AVLab Feb 2019 - Online Banking Protection Test (Windows 10)

[RodM1956]

So Spyshelter is not really a firewall, it is more like Windows firewall control, right? It does NOT replace windows firewall, it is just an easier front for the firewall like WFC ?

 

[ForgottenSeer 72227]

Ain't that the truth.

'Ground truth' in the evaluation of security is often is based on test results. To assert otherwise is stupidity. If it's just opinion based... there is virtually no point in discussion. Whether it's Malwarebytes, Webroot, McAfee, Windows Defender.. each of those capabilities (and others) sometimes gets hammered in testing.

And the oversensitive defenders come out defensively.... and the tune is often the same. Attack the test. Something is wrong with the methodology. Some other test had a good result. And my favorite.... "I've been using it forever and have never been infected." And often those capabilities attempt to stop being tested. Good strategy... as the emotional fanboys don't have as many poor results to make excuses for.

The best products rarely test at the bottom. Kaspersky, Bitdefender, Norton... you almost never see them at the bottom of any test.

And then yes... in this forum, the defensive people with bias ruin threads with their defensiveness.

To be fair, I think the problem has more to do with people not always respecting one another's opinions, rather than people not listening to the facts. A good conversation takes at least two people and they don't necessarily have to share the exact same opinion. I'm not for anyone pointing fingers one way or another, just because they don't agree. Again, to be fair, calling others fanboys and emotionally attached isn't helping things either. It doesn't make you more right.

Tests should be taken with a huge grain of salt any ways. They often do not represent what happens in the real world. I am in no way suggesting people ignore facts, but at the end of the day, it's just one data point. We cannot always take everything point blank because a test says so. There are way more reasons to choose/use a particular product such as ease of use, customer support, performance, etc...

Everyone is free to like and dislike products, but it needs to be done in a respectful way. A lot of these discussions go side ways, not because people may share a different point than the test results, but because people accuse others for this and that. Again calling people fanboys, emotionally attached and saying others have something wrong with them for liking a product such as WD is being very disrespectful. Just because you don't agree, doesn't mean you are 100% correct.

As I've said WD has come along ways on the protection front. Its not perfect, but then again nothing is. I can point to many tests where WD does very well, but you will have some people who think WD is dumb call the test stupid because WD scored well. They are doing the same thing they accuse others of doing.

Again, tests aren't everything, they should be taken with a grain of salt. Pick and choose which ever product you like. At the end of the day everyone should just respect each other and their opinions.

I just wanted to say that I've updated my previous post as it came across as being an (enter you own word) lol. I do apologize, I didn't mean for it to come across that way. I really should post until I've had my coffee in the morning.

 

[Sunshine-boy]

Poor results for windows defender. I'm wondering if exploit guard can improve the results or no?

 

[ForgottenSeer 72227]

Poor results for windows defender. I'm wondering if exploit guard can improve the results or no?

That's a good question. It very well may improve things, but if I had to take a guess they may add that type of protection to the browser rather than WD itself. Most of the other product do this by hooking into the browser in order to provide this type of protection. MS doesn't really like hooking into the browser, nor do Google and Mozilla. My guess is that if they do improve on this it will come in the form of an extension, built into the browser and potentially exploit guard, or maybe all 3.

 

[RodM1956]

So Spyshelter is not really a firewall, it is more like Windows firewall control?

It does NOT replace windows firewall, when installed?

 

[212eta]

Poor results for windows defender. I'm wondering if exploit guard can improve the results or no?

Time will tell...

 

[dabluez98]

So Spyshelter is not really a firewall, it is more like Windows firewall control?

It does NOT replace windows firewall, when installed?

Make a separate thread for this? I dont know i dont yse spyshelter

 

[Andy Ful]

...
The test results speak for themselves. WD is an atrocious product when it comes to protecting against banking trojans - a fact that a small core of us knew for ages.
...

YES and NO.

This test is based on the specific procedure:

• never seen banking malware created with python and compiled to an exe file;
• the malware is downloaded manually in Chrome web browser;
• the malware is then executed by the user and SmartScreen is bypassed by the user;
• WD is on default settings (no other advanced settings available in Windows 10 Home);

The test results under these conditions are poor for WD. They should be poor because in default settings WD has poor protection against never seen malicious python scripts. The protection would be much better if the malware was created without using python, but for example, PowerShell, JScript, VBScript (especially after turning on ASR rules).

The test is OK, but there is a problem with interpreting the test results in the relation to the users' protection. In the real world, the banking malware is run in the multistage scenario, which is different from the test scenario. The EXE files and python scripts are not used in the early infection stages, but mostly VBA macros, PowerShell, JScript, and VBScript. Those attack vectors are nicely covered by WD (especially after turning on ASR rules).
So, WD has poor detection of python malware, but can apply pretty good prevention against them.

For testing the real user protection, the test should be performed in a very different scenario. However, this does not mean, that in a real world scenario WD will be the best. Yet, there are some well known tests to compare.

 

[Cortex]

Erm... I thought Emsisoft did reasonably well & Norton excellent (within the parameters of the test of course)

 

[RodM1956]

Make a separate thread for this? I dont know i dont yse spyshelter

TRY LOOKING AT PAGE 1 click on link.

 

[RodM1956]

So ANYWAY.........

Spyshelter is not really a firewall, it is more like Windows firewall control?

It does NOT replace windows firewall, when installed?

 

[dabluez98]

I get it - but this thread is not about discussing the capabilities of SpyShelter in particular, maybe more loosely, but not specifically.

 

[RodM1956]

I get it - but this thread is not about discussing the capabilities of SpyShelter in particular, maybe more loosely, but not specifically.

OK so I'm discussing it loosely. Does it replace Windows Firewall or just a door keeper like Windows Firewall Control.????

 

[SeriousHoax]

Erm... I thought Emsisoft did reasonably well & Norton excellent (within the parameters of the test of course)

I was waiting for someone to talk about Emsisoft. Norton killed the test of course but Emsisoft did really well with the default settings. Very impressive.

 

[ForgottenSeer 72227]

It's not about right or wrong. The facts are the facts.

If one is behaving like a fanboy or one is obviously way too emotional and causing problems on a thread, please tell me how it is inappropriate to openly state those facts ? Giving a person a verbal que to grow up whenever they are acting like a man-baby is never inappropriate.

Whose fault is it that threads degenerate into bedlam ? It sure isn't the original poster. It is the fanboys, the ones who are sensitive, the ones who go ballistic running around across forums, that time and again create the dramas. Just because a person doesn't like what is posted does not give them the right to create such havoc. However, far too often the original poster is the one targeted and labeled provocative.

Well, people talk online in different styles, just like people have different personalities. I submit that if someone reacts to a provocative post, it isn't the fault of the original poster, the person who is reacting needs to learn to control themselves - they cannot control themselves and because they cannot, they want to throw blame back onto the person who made the post. It is a childish smoke screen tactic and it is shameful that so many allow it to happen.

If people no longer have the right to express their opinions here, then close up shop. Let's all go home.

Fanboys and emotional types will continue on-and-on until they get what they want on the thread - which most of the time it is to censor those posters that post things that they do not like. They cannot handle the facts, so they will do their utmost to censor. Forums should not be about censorship, no matter how much you personally disagree with or dislike the poster. So it is absolutely appropriate call fanboys and those who cannot emotionally cope with the thread out.

One need look no further than the same thread topics - how many problems Windows causes, Windows Defender, any form of Voodooshield criticism - and the very same overly-attached people show up and cause all the problems.

Because of fanboys and the emotionally over-attached is the reason Wilders banned "What is best AV ?" discussions ages ago.

We're just going to have to agree to disagree than. I am not going to get into a long drawn out debate on the matter.

No one is censoring anyone, you seem to be the only one bringing this up. Everyone just has a difference of opinions. That's what it is, nothing more. Tests do give us data, yes, but they aren't the end all be all. I'm sorry but as I've already said, the people that accuse others of being emotional and fanyboys are just has bad as the ones they are complaining about. It takes two to tango. The reason why Wilder's banned it wasn't because of "fanboys" it was because they got to heated, as no one would respect one another. Point is, you only see your point of view as being correct and if anyone else challenges it, they are wrong. Sorry buddy, but that's not how having a fruitful conversation works.

In fact as I've mentioned in previous posts, I can find examples of certain products doing very well, however these same people will quickly discredit the test because it's not possible for something like WD to score well. If you want facts, then you have to respect all tests, not just the ones that match your point of view. And to be frankly honest with you, having a 100% detection rate, or passing a test gaurentee's nothing. All it means it is passed that test sample. If someone in the real world got infected with a new piece of malware what wasn't detected and either got their info stolen, or their files encrypted with no backups, I don't think they will care what the test results were. Point is, they got infected, but according to the "facts" it should have protected the user based on a test right?

Again, we will just have to agree to disagree. At the end of the day, no one is censoring anybody and it's possible to have thoughtful conversations without anyone trying to "win" the discussion. The points that @Andy Ful brought up are valid and help have a thoughtful conversation. I don't think anywhere in his post he was disagreeing with the test, but is just pointing out the fact that if one wanted to they can take advantage of other settings to make them more secure. I can tell you outright he isn't a fanboy, but he is very knowledgeable and knows his stuff. It doesn't make his point less valid because he is offering information and knowledge on the matter and looking at the bigger picture.

 

[Azure]

100% agreed. Opinions must be respected. No product can guarantee 100% protection. It is true in theory and test results only. If all the test results are correct and represent real world scenarios then why there was a Wannacry massacre a few years back? Who is responsible for Billions of Dollars in loss? Simple answer is 'no one is responsible' except the creators of the nasty worm. NOne of the security firms can be held responsible for not stopping or detecting the worm in the first place. All of the security software companies are doing the right things to make the world safer for us. No one is 100% right but at the end they are contributing to make the world safer.

Weren't some of them, like ESET and Kaspersky, able to detect WannaCry/EternalBlue at its early stage though?

 

[Adrian Ścibor]

Poor results for windows defender. I'm wondering if exploit guard can improve the results or no?

Prepared threats were not exploits. It will not make a difference result.

This test is based on the specific procedure:

• never seen banking malware created with python and compiled to an exe file;
• the malware is downloaded manually in Chrome web browser;
• the malware is then executed by the user and SmartScreen is bypassed by the user;
• WD is on default settings (no other advanced settings available in Windows 10 Home);

It's amazing how was easy bypass protection with a script compiled to EXE.

• the malware did not have a digital signature
• it was not compressed (no packers, obfuscators used)
• most firewall modules did not react to sending stolen information to the server
• often malware can be run without problems

In a real attack, criminals should be interested in Python scripts compiled for Windows.

 

[Andy Ful]

Prepared threats were not exploits. It will not make a difference result.

I think that it could make difference in 'DLL Injecting Attack'.

It's amazing how was easy bypass protection with a script compiled to EXE.

• the malware did not have a digital signature
• it was not compressed (no packers, obfuscators used)
• most firewall modules did not react to sending stolen information to the server
• often malware can be run without problems

In a real attack, criminals should be interested in Python scripts compiled for Windows.

That is true. The problem can be with delivery method. But, this can be accomplished by using the known scripting methods. I performed AVs anti-script test (on max AVs settings) against the simple scripts which downloaded and next executed an EXE file. The results were not good for any AV (some were terrible) except mks_vir Internet Security (blocked Internet connection for WSH and PowerShell) and specially tweaked KIS (script Interpreters highly restricted by Application Control). I tested only eight AVs but the results would be similar, except when script Interpreters are specially restricted like in mks_vir or Kaspersky (ESET HIPS can do it).
Tested Avs: Avira Free, BitDefender Free, BitDefender TS, F-Secure Safe, Kaspersky Free, Kaspersky IS, mks_vir IS, Sophos Premium. The test details and discussion can be seen on MT thread starting with post:
https://malwaretips.com/threads/do-we-actually-need-so-many-security-programs.87717/post-774150

 

[Cortex]

The test does not involve an exploit, therefore Windows Security Exploit Guard would not make a difference.



No. Neither one has a banking protection module. Both products have better protection by design. However, I would be remiss if I did not point out that Norton fails miserably against MRG Effitas' online banking simulators.


At default settings. As Adrian explained, the point of the test was to test the products at maximum settings because default settings do not provide the requisite protection.



No one creates their own firewall to replace the Windows firewall in this day and age. Except for a few utility-type firewalls, all the publishers use WFP. A custom firewall won't provide any greater protection than using WFP.



It's not about right or wrong. The facts are the facts.

If one is behaving like a fanboy or one is obviously way too emotional and causing problems on a thread, please tell me how it is inappropriate to openly state those facts ? Giving a person a verbal que to grow up whenever they are acting like a man-baby is never inappropriate.

And I want to further qualify the above statement. It is inappropriate to attack the original poster because you happen to not like the subject matter. All one need do is visit any of the Windows sucks threads on this forum to see how many times the person who created the thread is the one who is attacked en-masse.

Whose fault is it that threads degenerate into bedlam ? It sure isn't the original poster. It is the fanboys, and the ones who are sensitive, the ones who go ballistic running around across forums, crying to staff, that time and again create the dramas. Just because a person doesn't like what is posted or who posted it does not give them the right to create such havoc. However, far too often the original poster is the one targeted and labeled provocative.

Well, people talk online in different styles, just like people have different personalities. I submit that if someone reacts to a provocative post, it isn't the fault of the original poster, the person who is reacting needs to learn to control themselves - they cannot control themselves and because they cannot, they want to throw blame back onto the person who made the post. It is a childish smoke screen tactic and it is shameful that so many allow it to happen.

If people no longer have the right to express their opinions here, then close up shop. Let's all go home.

Fanboys and emotional types will continue on-and-on until they get what they want on the thread - which most of the time it is to censor those posters that post things that they do not like. They cannot handle the facts, so they will do their utmost to censor. Forums should not be about censorship, no matter how much you personally disagree with or dislike the poster. So it is absolutely appropriate call fanboys and those who cannot emotionally cope with the thread out.

One need look no further than the same thread topics - how many problems Windows causes, Windows Defender, any form of Voodooshield criticism - and the very same overly-attached people show up and cause all the problems.

Because of fanboys and the emotionally over-attached is the reason Wilders banned "What is best AV ?" discussions ages ago.

People cannot control their emotions and everyone else has to pay for it. I can create a single thread here using entirely innocent, legit language but because of what is said, I can guarantee you total chaos would ensue. People will report the post, there will be an open fight, people will run over to other forums to tattle-tale, people will complain to staff, and the thread will be shutdown and the original poster will be issued ban points. It is all because of the fan-boys and man-babies here. It is as simple as that.



The use of python is irrelevant. As the test shows, none of the third party solutions had a grave problem with it.

Either a security software protects or it does not. Making adjustments, rationalizing away the test results on the basis of it not being real-world or some other condition, that is the stuff of which Cylance is made - and does those who are interested in the real facts a great disservice.

The facts are the facts.

One cannot control what a security software will face in the real world. Therefore, the only thing that matters is its absolute protection within the scope of what it is designed to do. And what this test proves is that Windows Security has another gaping hole in its protections. It is unable to protect an active banking trojan protection. Game over. It's a disgusting wart of a product (in many more ways than are covered here).

And a word on prevalence testing. Tests that use only prevalent malware, more or less - that is like testing a person to see if they will get smallpox if they area already vaccinated against smallpox.

Thread destroyed (yet again) by prolonged rants & it's not difficult to see why you were obviously banned, & I wonder have you taken your medication, that is serous. BTW there are members other than the male sex here & some references are sexist & have no place today - (IMHO)

 

[DesperateDan]

All software is continually evolving, especially malware. Even what you would think would be the most trusted and most tested sources can have serious issues as the recent Boeing example demonstrates.

Whilst Windows remains the most used operating system it will also remain the most targeted which together with it’s inbuilt system vulnerabilities make it unsuitable for sensitive data transactions full stop.

Changing antivirus programs based on the latest round of tests achieves nothing and can even reduce your overall protection depending on how the previous incumbents were removed.

I’ve never understood the self inflicted user stress regarding online banking when there are two very simple solutions available to everyone.

My business relies on data security so I would never let Windows anywhere near it but even if you don’t want to use Linux full time how much time and trouble v peace of mind does it take to fire up a dedicated secure Linux live session to make your banking transactions?

You could use pretty much any live Linux but this specialist distro is designed for the purpose and has just been updated (solution1).

Tails - Privacy for anyone anywhere

Solution two would be your local bank’s fraud insurance. I have insurance on two accounts and a credit card the annual cost for which is less than I would pay for a commercial antivirus. The only requirement is I have to notify the bank within 48 hours of a fraudulent transaction which just means checking once a day. Credit card transactions are notified to my phone in real time so I’d need to be pretty dumb not to see something wrong there. Depending on the company you use you can often get this insurance added to your household policy but be sure to read the small print!

Your own bank might provide alternative solutions but relying on Windows security software is not the best way to go.