RodM1956

Level 3
So Spyshelter is not really a firewall, it is more like Windows firewall control, right? It does NOT replace windows firewall, it is just an easier front for the firewall like WFC ?
 
  • Like
Reactions: AtlBo

Raiden

Level 10
Content Creator
Verified
Ain't that the truth.

'Ground truth' in the evaluation of security is often is based on test results. To assert otherwise is stupidity. If it's just opinion based... there is virtually no point in discussion. Whether it's Malwarebytes, Webroot, McAfee, Windows Defender.. each of those capabilities (and others) sometimes gets hammered in testing.

And the oversensitive defenders come out defensively.... and the tune is often the same. Attack the test. Something is wrong with the methodology. Some other test had a good result. And my favorite.... "I've been using it forever and have never been infected." And often those capabilities attempt to stop being tested. Good strategy... as the emotional fanboys don't have as many poor results to make excuses for.

The best products rarely test at the bottom. Kaspersky, Bitdefender, Norton... you almost never see them at the bottom of any test.

And then yes... in this forum, the defensive people with bias ruin threads with their defensiveness.
To be fair, I think the problem has more to do with people not always respecting one another's opinions, rather than people not listening to the facts. A good conversation takes at least two people and they don't necessarily have to share the exact same opinion. I'm not for anyone pointing fingers one way or another, just because they don't agree. Again, to be fair, calling others fanboys and emotionally attached isn't helping things either. It doesn't make you more right.

Tests should be taken with a huge grain of salt any ways. They often do not represent what happens in the real world. I am in no way suggesting people ignore facts, but at the end of the day, it's just one data point. We cannot always take everything point blank because a test says so. There are way more reasons to choose/use a particular product such as ease of use, customer support, performance, etc...

Everyone is free to like and dislike products, but it needs to be done in a respectful way. A lot of these discussions go side ways, not because people may share a different point than the test results, but because people accuse others for this and that. Again calling people fanboys, emotionally attached and saying others have something wrong with them for liking a product such as WD is being very disrespectful. Just because you don't agree, doesn't mean you are 100% correct.

As I've said WD has come along ways on the protection front. Its not perfect, but then again nothing is. I can point to many tests where WD does very well, but you will have some people who think WD is dumb call the test stupid because WD scored well. They are doing the same thing they accuse others of doing.

Again, tests aren't everything, they should be taken with a grain of salt. Pick and choose which ever product you like. At the end of the day everyone should just respect each other and their opinions. (y):)

I just wanted to say that I've updated my previous post as it came across as being an (enter you own word) lol. I do apologize, I didn't mean for it to come across that way. I really should post until I've had my coffee in the morning. :p
 
Last edited:

Raiden

Level 10
Content Creator
Verified
Poor results for windows defender. I'm wondering if exploit guard can improve the results or no?
That's a good question. It very well may improve things, but if I had to take a guess they may add that type of protection to the browser rather than WD itself. Most of the other product do this by hooking into the browser in order to provide this type of protection. MS doesn't really like hooking into the browser, nor do Google and Mozilla. My guess is that if they do improve on this it will come in the form of an extension, built into the browser and potentially exploit guard, or maybe all 3.:)
 
Last edited:

RodM1956

Level 3
So Spyshelter is not really a firewall, it is more like Windows firewall control?

It does NOT replace windows firewall, when installed?
 
Last edited by a moderator:
  • Like
Reactions: AtlBo

Andy Ful

Level 39
Content Creator
Trusted
Verified
...
The test results speak for themselves. WD is an atrocious product when it comes to protecting against banking trojans - a fact that a small core of us knew for ages.
...
YES and NO.

This test is based on the specific procedure:
  • never seen banking malware created with python and compiled to an exe file;
  • the malware is downloaded manually in Chrome web browser;
  • the malware is then executed by the user and SmartScreen is bypassed by the user;
  • WD is on default settings (no other advanced settings available in Windows 10 Home);
The test results under these conditions are poor for WD. They should be poor because in default settings WD has poor protection against never seen malicious python scripts. The protection would be much better if the malware was created without using python, but for example, PowerShell, JScript, VBScript (especially after turning on ASR rules).

The test is OK, but there is a problem with interpreting the test results in the relation to the users' protection. In the real world, the banking malware is run in the multistage scenario, which is different from the test scenario. The EXE files and python scripts are not used in the early infection stages, but mostly VBA macros, PowerShell, JScript, and VBScript. Those attack vectors are nicely covered by WD (especially after turning on ASR rules).
So, WD has poor detection of python malware, but can apply pretty good prevention against them.

For testing the real user protection, the test should be performed in a very different scenario. However, this does not mean, that in a real world scenario WD will be the best. Yet, there are some well known tests to compare.
 

RodM1956

Level 3
So ANYWAY.........

Spyshelter is not really a firewall, it is more like Windows firewall control?

It does NOT replace windows firewall, when installed?
 
Last edited by a moderator:
  • Like
Reactions: AtlBo

dabluez98

Level 2
I get it - but this thread is not about discussing the capabilities of SpyShelter in particular, maybe more loosely, but not specifically.
 
  • Like
Reactions: AtlBo

RodM1956

Level 3
I get it - but this thread is not about discussing the capabilities of SpyShelter in particular, maybe more loosely, but not specifically.
OK so I'm discussing it loosely. Does it replace Windows Firewall or just a door keeper like Windows Firewall Control.????
 
Last edited by a moderator:
  • Like
Reactions: AtlBo

Raiden

Level 10
Content Creator
Verified
It's not about right or wrong. The facts are the facts.

If one is behaving like a fanboy or one is obviously way too emotional and causing problems on a thread, please tell me how it is inappropriate to openly state those facts ? Giving a person a verbal que to grow up whenever they are acting like a man-baby is never inappropriate.

Whose fault is it that threads degenerate into bedlam ? It sure isn't the original poster. It is the fanboys, the ones who are sensitive, the ones who go ballistic running around across forums, that time and again create the dramas. Just because a person doesn't like what is posted does not give them the right to create such havoc. However, far too often the original poster is the one targeted and labeled provocative.

Well, people talk online in different styles, just like people have different personalities. I submit that if someone reacts to a provocative post, it isn't the fault of the original poster, the person who is reacting needs to learn to control themselves - they cannot control themselves and because they cannot, they want to throw blame back onto the person who made the post. It is a childish smoke screen tactic and it is shameful that so many allow it to happen.

If people no longer have the right to express their opinions here, then close up shop. Let's all go home.

Fanboys and emotional types will continue on-and-on until they get what they want on the thread - which most of the time it is to censor those posters that post things that they do not like. They cannot handle the facts, so they will do their utmost to censor. Forums should not be about censorship, no matter how much you personally disagree with or dislike the poster. So it is absolutely appropriate call fanboys and those who cannot emotionally cope with the thread out.

One need look no further than the same thread topics - how many problems Windows causes, Windows Defender, any form of Voodooshield criticism - and the very same overly-attached people show up and cause all the problems.

Because of fanboys and the emotionally over-attached is the reason Wilders banned "What is best AV ?" discussions ages ago.
We're just going to have to agree to disagree than. I am not going to get into a long drawn out debate on the matter.

No one is censoring anyone, you seem to be the only one bringing this up. Everyone just has a difference of opinions. That's what it is, nothing more. Tests do give us data, yes, but they aren't the end all be all. I'm sorry but as I've already said, the people that accuse others of being emotional and fanyboys are just has bad as the ones they are complaining about. It takes two to tango. The reason why Wilder's banned it wasn't because of "fanboys" it was because they got to heated, as no one would respect one another. Point is, you only see your point of view as being correct and if anyone else challenges it, they are wrong. Sorry buddy, but that's not how having a fruitful conversation works.

In fact as I've mentioned in previous posts, I can find examples of certain products doing very well, however these same people will quickly discredit the test because it's not possible for something like WD to score well. If you want facts, then you have to respect all tests, not just the ones that match your point of view. And to be frankly honest with you, having a 100% detection rate, or passing a test gaurentee's nothing. All it means it is passed that test sample. If someone in the real world got infected with a new piece of malware what wasn't detected and either got their info stolen, or their files encrypted with no backups, I don't think they will care what the test results were. Point is, they got infected, but according to the "facts" it should have protected the user based on a test right?

Again, we will just have to agree to disagree. At the end of the day, no one is censoring anybody and it's possible to have thoughtful conversations without anyone trying to "win" the discussion. The points that @Andy Ful brought up are valid and help have a thoughtful conversation. I don't think anywhere in his post he was disagreeing with the test, but is just pointing out the fact that if one wanted to they can take advantage of other settings to make them more secure. I can tell you outright he isn't a fanboy, but he is very knowledgeable and knows his stuff. It doesn't make his point less valid because he is offering information and knowledge on the matter and looking at the bigger picture.
 

Umar.18

Level 1
To be fair, I think the problem has more to do with people not always respecting one another's opinions, rather than people not listening to the facts. A good conversation takes at least two people and they don't necessarily have to share the exact same opinion. I'm not for anyone pointing fingers one way or another, just because they don't agree. Again, to be fair, calling others fanboys and emotionally attached isn't helping things either. It doesn't make you more right.

Tests should be taken with a huge grain of salt any ways. They often do not represent what happens in the real world. I am in no way suggesting people ignore facts, but at the end of the day, it's just one data point. We cannot always take everything point blank because a test says so. There are way more reasons to choose/use a particular product such as ease of use, customer support, performance, etc...

Everyone is free to like and dislike products, but it needs to be done in a respectful way. A lot of these discussions go side ways, not because people may share a different point than the test results, but because people accuse others for this and that. Again calling people fanboys, emotionally attached and saying others have something wrong with them for liking a product such as WD is being very disrespectful. Just because you don't agree, doesn't mean you are 100% correct.

As I've said WD has come along ways on the protection front. Its not perfect, but then again nothing is. I can point to many tests where WD does very well, but you will have some people who think WD is dumb call the test stupid because WD scored well. They are doing the same thing they accuse others of doing.

Again, tests aren't everything, they should be taken with a grain of salt. Pick and choose which ever product you like. At the end of the day everyone should just respect each other and their opinions. (y):)

I just wanted to say that I've updated my previous post as it came across as being an (enter you own word) lol. I do apologize, I didn't mean for it to come across that way. I really should post until I've had my coffee in the morning. :p
100% agreed. Opinions must be respected. No product can guarantee 100% protection. It is true in theory and test results only. If all the test results are correct and represent real world scenarios then why there was a Wannacry massacre a few years back? Who is responsible for Billions of Dollars in loss? Simple answer is 'no one is responsible' except the creators of the nasty worm. NOne of the security firms can be held responsible for not stopping or detecting the worm in the first place. All of the security software companies are doing the right things to make the world safer for us. No one is 100% right but at the end they are contributing to make the world safer.
 

Azure

Level 23
Content Creator
Verified
100% agreed. Opinions must be respected. No product can guarantee 100% protection. It is true in theory and test results only. If all the test results are correct and represent real world scenarios then why there was a Wannacry massacre a few years back? Who is responsible for Billions of Dollars in loss? Simple answer is 'no one is responsible' except the creators of the nasty worm. NOne of the security firms can be held responsible for not stopping or detecting the worm in the first place. All of the security software companies are doing the right things to make the world safer for us. No one is 100% right but at the end they are contributing to make the world safer.
Weren't some of them, like ESET and Kaspersky, able to detect WannaCry/EternalBlue at its early stage though?
 

Umar.18

Level 1
Weren't some of them, like ESET and Kaspersky, able to detect WannaCry/EternalBlue at its early stage though?
Yes! you are right they may have stopped the worm. Dr. Web claimed that none of their users machines were compromised. I have already said that they are all doing the right thing. None of them is 100% protective and none of them is 100% crap on the other hand too.
 
  • Like
Reactions: AtlBo and roger_m

Adrian Ścibor

From AVLab.pl
Verified
Poor results for windows defender. I'm wondering if exploit guard can improve the results or no?
Prepared threats were not exploits. It will not make a difference result.

This test is based on the specific procedure:
  • never seen banking malware created with python and compiled to an exe file;
  • the malware is downloaded manually in Chrome web browser;
  • the malware is then executed by the user and SmartScreen is bypassed by the user;
  • WD is on default settings (no other advanced settings available in Windows 10 Home);

It's amazing how was easy bypass protection with a script compiled to EXE.

  • the malware did not have a digital signature
  • it was not compressed (no packers, obfuscators used)
  • most firewall modules did not react to sending stolen information to the server
  • often malware can be run without problems
In a real attack, criminals should be interested in Python scripts compiled for Windows.
 

Andy Ful

Level 39
Content Creator
Trusted
Verified
Prepared threats were not exploits. It will not make a difference result.
I think that it could make difference in 'DLL Injecting Attack'.

It's amazing how was easy bypass protection with a script compiled to EXE.

  • the malware did not have a digital signature
  • it was not compressed (no packers, obfuscators used)
  • most firewall modules did not react to sending stolen information to the server
  • often malware can be run without problems
In a real attack, criminals should be interested in Python scripts compiled for Windows.
That is true. The problem can be with delivery method. But, this can be accomplished by using the known scripting methods. I performed AVs anti-script test (on max AVs settings) against the simple scripts which downloaded and next executed an EXE file. The results were not good for any AV (some were terrible) except mks_vir Internet Security (blocked Internet connection for WSH and PowerShell) and specially tweaked KIS (script Interpreters highly restricted by Application Control). I tested only eight AVs but the results would be similar, except when script Interpreters are specially restricted like in mks_vir or Kaspersky (ESET HIPS can do it).
Tested Avs: Avira Free, BitDefender Free, BitDefender TS, F-Secure Safe, Kaspersky Free, Kaspersky IS, mks_vir IS, Sophos Premium. The test details and discussion can be seen on MT thread starting with post:
https://malwaretips.com/threads/do-we-actually-need-so-many-security-programs.87717/post-774150
 
Last edited: