mlnevese

Level 19
Verified
As I said in other thread the malware hub tests are excellent to see a security software signatures and behavior blocking but it does not reflect the full capabilities of any protection software as it bypasses other layers and just runs the sample straight from disk. It's a very valid test as long as you understand what is being tested.
 

silversurfer

Level 59
Verified
Trusted
Content Creator
Malware Hunter
As I said in other thread the malware hub tests are excellent to see a security software signatures and behavior blocking but it does not reflect the full capabilities of any protection software as it bypasses other layers and just runs the sample straight from disk. It's a very valid test as long as you understand what is being tested.
Please tell me, how many are these other layers of protection?
- Web-protection: drive by downloads (mark of the web)
- Email-protection: A user click to a link (malicious)
 

mlnevese

Level 19
Verified
Please tell me, how many are these other layers of protection?
- Web-protection: drive by downloads (mark of the web)
- Email-protection: A user click to a link (malicious)
Website filtering - know malicious websites are blocked, nothing is downloaded.
Network protection. External attacks should be blocked at this level.
Cloud analysis BEFORE download.
Anti-spam and Anti-phishing blocking
 

silversurfer

Level 59
Verified
Trusted
Content Creator
Malware Hunter
Website filtering - know malicious websites are blocked, nothing is downloaded.
Network protection. External attacks should be blocked at this level.
Cloud analysis BEFORE download.
Anti-spam and Anti-phishing blocking
That's similar than what I wrote before, I forgot about only Network-Protection.

Cloud analysis BEFORE download. that must be very fast analysis otherwise it takes too long to download files...
 

Wraith

Level 13
Verified
Malware Tester
As I said in other thread the malware hub tests are excellent to see a security software signatures and behavior blocking but it does not reflect the full capabilities of any protection software as it bypasses other layers and just runs the sample straight from disk. It's a very valid test as long as you understand what is being tested.
I do agree with you. I've had several instances of ESET and Avast where a web page was blocked by the web filter but if I disabled the web filter, the downloaded file was executed, infecting the system. Tests are done to give the users a fair idea about the specific product but it never reflects the real world scenario.
 
B

BVLon

I do agree with you. I've had several instances of ESET and Avast where a web page was blocked by the web filter but if I disabled the web filter, the downloaded file was executed, infecting the system. Tests are done to give the users a fair idea about the specific product but it never reflects the real world scenario.
I've said the same, simply introducing a large number of malware is not a realistic scenario, as it is rarely going to happen. Not completely impossible though.
However, it is still interesting to see how products perform in this INTENSIVE test and product failure should not be taken as a reason to switch to someone else.
 

silversurfer

Level 59
Verified
Trusted
Content Creator
Malware Hunter
I've had several instances of ESET and Avast where a web page was blocked by the web filter but if I disabled the web filter, the downloaded file was executed, infecting the system.
That real world scenario won't happen as long as behavior blocking/monitoring modules by AV would be able to intercept/block the attack...

Of course, web-filtering by AV is the first defense, but not all AVs offering that kind of protection modules, especially to mention some free AV!
 

Raiden

Level 16
Verified
Content Creator
I've said the same, simply introducing a large number of malware is not a realistic scenario, as it is rarely going to happen. Not completely impossible though.
However, it is still interesting to see how products perform in this INTENSIVE test and product failure should not be taken as a reason to switch to someone else.
That's the thing with all tests in general. It's always about understanding the test, what its trying to accomplish/show. No test is perfect and it's important to understand the potential weaknesses of said tests. The problem is though, rarely, if ever do most people understand what's truly going on. All people do is focus on the total numbers, or which product has the most green on a graph. People constantly jump ship because of this. Take the HUB for example, no one really looks at the overall number of detections/blocks the product got. All they look at is the infection status of the system and just assume that if a program cant always keep a system infection free than its garbage.

It's the same with any test, most people dont take the time to understand them, they just make assumptions/decisions based on the totals.
 

blackice

Level 24
Verified
That's the thing with all tests in general. It's always about understanding the test, what its trying to accomplish/show. No test is perfect and it's important to understand the potential weaknesses of said tests. The problem is though, rarely, if ever do most people understand what's truly going on. All people do is focus on the total numbers, or which product has the most green on a graph. People constantly jump ship because of this. Take the HUB for example, no one really looks at the overall number of detections/blocks the product got. All they look at is the infection status of the system and just assume that if a program cant always keep a system infection free than its garbage.

It's the same with any test, most people dont take the time to understand them, they just make assumptions/decisions based on the totals.
I always look at the detection rate first. In fact I look forward to it. I know I’m not the average joe, just a nerd. ESET generally gets a clean sheet. When it is infected it’s usually blocking like 16/17, and a scripted malware snuck in.
 

silversurfer

Level 59
Verified
Trusted
Content Creator
Malware Hunter
ESET generally gets a clean sheet. When it is infected it’s usually blocking like 16/17, and a scripted malware snuck in.
One sample remains to dynamic testing, that looks more like real world scenario, except web-protection/filtering still impossible to test.

My personal impression, people just don't like that favorite AV may will be infected, then talking about real world scenario to excuse...
 

Parsh

Level 25
Verified
Trusted
Malware Hunter
View attachment 234964

Also something new in the setup....
Old ESET users are gonna rejoice!
ESET at forum used to keep the stand that some suspicious actions are not blocked, or even flagged, in order to reduce FPs and to not worry the average user.
As @Azure shared, now that the default protection "Balanced" is indicated as stronger than the earlier default, advanced users must be happy. And there's one more level above the default :)

I noticed another change. The option to disable "Access Setup >> Require full administrator rights..." has been removed from the GUI and subsequently from the config file --->
XML:
<ITEM NAME="EKRN_CFG">
      ...
      <NODE NAME="RequireElevation" TYPE="number" VALUE="0" />
The user now has to answer UAC prompts for every (interactive mode) Firewall alert in case of saving rules. Not applicable to HIPS alerts.
 

Wraith

Level 13
Verified
Malware Tester
That real world scenario won't happen as long as behavior blocking/monitoring modules by AV would be able to intercept/block the attack...
Yeah I do agree. Dynamic protection is just as equally important as static protection. But the same rule applies here as well. You cannot expect the BB to block 100% of all malwares (unless it's Lord Kaspersky) ;)
 
B

BVLon

One sample remains to dynamic testing, that looks more like real world scenario, except web-protection/filtering still impossible to test.

My personal impression, people just don't like that favorite AV may will be infected, then talking about real world scenario to excuse...
Testing McAfee against this archive for example would be totally inaccurate, as Web Advisor uses aggressive heuristics and deletes everything that looks untrusted. McAfee doesn't want to employ the same tactic in the common scanning engine to avoid false positives, but their protection capability is still great. Web Advisor also uses 2 additional databases, not utilized by the scan engine. These are McAfee Gateway Intelligence, which detects untrusted files circulating via emails and Early Bird Database (EBD) where they send all files exhibiting signs of maliciousness, but not yet fully analysed. When I say McAfee is missing a lot of threats, I am talking about the AV module alone, as I have bypassed the Advisor's warnings myself. Their behavioural blocker alone is a hit and miss. Also I have noticed (and McAfee confirmed) if you re-download a program that it has already flagged and removed, it excludes it, which is not great.
Norton, F-Secure and Trend Micro's behavioural blockers consider broad range of data about the file's origin such as how trustworthy is the site and how many people normally visit it.
 
Last edited by a moderator:

The Cog in the Machine

Level 21
Verified
I do agree with you. I've had several instances of ESET and Avast where a web page was blocked by the web filter but if I disabled the web filter, the downloaded file was executed, infecting the system. Tests are done to give the users a fair idea about the specific product but it never reflects the real world scenario.
Happened to me when I was testing SHP. The infected file was detected my Sophos ML. When I ran the same detected file from a USB drive, system was infected.
 

mlnevese

Level 19
Verified
Notice that I've said the Hub is not a perfect test for ANY software. I don't play favorites... as some of the older members in the forum know I hold licenses to ESET, Kaspersky and Bitdefender. As far as i'm concerned they all protect my machines and none can be fully tested by the Hub. I often post about the problems each of them caused me in the past.

The perfect protection does not exist and anyone who plays favorite software is just losing their time in a holy crusade...
 
Last edited:
B

BVLon

Notice that I've said the Hub is not a perfect test for ANY software. I don't play favorites... as some of the older members in the forum know I hold licenses to ESET, Kaspersky and Bitdefender. As far as i'm concerned they all protect my machines and none can be fully tested by the Hub. I often post about the problems each of them caused me in the past.

The perfect protection does not exist and anyone who plays favorite software is just losing their time in a holy crusade...
Perfect protection doesn’t exist and everyone is more or less on the same level nowadays... It all comes down to the little extras and the final touch of the product, rather than the protection level. Also, most of the people don’t need stelar protection.
 
Top