bazang
Level 6
- Jul 3, 2024
- 265
Because they just spun-off the enterprise product a few years ago and view poor test results as "bad marketing."
Arcabit is decent at maximum settings just too many bugs. English version has all kinds of problems.
Product Enquiry - Which products should we test in your opinion?
- Thread starter Adrian Ścibor
- Start date
Perhaps look at doing another DNS test with the inclusion of Control D. Spice it up with blocking newly registered domains, and also blocking Domain Generation Algorithms. It would be interesting to see how such a setup works on a plain Windows Security environment.
- Apr 9, 2018
- 211
It's not easy to test pointed software, none has a trial version. Vendors do not always want to cooperate. In March 2024 we tested MS Defender + EDR: Recent Results In March 2024 » AVLab Cybersecurity Foundation For example we can test Kaspersky Plus, but they do not want to include Endpoint version (you can, if you buy license, our tests are free for community, maybe we should add charges for access to the results, but I do not think so it is good idea).
The benefit of banking protection is mainly that if you have an infected environment, you may not know about it if you have insufficient protection. Banking protection can keep your money safe.
bazang
Level 6
- Jul 3, 2024
- 265
Very, very few users understand banking protection is intended to protect a browser banking session on a system with an active banking trojan infection.
They also do not understand that banking protection does not protect against Man-in-the-Browser (MitB) attacks. Not all banking protection systems can protect against replay attacks.
Even long-time advanced users do not know.
Security software with banking protection features is designed to enhance the safety of online banking sessions, but its effectiveness can be compromised on a system already infected with a banking trojan.
Purpose of Banking Protection in Security Software:
Secure Session Management: Banking protection aims to create a secure environment for online transactions. It can involve isolating the browser session or using specialized modes to prevent interference from other software.
Site Verification: It helps ensure that the website you're interacting with is genuine and not a phishing site designed to steal your credentials.
Real-time Monitoring: The software may monitor for suspicious activity or changes in the browser session that could indicate a security threat.
Protection from Known Threats: It can block known malicious sites and prevent access to harmful content that could compromise your banking session.
Limitations with an Active Banking Trojan:
System-Wide Impact: Banking trojans are often designed to bypass browser-level protections by operating at a deeper system level. They can intercept and manipulate data before it reaches the browser's security features.
Keylogging and Data Capture: Many banking trojans include keyloggers or screen capture functionality, which can capture sensitive information like login credentials and transaction details, regardless of the browser’s protections.
Deep Integration: Some advanced trojans can integrate themselves deeply into the system, making them harder for security software to detect and remove. They might operate in a way that avoids detection by typical banking protection features.
Manipulation of Sessions: A trojan can potentially manipulate the browser or the banking session itself, altering what the user sees or intercepting data without triggering alarms in the banking protection software.
In essence, while banking protection software is a valuable tool for enhancing security, it is not foolproof (as you have indicated) if your system is already compromised by a sophisticated banking trojan. Comprehensive system security and regular maintenance are crucial for effective protection.
- Feb 7, 2023
- 2,351
But again I’m going to repeat what I posted earlier, the purpose of running security software is to provide users with malware-free environment. This is done through a variety of layers and modules targetting:
- Distribution: web filtering, CDR, IPS
- Pre-execution: static analysis, dynamic analysis, sandboxing, CDR, reputation, standard antivirus
- Post-execution: anti-bot, behavioural monitoring.
Banking protection hence is an unnecessary gimmick screaming “look how much we are doing for you”, when in reality nothing is being done. It is extremely sad that some vendors are heavily-focused on such gimmicks and not enough focused on core security modules.
As per the F-Secure documentation for example, available here:
What is Banking Protection and how does it work? - F-Secure Community
What is Banking Protection and how does it work? Banking Protection adds another layer of security when banking online or when entering other types of sites that contain sensitive information. When Banking Protection is turned on in the product, every website that you enter is checked by...
community.f-secure.com
F-Secure banking protection merely disconnects processes with no “safe” reputation from the internet — something that should be happening without banking protection and round the clock too — not just when user are banking. Had F-Secure developed a firewall that is, but firewall doesn't sound as fancy as "Banking Protection".
F-Secure DeepGuard is highly aggressive towards unknown and suspicious processes anyway so such processes will most likely end up terminated, no banking protection required.
F-Secure Banking Protection will provide ~0 security in the following cases:
- Users open malicious website, for example website infected with Magecart malware
- Users open brand new phishing site that looks convincing
- Users open a scam store
- Code injection in a trusted process (which most banker trojans use)
- MITM or any sort of connection manipulation (as traffic is not re-routed through VPN, despite F-Secure offering that)
- Theft and loss of data through other means, for example grabbing from browser/password manager, clipboard
Last edited:
No, banking protections are not infallible. While they offer a high level of security, no security system is completely impenetrable.But again I’m going to repeat what I posted earlier, the purpose of running security software is to provide users with malware-free environment. This is done through a variety of layers and modules targetting:
These should be enough to tackle banking trojans in due time. If not tackled, the malware has already probably exfiltrated passwords, payment details and worst of all, session cookies. The process takes 2-3 seconds and can’t be interrupted by banking protection.
- Distribution: web filtering, CDR, IPS
- Pre-execution: static analysis, dynamic analysis, sandboxing, CDR, reputation, standard antivirus
- Post-execution: anti-bot, behavioural monitoring.
Banking protection hence is an unnecessary gimmick screaming “look how much we are doing for you”, when in reality nothing is being done. It is extremely sad that some vendors are heavily-focused on such gimmicks and not enough focused on core security modules.
As per the F-Secure documentation for example, available here:
What is Banking Protection and how does it work? - F-Secure Community
What is Banking Protection and how does it work? Banking Protection adds another layer of security when banking online or when entering other types of sites that contain sensitive information. When Banking Protection is turned on in the product, every website that you enter is checked by...
F-Secure banking protection merely disconnects processes with no “safe” reputation from the internet — something that should be happening without banking protection and round the clock too — not just when user are banking. Had F-Secure developed a firewall that is, but firewall doesn't sound as fancy as "Banking Protection".
F-Secure DeepGuard is highly aggressive towards unknown and suspicious processes anyway so such processes will most likely end up terminated, no banking protection required.
F-Secure Banking Protection will provide ~0 security in the following cases:
The only benefit slightly meaningful is that, if attackers take user to chasee.com instead of Chase, banking protection does not trigger, which should be an indicative that this is not a banking website. And even that will go unnoticed by many.
- Users open malicious website, for example website infected with Magecart malware
- Users open brand new phishing site that looks convincing
- Users open a scam store
- Code injection in a trusted process (which most banker trojans use)
- MITM or any sort of connection manipulation
- Theft and loss of data through other means, for example grabbing from browser/password manager, clipboard
While it's essential to consider other security features like antivirus, firewall, and malware protection, having banking protection as part of your suite provides an added level of security specifically tailored to financial transactions.
However, it's important to note:
Not all banking protection features are created equal. Some suites may offer more robust protection than others.
User behavior is crucial. Even the best security suite can't protect against careless actions like clicking on phishing links or sharing personal information.
- Feb 7, 2023
- 2,351
I'm in the market for a toaster with those specific options.
- Feb 7, 2023
- 2,351
But can you safely buy it though? Because on Chrome OS + Linux that you are running, as well as on your mobile devices, there is no “banking protection”. No, no. I suggest you don’t engage in high-risk activities.I'm in the market for a toaster with those specific options.
ChromeOS is not susceptible to the same diseases as your beloved windows.
A deeper understanding of the digital world empowers users to safeguard themselves from phishing scams and malicious sites.
- Mar 16, 2019
- 3,861
ESET now have banking protection on by default on supported browsers, Chrome, Edge, Firefox, Brave. Personally, I don't have much interest in banking protection as @Trident implied banking protection is more like a first-world necessity & problem while here I am chilling in a so called third-world country 
But I'm curious to see if ESET can now provide similar banking protection by default without requiring a separate banking protection module. FYI, users can turn off ESET's always on banking protection and use it separately like other products.
But I'm curious to see if ESET can now provide similar banking protection by default without requiring a separate banking protection module. FYI, users can turn off ESET's always on banking protection and use it separately like other products.
If every security solution has its vulnerabilities, does this cast doubt on their overall effectiveness?
While banking protection features can provide an extra layer of security, they shouldn't replace common sense practices. It's essential to evaluate the specific features offered by a security solution and consider your individual needs.
- Feb 7, 2023
- 2,351
But banking protection should not even be necessary, vendors should not be failing to detect banking trojans targeting home users. Targeted attacks on businesses are something else. If security software requires you to open banking website to disconnect untrusted executables from the network, its infrastructure is not the most efficient one. You can do better.
Rapid Evolution of Threats: Cybercriminals constantly develop new techniques, making it difficult for security software to stay ahead of all threats.
Complexity of Detection: Banking trojans often mimic legitimate software, making them hard to distinguish.
User Error: Even the best security measures can be circumvented by users clicking on malicious links or downloading infected files.
While idealistically, banking protection wouldn't be necessary if vendors had perfect detection, the reality is more complex.
A multi-layered approach involving user education, robust security software, and vigilant monitoring is currently the most effective strategy
- Feb 7, 2023
- 2,351
The rapid evolution of threats can be circumvented by reputation-based techniques where attackers are trapped. Mutating too little, means the malware will be discovered and whitelisted. Mutating too much means the malware will have unfavourable reputation and will end up being deleted.
Mimicking legitimate software is the essence of every trojan and has been like that for 20 years +. Often, this mimicking will be the detection trigger. Legitimate software is very easy to detect and systems like anomaly detection are used.
User error is something normal, this is why users are running security software in the first place.
Mimicking legitimate software is the essence of every trojan and has been like that for 20 years +. Often, this mimicking will be the detection trigger. Legitimate software is very easy to detect and systems like anomaly detection are used.
User error is something normal, this is why users are running security software in the first place.
- Mar 2, 2023
- 1,081
But are they really failing, as in F-Secure's instance, failing to protect against banking trojans or other browser exploits, and that Banking protection is just another layer on top of that?
Should Adrian then no longer test this feature as well as the other vendors versions in his banking reviews?
- Feb 7, 2023
- 2,351
Exactly that’s the reason why banking protection is unnecessary, because there is no evidence that other modules are failing.
That is a question Adrian can answer, I can’t.
Looking nowhere else but at Adrian’s tests, everyone blocks all malware. So what is the benefit of banking protection, I let users be the judge.
- Mar 2, 2023
- 1,081
Fair enough. It can then just be a "peace of mind" sense of security, a bit of a sales tool, of the "protection" it provides.
The fact that they have maintained a persistent threat for over twenty years suggests fundamental flaws in existing security measures.
Similar threads
