Security News AV-Comparatives Real-World Protection Test October 2018

Entreri

Level 7
Verified
May 25, 2015
342
Microsoft has picked itself up. So these are mere browser dependent testing.

Legitimate software can be compromised (CCleaner). One can download what appears to be good software or file.

In more holistic testing, BitDefender and Kaspersky typically come out on top.
 
F

ForgottenSeer 58943

F-Secure has always been superior to Emsisoft, I don't know why the surprise :giggle:

Emsisoft has struggled in recent tests and on the hub. Also Emsisoft did poorly on the performance test. I tried Emsisoft last week and it felt really heavy on my PC (Ryzen, 1070Ti, Nvme drives) and really didn't perform well on my own malware pack testing on HE. My thought was it would be fine paired with adjunct tech like OSA or preferably VoodooShield.

However if I have to pair an anti-EXE with a suite, I probably don't want to spend a lot of money on that suite when free/dirt cheap solutions are available that can do that just fine.
 

RoboMan

Level 34
Thread author
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
Emsisoft has struggled in recent tests and on the hub. Also Emsisoft did poorly on the performance test. I tried Emsisoft last week and it felt really heavy on my PC (Ryzen, 1070Ti, Nvme drives) and really didn't perform well on my own malware pack testing on HE. My thought was it would be fine paired with adjunct tech like OSA or preferably VoodooShield.

However if I have to pair an anti-EXE with a suite, I probably don't want to spend a lot of money on that suite when free/dirt cheap solutions are available that can do that just fine.
That's why antivirus tests are so... "irrelevant". Their whole technology or back-end work can be fu$%& up with one single Windows update or patch. It's unpredictable and will impact on the performance and protection tests, hence why the same products reaches different peeks on the same tests.
 
F

ForgottenSeer 58943

If I wanted to pair solutions I'd pick Bullguard Premium over Emsisoft because Bullguard is dirt cheap, has a real firewall, Bit Defender sigs, then toss VS/OSA onto it and call it a day. (with VS/OSA making up for the sleepy BB in Bullguard) Vipre probably fits into that category as well I guess.

BTW: Trustport AV lost their AVG/Avast license, so it's single engine Bit Defender database now. Not relevant to this discussion but figured I would mention it since Trust post isn't trustworthy as they still claim they have 2 engines when they don't.
 
F

ForgottenSeer 58943

Which consumer products had detected & blocker ccleaner’s compromised binaries ?

Probably none, Cylance may have though because it is fairly specialized at detecting such things but without knowing we can't say. A little story about that whole CCleaner thing. I subscribed to Ccleaner Cloud(Agomo) for my home for almost 3 years. Before the Ccleaner thing became known FortiSandbox screened that update then blocked it as a risky anomaly. I went back and forth with Ccleaner (Agomo) about this, and ultimately uninstalled it immediately and got a refund for my sub. Then just a month later all of this was revealed. So unless a product has some anti-APT type technologies, it's unlikely it would have captured it.

One method some people (including me) utilize to avoid this is to freeze updates over an extended period and/or use portable versions of software. Another method is to use a tool like Heimdal, since Heimdal doesn't install updates in the traditional method it quite likely would not have been served the compromised Ccleaner binary update.
 

Entreri

Level 7
Verified
May 25, 2015
342
I don't think anyone caught CCleaner when it came out. Whitelisting of course.

That was close, phew, I took my time updating CCleaner, thus my AV caught it. Now I take even longer to update, lol and do my own cleaning.

Signatures, especially BitDefender are superb at catching things. So a file you downloaded from an apparent good site...Signatures still have their uses.
 

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,712
Probably none, Cylance may have though because it is fairly specialized at detecting such things but without knowing we can't say. A little story about that whole CCleaner thing. I subscribed to Ccleaner Cloud(Agomo) for my home for almost 3 years. Before the Ccleaner thing became known FortiSandbox screened that update then blocked it as a risky anomaly. I went back and forth with Ccleaner (Agomo) about this, and ultimately uninstalled it immediately and got a refund for my sub. Then just a month later all of this was revealed. So unless a product has some anti-APT type technologies, it's unlikely it would have captured it.

One method some people (including me) utilize to avoid this is to freeze updates over an extended period and/or use portable versions of software. Another method is to use a tool like Heimdal, since Heimdal doesn't install updates in the traditional method it quite likely would not have been served the compromised Ccleaner binary update.
They actually made an article saying that.

Security Alert: Criminals Slip Backdoor in CCleaner to Spread Malware
"As soon as the news about the CCleaner backdoor, we conducted a thorough analysis on the patch delivered by Heimdal PRO, Heimdal FREE and Heimdal CORP on August 16 (for v5.33). The way Heimdal delivers the patch does not also involve executing any code. Therefore the backdoor is never opened. In the case of the CCleaner patch, no malicious connections were made."
 

notabot

Level 15
Verified
Oct 31, 2018
703
Another method is to use a tool like Heimdal, since Heimdal doesn't install updates in the traditional method it quite likely would not have been served the compromised Ccleaner binary update.

So in the case of ccleaner it wasn’t the patched ccleaner binary that was infected but rather it was its installer ?
How does Heimdal apply updates ?
 

notabot

Level 15
Verified
Oct 31, 2018
703
None, if i recall well, it had a valid certificate so it would be whitelisted by all AVs.
however it was flagged because firewalls caught its trying to call home to a suspicious adress.

Which firewalls caught it? Ie windows firewall is just an application firewall I don’t think it checks for malicious endpoints
 

notabot

Level 15
Verified
Oct 31, 2018
703
It was not told, but i guess any FWs with outbound connections monitoring.

Would this include home UTMs like Sophos XG home or Trend Micro’s AiProtection or it’s only enterprise firewalls that caught it
 
D

Deleted member 178

Would this include home UTMs like Sophos XG home or Trend Micro’s AiProtection or it’s only enterprise firewalls that caught it
Basic home user one would notice it , my friend who also got "infected" don't use enterprise stuff.
 
D

Deleted Member 3a5v73x

F-Secure has always been superior to Emsisoft
Seriously? Based on your observations or publicaly available "reviews"? It's like saying my mom is superior to your mom, when the core functionality of woman are same giving birth, and so is for the above mentioned AV's which are default-allow and will fail at some point protecting your Windows system.
 
Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top