Entreri

Level 7
Microsoft has picked itself up. So these are mere browser dependent testing.

Legitimate software can be compromised (CCleaner). One can download what appears to be good software or file.

In more holistic testing, BitDefender and Kaspersky typically come out on top.
 

Slyguy

Level 43
F-Secure has always been superior to Emsisoft, I don't know why the surprise :giggle:
Emsisoft has struggled in recent tests and on the hub. Also Emsisoft did poorly on the performance test. I tried Emsisoft last week and it felt really heavy on my PC (Ryzen, 1070Ti, Nvme drives) and really didn't perform well on my own malware pack testing on HE. My thought was it would be fine paired with adjunct tech like OSA or preferably VoodooShield.

However if I have to pair an anti-EXE with a suite, I probably don't want to spend a lot of money on that suite when free/dirt cheap solutions are available that can do that just fine.
 

Robbie

Level 30
Verified
Content Creator
Malware Tester
Emsisoft has struggled in recent tests and on the hub. Also Emsisoft did poorly on the performance test. I tried Emsisoft last week and it felt really heavy on my PC (Ryzen, 1070Ti, Nvme drives) and really didn't perform well on my own malware pack testing on HE. My thought was it would be fine paired with adjunct tech like OSA or preferably VoodooShield.

However if I have to pair an anti-EXE with a suite, I probably don't want to spend a lot of money on that suite when free/dirt cheap solutions are available that can do that just fine.
That's why antivirus tests are so... "irrelevant". Their whole technology or back-end work can be fu$%& up with one single Windows update or patch. It's unpredictable and will impact on the performance and protection tests, hence why the same products reaches different peeks on the same tests.
 

Slyguy

Level 43
If I wanted to pair solutions I'd pick Bullguard Premium over Emsisoft because Bullguard is dirt cheap, has a real firewall, Bit Defender sigs, then toss VS/OSA onto it and call it a day. (with VS/OSA making up for the sleepy BB in Bullguard) Vipre probably fits into that category as well I guess.

BTW: Trustport AV lost their AVG/Avast license, so it's single engine Bit Defender database now. Not relevant to this discussion but figured I would mention it since Trust post isn't trustworthy as they still claim they have 2 engines when they don't.
 

Slyguy

Level 43
Which consumer products had detected & blocker ccleaner’s compromised binaries ?
Probably none, Cylance may have though because it is fairly specialized at detecting such things but without knowing we can't say. A little story about that whole CCleaner thing. I subscribed to Ccleaner Cloud(Agomo) for my home for almost 3 years. Before the Ccleaner thing became known FortiSandbox screened that update then blocked it as a risky anomaly. I went back and forth with Ccleaner (Agomo) about this, and ultimately uninstalled it immediately and got a refund for my sub. Then just a month later all of this was revealed. So unless a product has some anti-APT type technologies, it's unlikely it would have captured it.

One method some people (including me) utilize to avoid this is to freeze updates over an extended period and/or use portable versions of software. Another method is to use a tool like Heimdal, since Heimdal doesn't install updates in the traditional method it quite likely would not have been served the compromised Ccleaner binary update.
 

Entreri

Level 7
I don't think anyone caught CCleaner when it came out. Whitelisting of course.

That was close, phew, I took my time updating CCleaner, thus my AV caught it. Now I take even longer to update, lol and do my own cleaning.

Signatures, especially BitDefender are superb at catching things. So a file you downloaded from an apparent good site...Signatures still have their uses.
 

Azure

Level 25
Verified
Content Creator
Probably none, Cylance may have though because it is fairly specialized at detecting such things but without knowing we can't say. A little story about that whole CCleaner thing. I subscribed to Ccleaner Cloud(Agomo) for my home for almost 3 years. Before the Ccleaner thing became known FortiSandbox screened that update then blocked it as a risky anomaly. I went back and forth with Ccleaner (Agomo) about this, and ultimately uninstalled it immediately and got a refund for my sub. Then just a month later all of this was revealed. So unless a product has some anti-APT type technologies, it's unlikely it would have captured it.

One method some people (including me) utilize to avoid this is to freeze updates over an extended period and/or use portable versions of software. Another method is to use a tool like Heimdal, since Heimdal doesn't install updates in the traditional method it quite likely would not have been served the compromised Ccleaner binary update.
They actually made an article saying that.

Security Alert: Criminals Slip Backdoor in CCleaner to Spread Malware
"As soon as the news about the CCleaner backdoor, we conducted a thorough analysis on the patch delivered by Heimdal PRO, Heimdal FREE and Heimdal CORP on August 16 (for v5.33). The way Heimdal delivers the patch does not also involve executing any code. Therefore the backdoor is never opened. In the case of the CCleaner patch, no malicious connections were made."
 

notabot

Level 15
Another method is to use a tool like Heimdal, since Heimdal doesn't install updates in the traditional method it quite likely would not have been served the compromised Ccleaner binary update.
So in the case of ccleaner it wasn’t the patched ccleaner binary that was infected but rather it was its installer ?
How does Heimdal apply updates ?
 

notabot

Level 15
None, if i recall well, it had a valid certificate so it would be whitelisted by all AVs.
however it was flagged because firewalls caught its trying to call home to a suspicious adress.
Which firewalls caught it? Ie windows firewall is just an application firewall I don’t think it checks for malicious endpoints
 
D

Deleted member 178

Would this include home UTMs like Sophos XG home or Trend Micro’s AiProtection or it’s only enterprise firewalls that caught it
Basic home user one would notice it , my friend who also got "infected" don't use enterprise stuff.
 
D

Deleted Member 3a5v73x

F-Secure has always been superior to Emsisoft
Seriously? Based on your observations or publicaly available "reviews"? It's like saying my mom is superior to your mom, when the core functionality of woman are same giving birth, and so is for the above mentioned AV's which are default-allow and will fail at some point protecting your Windows system.
 
Last edited by a moderator: