Advice Request Is there antivirus with similar banking protection than F-secure has?

[M4RT1NE2]

If I may, a banking protection from F-Secure is much different in the background than Kaspersky has, Bitdefender or Avast They have developed different ways to protect users when he uses bank websites:

F-Secure: uses know-well bank websites in the world to temporarily deactivate/block other network connections as long as you are on the bank website. Very effective against malware hidden in the background, hijacked processes (if undetectable for antivirus, HIPS, etc).

Kaspersky, Bitdefender and Avast uses some kind of virtualization: Online Banking with Safe Money Technology | Kaspersky

Except that, these software uses anti-keylogging, anti-phishing, anti-malware filters to prevent against fake websites and other technologies.

I hope we can prepare in 2023 security test to check effectiveness of banking features protection.

If memory serves me correctly, last year there was a test for banking protection in which the winner was MKS_VIR/Arcabit

Overview Of Techniques And Attacks In Windows 11 » AVLab Cybersecurity Foundation

 

[Moonhorse]

Still give you issues also with F-Secure, report those sites to the support as normally that works after they checked and approved them.

Will do

My both parents running F-secure without any issues, but ive had severall calls from them about redirect urls being too long > F-secure blocks them as spam ( malicious site, cant remember correct blocking term) but i dont want to whitelist that url as it will whitelist the whole banking site if i remember correct

 

[upnorth]

Will do

My both parents running F-secure without any issues, but ive had severall calls from them about redirect urls being too long > F-secure blocks them as spam ( malicious site, cant remember correct blocking term) but i dont want to whitelist that url as it will whitelist the whole banking site if i remember correct

The same, as have several seniors in the family that enjoy the banking feature, but personal I can't recall heard about anything similar when connecting to banks so it's probably best you try to collect those urls or their local FSDIAG files and share also those with the support. Hopefully ain't anything actual malicious, but always better Safe then Sorry and especially since it's your parents.

Ota yhteyttä tukeen | F‑Secure

Jos kaipaat apua F‑Secure-tuotteesi kanssa, ota yhteyttä tukeemme.

www.f-secure.com

 

[ForgottenSeer 98186]

F-Secure: uses know-well bank websites in the world to temporarily deactivate/block other network connections as long as you are on the bank website. Very effective against malware hidden in the background, hijacked processes (if undetectable for antivirus, HIPS, etc).

What is to prevent a banking trojan, infostealer or RAT from grabbing information and then sending them AFTER the F-Secure banking session has ended?

I have seen banking trojans and RATs keylog, take screenshots, copy the clipboard, etc -- then save those captures to disk -- and send them at a later time.

 

[ForgottenSeer 98186]

Why im asking this , is because sometimes F-secure is blocking page while doing payment, thats because the url is too long (Spam)

1. Verify the URLs yourself and whitelist them.
2. Contact F-Secure and have them whitelist the URLs. (They might not do it and tell you to whitelist them locally.)

Those are your two options.

 

[M4RT1NE2]

What is to prevent a banking trojan, infostealer or RAT from grabbing information and then sending them AFTER the F-Secure banking session has ended?

I have seen banking trojans and RATs keylog, take screenshots, copy the clipboard, etc -- then save those captures to disk -- and send them at a later time.

Above I wrote about the banking protection test for 2022. The winner is Arcabit/MKS_Vir, which prevents all attacks when using online banking through its proprietary secure browser.

 

[Digmor Crusher]

If memory serves me correctly, last year there was a test for banking protection in which the winner was MKS_VIR/Arcabit

Test ochrony bankowości internetowej 2022 - Fundacja AVLab dla Cyberbezpieczeństwa

Nevermind, wrong info posted.

 

[M4RT1NE2]

Looks like Norton, FSecure, Comodo and MKS-VIR were the only vendors to pass all the tests.

Right

 

[SeriousHoax]

BTW, for ESET now any normal browsing session with a supported browser which are "Edge, Chrome and Firefox" is a banking mode. Banking mode aka secured browser mode has been integrated and is always on.
The same can be said for Norton. Norton also cancelled their separate banking mode and now it's part of Norton Safe Web extension when Norton is installed.
ESET's new banking mode hasn't been tested by @Adrian Ścibor yet so it would be interesting if you do it while Norton has always done well in Banking malware related tests even in MRG-Effitas' tests.

 

[ForgottenSeer 98186]

Above I wrote about the banking protection test for 2022. The winner is Arcabit/MKS_Vir, which prevents all attacks when using online banking through its proprietary secure browser.

F-Secure protects banking sessions well-enough. It's protection is mainly targeted to the big banks and other online financial services such as PayPal. Although I have to say that it has worked for even small, local Turkish, Indian and American bank sites. So keywords probably pay a role in triggering the protection.

However, the point that I am making @Adrian Ścibor is that should F-Secure's anti-logger\anti-screen capture\anti-clipboard capture protection mechanisms fail against a novel or undetected method, then it will not protect against a bank info malware threat that sends that collected data hours later after the F-Secure session has ended.

The same applies to all the security software, even Arcabit.

 

[Zartarra]

Most AV's are using seperate guarded browsers as banking/payment protection. I only know that F-secure and Sophos are using a different approach.

If you have problems with the F-secure bank protection, I suggest you can open a ticket. The support is fast. My issue with 2 local banks was solved in one business day. So for F-Secure.

 

[ForgottenSeer 98186]

The support is fast. My issue with 2 local banks was solved in one business day.

Fast support, especially from the WithSecure team has been my experience.

 

[Tiamati]

Is there antivirus or any other tool with similar banking protection that F-secure has? F secure automatically detects banking site and opens up bankin protection..

Products i have tested that have banking protection :
- avast > need to open avast and select banking protection ( manually everytime)
- Trend micro > click banking protection.exe on desktop to enable banking protection

My parents use F-secure and i updated 2 laptops to windows 10 from 8.1, was a nice surprise that F-secure had kept them safe..

Why im asking this , is because sometimes F-secure is blocking page while doing payment, thats because the url is too long (Spam)

I'd use Microsoft APP GUARD. I don't think it's possible to any AV to build something safer than that. App guard runs Edge in a separe-te virtual machine and can be set to never store any data. So it's basically a clean and isolated system every time you run it.

You could use this extension to help: Application Guard Extension

 

[Zero Knowledge]

ESET also have banking protection for Windows and Android. Worth a look. Never used it but it's probably decent. If you're thinking of using a safe banking app then it's probably wise to invest in a security key like a YubiKey and hope your bank supports the key for logging in. Honestly if you value your online accounts a device like a YubiKey is a must have.

 

[ForgottenSeer 98186]

If you're thinking of using a safe banking app then it's probably wise to invest in a security key like a YubiKey and hope your bank supports the key for logging in.

The only US bank that currently offers security key authentication to non-commercial accounts\consumers is Bank of America.

Bank of America allows authentication with FIDO security keys | Yubikey

Bank of America has announced that they are replacing SafePass with the new Secured Transfer feature, which allows for USB security key registration and transfer authentication with FIDO security keys. SafePass has long been Bank of America’s solution to provide an additional layer of security...

multipoint.eu.com

 

[Adrian Ścibor]

If memory serves me correctly, last year there was a test for banking protection in which the winner was MKS_VIR/Arcabit

Test ochrony bankowości internetowej 2022 - Fundacja AVLab dla Cyberbezpieczeństwa

@Asterixpl Please use our English website for MalwareTips users. Here is correct link: Overview Of Techniques And Attacks In Windows 11 » AVLab Cybersecurity Foundation
All of our protection comparison are translated to English.

What is to prevent a banking trojan, infostealer or RAT from grabbing information and then sending them AFTER the F-Secure banking session has ended?

I have seen banking trojans and RATs keylog, take screenshots, copy the clipboard, etc -- then save those captures to disk -- and send them at a later time.

It depends, what malware can do in the background. In theory, it makes a screen shoot, but you have ****** hidden password in the label of the website. But the login is unprotected, so the criminal they can try to send you a scam message to update your password or something. Moreover, you have an F-Secure's DeepGuard technology if some malware try to send something to the outside of your PC.

That is way, if you use banking transfers, PayPal, other finance services, cryptocurrency exchange, crypto wallet etc. - that is your digital and real life. You are obligated to protect yourself against hackers, scammers, criminals. Of course, it will be the best, if you have some experiences in security awareness, but why you should not use a modern antivirus? "Because antivirus sucks?" You have probably read/heard about that. Do you agree with that? I disagree, because having a some protection is required by banks in Poland. This is some kind of "guaranty" if you will be hacked:

Let me insert quote from our Polish website (machine translating) the statement of the Supreme Court: http://www.sn.pl/sites/orzecznictwo/orzeczenia3/v csk 141-17-1.pdf

Our article says:

What is more, if the user is robbed despite the measures in the form of tools and software, the installed security package can be a solid argument for the victim of internet crime for a defence against the bank. This is what the Supreme Court ruled in 2018 (Ref. V CSK 141/17) in a case involving the theft of more than PLN 60,000 from an internet user's bank account. The court upheld the complaint brought by the victim for the return of the entire stolen amount and court costs. The bank failed to prove the victim's fault in failing to exercise due diligence when using the banking system.

In order to comply with the obligation ... upon receipt of a payment instrument, the user shall take the necessary measures to prevent a breach of the individual security features of that instrument, in particular he is obliged to store the payment instrument with due care and not to make it available to unauthorised persons.

(...)

In fact, the loss of money from the claimant's bank account did not occur in the circumstances described in the cited provisions, but as a result of the commission of a criminal offence by an undetermined third party who took advantage of the Bank's inadequate security of the provision of the CUI service (Internet Service Centre, ed. added).

(...)

The Respondent has failed to prove that the Claimant was grossly negligent in the performance of the contract for the provision of internet banking services... The burden of proving that the payment transaction was authorised by the user or that it was performed correctly lies with the provider.

(...)

The provider shall be obliged to prove other circumstances indicating that the payment transaction was authorised by the payer, or circumstances indicating that the payer intentionally caused an unauthorised payment transaction, or intentionally or with gross negligence committed a breach of one or more obligations.

(..)

The Bank failed to prove that the Claimant intentionally caused the unauthorised payment transaction.

 

[M4RT1NE2]

Adrian Ścibor Link corrected ​

 

[upnorth]

It depends, what malware can do in the background. In theory, it makes a screen shoot, but you have ****** hidden password in the label of the website. But the login is unprotected, so the criminal they can try to send you a scam message to update your password or something. Moreover, you have an F-Secure's DeepGuard technology if some malware try to send something to the outside of your PC.

True because if the main feature of the banking protection do not work, and in F-Secure that's easy spotted and also alerted/warned about on several levels as the user themself have to manually disable several settings and/or ignore popup warnings, it's game over anyway and extra if the Bank itself and it's login/protection/security features sux. All banks over the world does not work the exact same, no matter how much we would wish for it.

In the case of F-Secures banking protection specific, I would worry less. Last banking test from @Adrian Ścibor points in that direction more then enough. It's a bit disturbing see/hear other AVs that use these type of " Green bar full screen system " alerts for any site/s. They should improve it only for true genuine banking sites as that's not impossible unless there some unknown lack of knowledge and skill with their developers, because it's a huge risk their users will get a false sense of security and becomes more reckless.

Still, F-Secures option with banking sites is not a panacea and never will be. If a user of any AV disable too many of the settings from for example an attackers instructions over the phone, one can just hope the bank itself has security features that would not allow any amount being transferred and not to any account in any country without being approved manually by the bank. Some banks and payment services are simply better and more safe then others.

 

[ForgottenSeer 98186]

but why you should not use a modern antivirus? "Because antivirus sucks?" You have probably read/heard about that. Do you agree with that? I disagree, because having a some protection is required by banks in Poland. This is some kind of "guaranty" if you will be hacked:

I agree. Users should use antivirus. There is no objection to that.

What I am saying is that banking trojans and RATS do not immediately send the captured infos during a banking session. Some capture videos, screenshots, clipboard, keylog and store that info onto hard disk and send those infos to remote server hours later AFTER a banking session has ended. This effectively would bypass F-Secure banking mode - IF - F-Secure does not detect the malicious processes running on the system. Blocking outbound connections during a banking session only provides protection if the info capture is attempted during the banking session.

That said, F-Secure banking protection is better than even hardened Microsoft Defender.