Security News Business Security Test 2018 (March – June)

Snickers102

Level 1
Verified
Jul 5, 2018
46
Upon default install it is already in protected mode.

You're not Lockdown. I don't believe you unless you're Lockdown. Only he knows the ins and outs of Appguard, only he can purify us all from this hell and bring salvation to the world, save the human population from unavoidable extinction and show us the light that is appguard



Also, I'm not sure how the performance test is done, but I feel my PC is faster with Microsoft Defender than it was with Kaspersky (not a placebo feeling but a real feeling, I can sense the difference of 20 ping in multiplayer games, which is 20 milliseconds, so I can definitely sense when a product is like a few hundred milliseconds faster than another, for example), even though I'm using max settings for Defender, not counting the cloud scan delay thing which obviously delays for a long time. But then again, Baseline system: Intel Core i3-4005U machine with 4GB RAM and HDD drive, that's some 1990 stuff, I know the average employee's computer is absolute trash cuz there are way too many computers, but that's like too trash, with 4gb ram you can't even turn on your computer yet alone do important business things with programs

I still don't know what the user-dependent thing is, is it smartscreen? Cuz if we include smartscreen in False Positives, every 3rd or so installation .exe/.msi file that I use when I'm updating my programs gets smart screened, if it isn't a rather-well-known (or more) signed trusted publisher, it's probably getting flagged for smart-screening, it's almost like an anti-exe in this regard

McAfee is performing like a champ on all tests, especially the real world protection and performance test, something must be wrong. I don't like the fact that the malware protection test's sample size isn't shown, as well as the fact that the settings of the products with default settings aren't shown either. I remember I tweaked a lot of things with kaspersky, it was anything but default, but I can't remember the default settings, not to mention the default ones of the products I don't use, it would be nice to see what options are missing. Like, does avast's default ones include hardened mode that I've heard of? It's also quite unfair to some products whose default settings may differ strongly with the software's maximum potential for security. Like, kaspersky's trusted applications mode is like an anti-exe, it would block like literally 100% of malware, it can't hurt you if it can't start, as long as it doesn't get randomly added to the trusted applications, this assumes kaspersky's cloud and lab to be accurate and not trust malware application, I think this is a safe bet at least. Unless it's a strong targeted 0-day exploit or something, which wouldn't get blocked anyway by any security, I remember even the mighty absolutely unstoppable completely impenetrable 100.00000% malware-proof appguard failed against the eternal blue exploit, with Lockdown's solution being "Apply the Microsoft security patch that was released within days of the exploit", well a few days is more than enough for a big company that is being targeted to get hacked cuz the security product couldn't protect it for "just" a few days before the patch is deployed. And also considering how many businesses' first thing in the morning isn't to check for new updates, at any given point there are lots of already found exploits that have been patched yet the patches haven't been deployed, will the security software protect against those? Judging by MRG Efittas' results https://www.mrg-effitas.com/wp-content/uploads/2018/05/MRG_Exploit_Protection.pdf the answer would be no. Maybe one day we can truly judge AVs' effectiveness by independent tests (we don't even know how independent they are), this day is not today
 
  • Like
Reactions: roger_m
I

illumination

You're not Lockdown. I don't believe you unless you're Lockdown. Only he knows the ins and outs of Appguard, only he can purify us all from this hell and bring salvation to the world, and save the human population from unavoidable extinction by showing us the light that is appguard



Also, I'm not sure how the performance test is done, but I feel my PC is faster with Microsoft Defender than it was with Kaspersky (not a placebo feeling but a real feeling, I can sense the difference of 20 ping in multiplayer games, which is 20 milliseconds, so I can definitely sense when a product is like a few hundred milliseconds faster than another, for example), even though I'm using max settings for Defender, not counting the cloud scan delay thing which obviously delays for a long time. But then again, Baseline system: Intel Core i3-4005U machine with 4GB RAM and HDD drive, that's some 1990 stuff, I know the average employee's computer is absolute trash cuz there are way too many computers, but that's like too trash, with 4gb ram you can't even turn on your computer yet alone do important business things with programs

I still don't know what the user-dependent thing is, is it smartscreen? Cuz if we include smartscreen in False Positives, every 3rd or so installation .exe/.msi file that I use when I'm updating my programs gets smart screened, if it isn't a rather-well-known (or more) signed trusted publisher, it's probably getting flagged for smart-screening, it's almost like an anti-exe in this regard

McAfee is performing like a champ on all tests, especially the real world protection and performance test, something must be wrong. I don't like the fact that the malware protection test's sample size isn't shown, as well as the fact that the settings of the products with default settings aren't shown either. I remember I tweaked a lot of things with kaspersky, it was anything but default, but I can't remember the default settings, not to mention the default ones of the products I don't use, it would be nice to see what options are missing. Like, does avast's default ones include hardened mode that I've heard of? It's also quite unfair to some products whose default settings may differ strongly with the software's maximum potential for security. Like, kaspersky's trusted applications mode is like an anti-exe, it would block like literally 100% of malware, it can't hurt you if it can't start, as long as it doesn't get randomly added to the trusted applications, this assumes kaspersky's cloud and lab to be accurate and not trust malware application, I think this is a safe bet at least. Unless it's a strong targeted 0-day exploit or something, which wouldn't get blocked anyway by any security, I remember even the mighty absolutely unstoppable completely impenetrable 100.00000% malware-proof appguard failed against the eternal blue exploit, with Lockdown's solution being "Apply the Microsoft security patch that was released within days of the exploit", well a few days is more than enough for a big company that is being targeted to get hacked cuz the security product couldn't protect it for "just" a few days before the patch is deployed. And also considering how many businesses' first thing in the morning isn't to check for new updates, at any given point there are lots of already found exploits that have been patched yet the patches haven't been deployed, will the security software protect against those? Judging by MRG Efittas' results https://www.mrg-effitas.com/wp-content/uploads/2018/05/MRG_Exploit_Protection.pdf the answer would be no. Maybe one day we can truly judge AVs' effectiveness by independent tests (we don't even know how independent they are), this day is not today
I'm not Lockdown, not even close, but i do know a thing or two about Appguard...

As for the same question... My assumption was based on the fact that i would believe that after setting policies via the enterprise portal, that the default securities would still work the same on the end point.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
...
And furthermore, most businesses are no different than home users "who want to use stuff" - they don't want security softs preventing users from doing stuff or being an inconvenience. That, more than anything else, drives the use of lower-level security products and settings.
Yes. Protecting enterprises and institutions is like protecting the US from illegal immigrants. It would be possible in theory (maybe), but US citizens will never accept such restrictions on their civil rights. So, most enterprises use only medium security level, which can be hacked by the smart hacker.
Usually, the small businesses (~50 employees) can be well protected by SRP and Windows policies (Windows Pro), but using GPO is not convenient. So, third-party applications based on SRP, Anti-Exe or Sandboxing are welcome. Also, spending too much money for protecting small businesses is not economically justified, because they are more vulnerable to the ordinary theft - so, the physical security (secured windows & doors + watchman) is equally important.
Furthermore, I suspect that most malware infections in businesses follow not from AV insufficient security level, but from people carelessness, ignoring applied security procedures, etc. As we know well, the level of security can be much better with security trained employees.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I think that maximizing the AV security level in enterprises would be only the illusion of the security. The attacker can simply use more social-engineering techniques to accomplish the same purpose.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top