Solarquest

Moderator
MalwareTips Staff
AV-Tester
Verified
Joined
Jul 22, 2014
Messages
2,034
#1
How Antivirus Companies Are Hacking the Truth -- and Making Us All More Vulnerable

Each day, tech researchers encounter and catalogue more than 350,000 new instances of malware -- the malicious software that's designed to damage computers or steal personal information. Consumers and businesses alike believe their antivirus systems are vigilant enough to ward off these mounting threats. But they're wrong.
The fact is, today's approach to fighting malware is hopelessly ineffective, and antivirus vendors conceal this reality. Fortunately, the threat posed by increasingly sophisticated malware is surmountable. But, in order to succeed, antivirus companies must start working on technology that actually keeps users safe.

The reason is that it's no secret that the dangers malware poses are changing and intensifying at lightning speed. Even at tech-savvy organizations -- Equifax, Yahoo and Uber, to name a few -- system breaches have become common, enabled, most commonly, by malware.
Somehow, the antivirus industry still remains confident. Leading firms continue to market their pricey software by promising "total protection" and "tried and tested threat prevention." Many tout virus detection rates north of 99 percent.
These claims aren't just over-confident; they're deceitful.

Why "99 percent" isn't as good as it sounds
...
...
 

davisd

Level 21
Verified
Joined
Feb 2, 2016
Messages
1,043
OS
Windows 10
Antivirus
Default-Deny
#3
When will antivirus companies finally admit that detection is not protection, and rethink their approach to fighting malware?
And when will regular Windows users rethink their approach and start learning and strenghten already inbuilt protection mechanisms, use SUA, SRP, etc.. ? It's indeed easier to blame AV companies, not Microsoft itself for Windows with weak and unneeded most common attack vectors enabled by default.
 
Last edited:

shmu26

Level 70
Content Creator
Verified
Joined
Jul 3, 2015
Messages
5,948
OS
Windows 10
#5
The article was written by
Steve Subar, President and CEO, Comodo Cybersecurity

If you read a little further, you will see that the author advocates a combo of default/deny and autocontainment. Does that sound familiar?

"So, fight back: Consider solutions that couple "default-deny" with "auto-containment" to achieve maximum security while preserving productivity. "
 

shmu26

Level 70
Content Creator
Verified
Joined
Jul 3, 2015
Messages
5,948
OS
Windows 10
#9
Fantastic article. It's why I always take these AVtests with a pinch of salt.

~LDogg
For the average home user who doesn't download pirated software in zip files, Windows Smartscreen will save him a lot of the time, even if his AV fails.
I don't think Smartscreen will help much for weaponized MS Office docs, but most of those docs seem to be targeted to businesses.

So the reality for the average home user may not be as rosy as the AV tests make it sound, but it is also not as gloomy as the Comodo CEO makes it sound. But he is right for businesses, and that is really the topic of his article, I think.
 

LDogg

Level 20
Verified
Joined
May 4, 2018
Messages
981
#11
For the average home user who doesn't download pirated software in zip files, Windows Smartscreen will save him a lot of the time, even if his AV fails.
I don't think Smartscreen will help much for weaponized MS Office docs, but most of those docs seem to be targeted to businesses.

So the reality for the average home user may not be as rosy as the AV tests make it sound, but it is also not as gloomy as the Comodo CEO makes it sound. But he is right for businesses, and that is really the topic of his article, I think.
Home users don't have to worry about sophisticated attacks that larger companies face. But a home user should always use some protection. :p

~LDogg
 

RejZoR

Level 9
Verified
Joined
Nov 26, 2016
Messages
444
OS
Windows 10
Antivirus
Avast
#12
Reading such rubbish "articles" makes me feel like the author still thinks antivirus software only looks for viruses in the literal meaning of teh word (parasitic file infectors) and that only method they are using is simple pattern matching. If, whoever wrote these "articles" actually understood anything, they'd know antiviruses are only called that way as broadly recognizable name, but they detect all sorts of malware types. And their detection capabilities go far beyond just pattern matching.

Signatures are still an integral part of antiviruses because the fact is, they are super fast and still work. But they aren't simple pattern matching systems, but far more advanced dynamic detection systems compared to old static pattern matching. Known malware is still best left detected by pattern matching to make things faster.

They aid "old" signatures with heuristics, behavior analysis and cloud detection with machine learning where this last one is the most powerful tool. The cloud machine learning basically eliminated human analysts from the equation. They basically only exist to deal with really tricky things that are rejected from automated systems as clear cut detections and to fine tune these systems. No one manually makes detections anymore on regular basis. Machine learning is basically grouping files based on many characteristics into malware, clean and undeclared statuses. Whatever you encounter can be nearly instantly compared to huge sample bases in their clouds. Meaning you're not looking program's code line by line, instead you're checking where the file originated, how quickly it spread, what are its characteristics, what is it most similar to and lastly it's monitored by local behavior blockers and their behavior feed to the cloud.

You can't ever make anything 100%, but we're closest to that than ever. And complaining over detection rate scores, people don't seem to have the slightest clue what statistically significant data means. If AV detects 99,9% or even 100% in a specific test, it only means it managed to detect that percentage of samples used in the test. It doesn't mean it has such exact detection globally for everything in existence, but it statistically tells you AV that consistently hits 100% in tests is far more likely to detect malware in general than the one that's jumping all over the place from 96% to 100% or not even ever hitting 100% or other near 100% score. Tests very much tell how good antiviruses are and there is a good reason why AV's like Bitdefender and Kaspersky which constantly and reliably hit 100% in tests are also proven to provide the best protection in real life as well. Of course there is statistical chance they'll miss something, but the chance of it happening is so low and it's decreasing with almost every minute passing after malware sample is being released. Because the longer something exists out there, the higher there is chance it was picked up by the cloud systems by every minute it passes. In the past samples had to be submitted manually after being spotted as "missed". And when company received the sample, they processed it and added detection for it. Now, cloud systems pick up such samples automatically, send it to AV company machine learning systems, process them, classify them and issue detection for them automatically. I think there is no need for me to explain how dramatically that narrows the gap between malware being released out there and malware getting detected. Meaning anything AV's detect is added benefit to user's protection. Expecting flawless 100% perfection is only by idiots who don't understand, well, anything. What is 100% in real life? Seatbelts, airbags, ESP, auto braking systems, vaccines, helmets etc? None ever is. All these things statistically increase your protection with scientifically backed confidence. Why should antiviruses be treated any different? And yet dumb articles keep poping up regularly about it. I really have no clue why. To me it seems like publicity stunts to get clicks and nothing else.
 
Joined
Sep 26, 2017
Messages
453
Antivirus
Microsoft
#13
I disagree with this article as Anti-Virus Software keeps progressing along with the Malware, nowadays we have Behaviour Blockers, Cloud and even Default-Deny options.
Equifax, Yahoo and Uber, to name a few
Lets be honest, those companies are more vulnerable that even our Home Systems, using extremely outdated Software and being negligent in their Security.
And when will regular Windows users rethink their approach and start learning and strenghten already inbuilt protection mechanisms, use SUA, SRP, etc.. ? It's indeed easier to blame AV companies, not Microsoft itself for Windows with weak and unneeded most common attack vectors enabled by default.
Because most of those features aren't accessible for Home Users (and yes I know we have third-party software to manage them, but that doesn't count on my book), Windows Defender lacks Anti-Tamper as well (Malware can easily disable and bypass those modules).
 
Last edited:

RejZoR

Level 9
Verified
Joined
Nov 26, 2016
Messages
444
OS
Windows 10
Antivirus
Avast
#14
Also, people blaming Microsoft endlessly is funny as hell. The leaps Microsoft made to address security, from integrating quite capable free antivirus to ensure everyone have at least base level of protection to all the anti-exploit systems to forced Windows updates (yeah, we all know how we hate these, but they are this way for a reason and while it's annoying, it's working as gone are the days of people running super outdated systems, except those few idiots who turn off Windows Update entirely).
 

Lockdown

From AppGuard
Developer
Verified
Joined
Oct 24, 2016
Messages
4,180
#15
The article is marketing, but it does bring up valid, long-standing points.

The anti-default deny argument always goes something like this... "Users want to use stuff so default deny is not acceptable", "User cannot handle default deny", "Default deny is too complicated", "I\we don't want to disable stuff - Microsoft shipped it with Windows, therefore it should not be disabled", blah, blah, blah.

I can say the same thing about any internet security suite - watching an uniformed person slug their way along trying to make sense of the configuration controls. Not to mention the more technical interfaces like firewall at which point they just close the GUI.

People use my systems and do not even realize that uber-Tesla-deathray-anti-Predator attack default deny is active and running on my system. And they keep coming back asking to use my systems. How ya like them default deny apples ?
 

Lockdown

From AppGuard
Developer
Verified
Joined
Oct 24, 2016
Messages
4,180
#16
Also, people blaming Microsoft endlessly is funny as hell. The leaps Microsoft made to address security, from integrating quite capable free antivirus to ensure everyone have at least base level of protection to all the anti-exploit systems to forced Windows updates (yeah, we all know how we hate these, but they are this way for a reason and while it's annoying, it's working as gone are the days of people running super outdated systems, except those few idiots who turn off Windows Update entirely).
Microsoft is always responsible. It created Windows. Therefore it is responsible as Windows' creator.

You guys immediately blame a 3rd-party vendor when their product fails in some yahoo YouTube tester video. You guys will verbally berate a 3rd-party solution to death if there is stuff you all don't like about it.

Microsoft should be no different in that regard. In fact, Microsoft is more culpable than any 3rd-party.

Sorry, but what Microsoft has done so far is simply not sufficient nor acceptable. Not all Microsoft divisions work the same, but I can tell you that quite a few have policies that serve only Microsoft to the detriment of everyone else. Microsoft does things in a certain way that create these problems. Such as withholding documentation. That in itself is a really big one that only a few here would understand its full implications. The one way to maintain its stranglehold over others is to withhold information. @Vendula Kubová - what say you ? About AMSI documentation, for example ?
 
Last edited:

RejZoR

Level 9
Verified
Joined
Nov 26, 2016
Messages
444
OS
Windows 10
Antivirus
Avast
#17
I disagree there. Microsoft could easily make a super secure OS at absolute expense of any convenience for the user. It would be the most secure OS. But no one would be using it. Oh, I'm basically describing Linux. Used by servers and professionals in the millions, but it's so clumsy it's basically only used by them and no one else. Windows is made for the people and when you're making something for the people, security will always suffer because they don't have the luxury of sacrificing convenience. But ignoring the huge leaps MS made for security without sacrificing much of convenience is well, just ignorant. If we look at general security with WinXP from 17 years ago and Windows 10 today, no one can deny that Windows 10 is far more secure OS while not really any less convenient than WinXP. In fact I enjoy using Windows 10 far more than I did using Windows XP. It just works better, faster, is more secure and while I liked all the colorful things and the Luna GUI, I really like the Windows 10 visual design. So, MS hit a good balance between security and convenience. But there will always be people whining over something, it's impossible to get past that when your OS is the most used in the world among consumers.
 

Lockdown

From AppGuard
Developer
Verified
Joined
Oct 24, 2016
Messages
4,180
#18
Most people want default allow. So the industry gives them exactly that. It's a matter of economics (money).

Eventually, ... IF ... a person has tried different things and comes to the conclusion that default allow is "Whack-A-Mole," then they begin to search for more robust protections, and usually discover default deny.

It's a journey of the person and not the masses.

I think it takes that personal journey. Default deny has been available for decades, and has been unfairly maligned to the point that it now has an excessively negative reputation,... however, people don't use it - even if it is as easy as an ON\OFF switch. User psychology is very weird. Very weird indeed.
 

Eddie Morra

Level 8
Content Creator
Joined
Aug 28, 2018
Messages
374
#20
Meanwhile comodo products bundle with yahoo :emoji_thinking:
They used to support and bundle PrivDog as well. Does anyone remember that?

Awhile ago I was looking at COMODO reviews and found a whole pile of recent complaints alleging they had paid for a digital signature and then never received one back, and were then forwarded continuously through foreign phone support when asking for a refund. :ROFLMAO::ROFLMAO::ROFLMAO::ROFLMAO::ROFLMAO: I have no idea if these reviews were telling the truth but there were a LOT of complaints. LOL.