App Review Avira Internet Security vs Ransomware

[cruelsister]

 

[XIII]

Almost too predictable. Not a whole lot of people doing it right in the ransomware game. A lot of companies seem more interested in throwing money away at bloated statistics.

 

[Der.Reisende]

Almost too predictable. Not a whole lot of people doing it right in the ransomware game. A lot of companies seem more interested in throwing money away at bloated statistics.

+1

Took me only one random zero day Locky script out of a quite current pack from the HUB to waste Avira Pro (tested 1-1,5 weeks ago). Avira has quite good detections, but it takes them quite long to add signatures for SUDed files (from 2 to 6 hours i had everything).
I really like their detailed reports on submitted files, however, as they clearly advertise Anti-Ransom capabilities in their paid versions, they should really step up their game.

Spoiler: Avira Products

Back to topic: Thank you for another great vid @cruelsister, though I knew what would happen, I really enjoyed the clocklike Sunday vid of yours
P.S. Which ransomware was the 2nd one, looking like a installer? I did not see a wallpaper making it able to identify.

 

[SHvFl]

Almost too predictable. Not a whole lot of people doing it right in the ransomware game. A lot of companies seem more interested in throwing money away at bloated statistics.

Almost correct. They care about ransomware because it's a threat that scares users so it can be used for advertisement. Now why their product sucks at stopping them it's because they are stuck in 2002 with their precious signatures.

 

[vinylmeister]

Thank you @cruelsister for another impressive video. Compared to the "testers" a result as expected. Your tests are the one to rely on. You should give them a score

 

[_CyberGhosT_]

I feel better and better every day about moving away from sig based protection.
Thanks CrUeL-SiS

 

[MalwareBlockerYT]

Nice video

 

[Wave]

Sorry, I know Avira is a respectable and reputable security company, but they have joke products and it's been this way for a long time now. I agree with @XIII and @SHvFl (by the way I almost died laughing while reading the part about their "precious" signatures).

They need to step up their game and focus more on the dynamic aspects of malicious software protection, as opposed to keeping their focus directly on static detection methods - such as signature-based detection through checksum signatures - which are getting more and more obsolete everyday through the usage of zero-day packing techniques and even .NET obfuscation methods.

It seems they have an outdated engine and an outdated GUI - by "outdated" I am referring to it not being modern - since modern protection engines these days include really good dynamic heuristics, sandboxing, BB/HIPS protection mechanisms...

I know some people may not like what I am about to say, but I find it lazy and completely ridiculous that they have fallen behind with all the money they make... Many people use Avira, they surely have enough to invest in development of more sophisticated behavioural components. In fact, they don't even need to necessarily invest money, they can just do their own research on malware analysis and apply some basic concepts they should already know to develop at least a basic HIPS engine.

Hopefully Avira see this and take these points on-board, they are wasting too much time focusing on their signatures and their speed-up optimisation software/software launcher (they need to completely ditch the optimisation software and the launcher since it wastes their resources and is starting to ruin their image a bit IMO), when they could be spending more time on what really matters these days.

 

[ForgottenSeer 55474]

Hello and thanks for a great video,though i thought Avira would make it

 

[Evjl's Rain]

Hello and thanks for a great video,though i thought Avira would make it

for cruelsister, only 360 and comodo may pass against ransomware tests due to comodo autosandbox and 360 semi-HIPS
the rest, she would be able to find a flaw

 

[Brahman]

for cruelsister, only 360 and comodo may pass against ransomware tests due to comodo autosandbox and 360 semi-HIPS
the rest, she would be able to find a flaw

She is able to find the flaw because the FLAW exists ( which is there to see for every one's eye) and not because she is so adamant to find the flaw.

 

[Evjl's Rain]

She is able to find the flaw because the FLAW exists ( which is there to see for every one's eye) and not because she is so adamant to find the flaw.

I mean the malware samples
360 HIPS is very very sensitive against ransomwares but not as sensive against normal malwares
comodo is unpredictable, ransomwares may bypass

I didn't mean she does not want to find a flaw for those 2 but 360 and comodo did well with her samples

many other AVs don't use default-deny which means it's easier to find ransomware samples that can bypass the products

 

[mamamia]

Qihoo 360 is the antivirus that has done better in these video-tests.

 

[Fel Grossi]

Hello @cruelsister

Next time, please you could show the Avira Protection Cloud (APC) enabled, is an important module currently in Avira, so the request.

Thanks for the video, great as always.

 

[cruelsister]

Felipe- The Cloud is enabled by default. Although it made no difference in the test, the term does sound impressive!

 

[Rodney74]

The term does sound impressive!

LOL