FortiSandbox screened that update then blocked it as a risky anomaly. I went back and forth with Ccleaner (Agomo) about this, and ultimately uninstalled it immediately and got a refund for my sub. Then just a month later all of this was revealed. So unless a product has some anti-APT type technologies, it's unlikely it would have captured it.

One method some people (including me) utilize to avoid this is to freeze updates over an extended period and/or use portable versions of software. Another method is to use a tool like Heimdal, since Heimdal doesn't install updates in the traditional method it quite likely would not have been served the compromised Ccleaner binary update.
 
  • Like
Reactions: Handsome Recluse and notabot
I don't think anyone caught CCleaner when it came out. Whitelisting of course.

That was close, phew, I took my time updating CCleaner, thus my AV caught it. Now I take even longer to update, lol and do my own cleaning.

Signatures, especially BitDefender are superb at catching things. So a file you downloaded from an apparent good site...Signatures still have their uses.
 
  • Like
Reactions: Weebarra, elquenunca and oldschool
notabot said:
Which consumer products had detected & blocker ccleaner’s compromised binaries ?
Click to expand...
Aforementioned, none. It kept calling home so it was detected, wrong coding I guess. That's the importance of having the less possible ammount of installed software to reduce the surface of attack.
 
  • Like
Reactions: Weebarra, notabot, harlan4096 and 1 other person
ForgottenSeer 58943 said:
Probably none, Cylance may have though because it is fairly specialized at detecting such things but without knowing we can't say. A little story about that whole CCleaner thing. I subscribed to Ccleaner Cloud(Agomo) for my home for almost 3 years. Before the Ccleaner thing became known FortiSandbox screened that update then blocked it as a risky anomaly. I went back and forth with Ccleaner (Agomo) about this, and ultimately uninstalled it immediately and got a refund for my sub. Then just a month later all of this was revealed. So unless a product has some anti-APT type technologies, it's unlikely it would have captured it.

One method some people (including me) utilize to avoid this is to freeze updates over an extended period and/or use portable versions of software. Another method is to use a tool like Heimdal, since Heimdal doesn't install updates in the traditional method it quite likely would not have been served the compromised Ccleaner binary update.
Click to expand...
They actually made an article saying that.

Security Alert: Criminals Slip Backdoor in CCleaner to Spread Malware
"As soon as the news about the CCleaner backdoor, we conducted a thorough analysis on the patch delivered by Heimdal PRO, Heimdal FREE and Heimdal CORP on August 16 (for v5.33). The way Heimdal delivers the patch does not also involve executing any code. Therefore the backdoor is never opened. In the case of the CCleaner patch, no malicious connections were made."
 
  • Like
Reactions: Handsome Recluse, harlan4096 and oldschool
ForgottenSeer 58943 said:
Another method is to use a tool like Heimdal, since Heimdal doesn't install updates in the traditional method it quite likely would not have been served the compromised Ccleaner binary update.
Click to expand...

So in the case of ccleaner it wasn’t the patched ccleaner binary that was infected but rather it was its installer ?
How does Heimdal apply updates ?
 
Umbra said:
None, if i recall well, it had a valid certificate so it would be whitelisted by all AVs.
however it was flagged because firewalls caught its trying to call home to a suspicious adress.
Click to expand...

Which firewalls caught it? Ie windows firewall is just an application firewall I don’t think it checks for malicious endpoints
 
Umbra said:
It was not told, but i guess any FWs with outbound connections monitoring.
Click to expand...

Would this include home UTMs like Sophos XG home or Trend Micro’s AiProtection or it’s only enterprise firewalls that caught it
 
notabot said:
Would this include home UTMs like Sophos XG home or Trend Micro’s AiProtection or it’s only enterprise firewalls that caught it
Click to expand...
Basic home user one would notice it , my friend who also got "infected" don't use enterprise stuff.
 
Mariihh said:
F-Secure has always been superior to Emsisoft
Click to expand...
Seriously? Based on your observations or publicaly available "reviews"? It's like saying my mom is superior to your mom, when the core functionality of woman are same giving birth, and so is for the above mentioned AV's which are default-allow and will fail at some point protecting your Windows system.
 
Last edited by a moderator:
You must log in or register to reply here.

You may also like...