Battle Planned: Real-world Test of Trend Micro, ZoneAlarm, Eset and Webroot

[rashmi]

Team Comodo is sharpening their intellect and wit, eagerly awaiting the test, like a pack of cunning wolves, ready to pounce on any flaws, shortcomings, or missteps, leaving nothing but a trail of conquered test threads in their wake. Revenge is not just sweet; it's Comodo time!

Keep it uncomplicated and transparent. Test the default settings, which are the standard and preferred options for most users. Tweaked settings refer to adjusted settings that can differ based on various factors. It’s up to you whether you want to test tweaked settings at a later time.

 

[ForgottenSeer 114834]

Team Comodo is sharpening their intellect and wit, eagerly awaiting the test, like a pack of cunning wolves, ready to pounce on any flaws, shortcomings, or missteps, leaving nothing but a trail of conquered test threads in their wake. Revenge is not just sweet; it's Comodo time!

Keep it uncomplicated and transparent. Test the default settings, which are the standard and preferred options for most users. Tweaked settings refer to adjusted settings that can differ based on various factors. It’s up to you whether you want to test tweaked settings at a later time.

They should test CIS at defaults too. Absolutely agree , why would anyone want to change those settings just because they are present, who needs the headache of learning what they all do, oh wait, one can just follow a simple guide and adjust, but average users don't do that, they just use defaults.

Are you now as confused as you seem?

 

[Decopi]

Comodo with default settings, or Comodo on steroids (customized settings), nothing will ever change the fact that it's not an antivirus nor an antimalware. It's only a simply dumb blocker. Therefore it depends on the user to identify any threat. Not to mention that Comodo is an abandonware, to this day since 2017 it accumulates years of dangerous unfixed bugs, no real updates or upgrades.

 

[Trident]

ZoneAlarm test complete. Time for Webroot.

 

[Digmor Crusher]

So what's all the fuss about if you have agreed with the initial assessment I placed forth?

I stated you should test the products abilities as designed. If it has advanced features that are disabled, you should enable them. Eset HIPS can be trained quickly in learning mode if you have very little in the test machine and then placed in smart mode which is kind of like interactive mode with minimal interaction.

These "tools" are designed to be used by those that understand the operating system and advanced settings of the product. Just because a handful of users here do not understand them or use them does not mean they are not utilized, most likely not by home users, but then again I know very few users here in the US using eset at home. They would look at the settings and be like " nope" of course they would understand it's not designed for users like them, ironic isn't it.

If you do not wish to use these features in a test, that's fine too, you just can't claim a product failed if you do not allow the product to utilize all its abilities to defend. This latter part is not rocket science.

Its not that hard, is it? Do 2 tests, one with default settings and one with maxed out settings.

 

[Digmor Crusher]

Trident, next time you decide to do test instead of announcing it in a thread like this how about just making a thread with the results and avoid all this drama? Unless you like this drama.

 

[nickstar1]

Security products always bring out drama-mama.

 

[Trident]

Trident, next time you decide to do test instead of announcing it in a thread like this how about just making a thread with the results and avoid all this drama? Unless you like this drama.

Then the drama will be with how it was tested, it wasn't realistic, this wasn't done, that wasn't done...

 

[simmerskool]

2 sidenotes: I missed most of the hubbub as I was n/a the other day. A few years ago, I remember a "real" IT guy** at Spiceworks saying Webroot w/ Clam av was all you need and the way to go. And that seemed to be a general consensus to the extent those guys even discuss malware. (**some folks here are real IT guys, most of us are not). Curious or eager to see your tests. It is still not clear to me why ESET is in the mix, as it seems to me that MS Defender, tweaked or untweaked, should be the comparative standard. Maybe that is a given and available to us.

 

[SeriousHoax]

@Lynx It's super-easy to understand why people got a bit annoyed at your comments regarding not testing on default because according to your logic tests like these are invalid because they didn't utilize ESET's full potential

Real-World Protection Test February-May 2024

The first half year results of the ongoing Consumer Real-World Protection Test for February-May 2024 are now available.

www.av-comparatives.org

Real-World Protection Test February-May 2024

The first half year results of the ongoing Consumer Real-World Protection Test for February-May 2024 are now available.

www.av-comparatives.org

Your logic is absolute non-sense since we are testing home products here. ESET wouldn't agree to send their product for testing if they didn't agree with testing on default settings. So, configuring HIPS rules are out of the question for this particular type of tests. They don't even provide a way to import HIPS rules.
Maybe later in another test Trident can test all products with hardened settings. I have a ESET settings file that I will be able to provide him if such test ever happens. But for this one most of us voted for defaults. So please don't argue anymore. We have nothing against you. I even liked many of your comments in different threads.

 

[ForgottenSeer 114834]

@Lynx It's super-easy to understand why people got a bit annoyed at your comments regarding not testing on default because according to your logic tests like these are invalid because they didn't utilize ESET's full potential

Real-World Protection Test February-May 2024

The first half year results of the ongoing Consumer Real-World Protection Test for February-May 2024 are now available.

www.av-comparatives.org

Real-World Protection Test February-May 2024

The first half year results of the ongoing Consumer Real-World Protection Test for February-May 2024 are now available.

www.av-comparatives.org

Your logic is absolute non-sense since we are testing home products here. ESET wouldn't agree to send their product for testing if they didn't agree with testing on default settings. So, configuring HIPS rules are out of the question for this particular type of tests. They don't even provide a way to import HIPS rules.
Maybe later in another test Trident can test all products with hardened settings. I have a ESET settings file that I will be able to provide him if such test ever happens. But for this one most of us voted for defaults. So please don't argue anymore. We have nothing against you. I even liked many of your comments in other threads.

I didn't even bother reading your whole post, because if you don't understand the logic of fully testing a products abilities before claiming it's a failure to some half a s s test, then I can not help you do so.

Take personal use, thoughts and routine out of the equation and look at it from product standards. Is it fair to partially test a product and mark failed in big letters. Is this fair to anyone?

This freaking forum is bipolar, going from home users that run nothing but default to users who are enthusiast and tweak things and like to learn. No matter what's said, one form or another comes at you.

 

[Trident]

Guys, my testing laptop has surrendered its spirit.


I am calling someone to help me complete the tests and record them.

Please take the malware from:
Edr-experts.online/test

The page contains Phishing section which doesn’t necessarily have to be used.

Malware is linked on the page with any.run report. If you cannot download from the official link, it can be grabbed from any.run.

Phishing feeds:

https://openphish.com/feed.txt

Otherwise I might try parallels for Mac

 

[Jonny Quest]

By the way @Trident amazing website, very well done

 

[Trident]

If you consider my comment personal attack, then your skin if very thin, I'm afraid. Read my comment again. Everyone else will see that I was humble enough to even give you two example test links to counter your faulty logic without any personal attack whatsoever. I only countered your logic and even said that I have agreed with you on things on some other threads.

@SeriousHoax or @Andrew3000 Are you guys able to help with the test? Or maybe @silversurfer ?

 

[Trident]

Let's see if that's gonna work...

 

[SeriousHoax]

@SeriousHoax or @Andrew3000 Are you guys able to help with the test? Or maybe @silversurfer ?

I'm out of home right now. I'll see if I can get the time a few hours later.

 

[cruelsister]

It is not even folder priority, it monitors the chain of events. Files created by browser are examined with a more aggressive rule set. AVs like Norton also take into account the website file came from.

Just to clear things up (and then I'll go away), if this was the case it would be troubling indeed. When (and if) an AM product scans things deeper that would arise from one area implies that a shorter shrift would be done if the file in question resides somewhere else.

In the case i gave above, if a link is sent through email and this actually did not direct to a website but instead was coded with a Python RAT argument, although perhaps a deeper analytical dive may be instituted if that file was initiated through the browser, but the SAME level of analytics HAS to be applied if that lnk file was run from, say, the Desktop.

If this was not the case the AM product would be what we used to call a "Tuesday Rules" type of product (100% on Tuesdays but not so much on the other days). To avoid this a quality AM product must rely on mechanism detection no matter the location.

 

[Jonny Quest]

Trident, next time you decide to do test instead of announcing it in a thread like this how about just making a thread with the results and avoid all this drama? Unless you like this drama.

The drama was mainly due to 1 member who 10 minutes ago asked for their account to be deleted by Jack, but took it down. Otherwise, I think this thread would have been pretty good with the member feedback posted?

edit:sp

 

[Trident]

Just to clear things up (and then I'll go away), if this was the case it would be troubling indeed. When (and if) an AM product scans things deeper that would arise from one area implies that a shorter shrift would be done if the file in question resides somewhere else.

You don’t need to go away, I got no problem discussing with you.

It is what it is, it’s how it’s been designed. In the case of ZoneAlarm (and CP Harmony) there are 2 emulations. One serves as a “download manager” in your browser and the other one is a file monitor that pre-scans and sends for emulation everything that is dropped, copied, written, etc.

But in the case of the other AVs that I mentioned, this is how it works.
For example Norton (it was mentioned in official documentations as well which I am not sure if I can find now, it was years ago), SONAR is more aggressive towards files that come from untrusted websites. So if you just put file on desktop from a flash drive or before installing Norton, it may not be detected.
I sort of understand this decision to apply a bit more security at the doors, I am not commenting any further whether it is amazing or not. If that's the only way to not delete half of the user files...

I personally would prefer to use a solution that covers everything equally as well, but the point is, when testing, you gotta take into account this design.

Webroot business version’s management console clearly displays this, look:

 

[cruelsister]

By going away I didn't mean to imply anything about the discussion, but just that I have a flight out later today. Also, about your test- I wouldn't bother overly taking time with how (or where) the malware is run, because the cream will rise to the top in any scenario.