AVLab.pl Product Enquiry - Which products should we test in your opinion?

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

bazang

Level 5
Jul 3, 2024
229
That's why because WithSecure don't want to participate public tests in general, but we will do our best.
Because they just spun-off the enterprise product a few years ago and view poor test results as "bad marketing."

mks_vir internet security and arcabit (both software developes in Poland) has similar banking protection features.
Arcabit is decent at maximum settings just too many bugs. English version has all kinds of problems.
 

Adrian Ścibor

From AVLab.pl
Thread author
Verified
Well-known
Apr 9, 2018
208
Cat 2/3 : I like to see Trend Micro with hypersensive mode enabled and their Pay Guard function. Also Sophos could be interesting.
For enterprises I go for Cybereason, Cynet, Forninet, Palo Alto, Elastic and MS Defender for Enterprise.
It's not easy to test pointed software, none has a trial version. Vendors do not always want to cooperate. In March 2024 we tested MS Defender + EDR: Recent Results In March 2024 » AVLab Cybersecurity Foundation For example we can test Kaspersky Plus, but they do not want to include Endpoint version (you can, if you buy license, our tests are free for community, maybe we should add charges for access to the results, but I do not think so it is good idea).

Banking protection is amazing, but I expect the security solution to provide me with an environment, free from malicious code. In this case, I am not sure what’s the benefit of “banking protection” or secure browser such as Trend Micro Pay Guard/Bitdefender SafePay.

Anyway, in terms of EDR/XDR SentinelOne, CrowdStrike, Palo Alto and Check Point are highly interesting. CrowdStrike does not have bigger problems now. There are teams to deal with the recent failures, the business continues to run and their threat detection/reporting remains just as essential as always.

In category 2, maybe you can drop certain products, like Xcitium and Webroot. The Webroot reputation around the web is less than favourable and as an asset it is very unsuccessful, with or without a test.
The benefit of banking protection is mainly that if you have an infected environment, you may not know about it if you have insufficient protection. Banking protection can keep your money safe.
 

bazang

Level 5
Jul 3, 2024
229
The benefit of banking protection is mainly that if you have an infected environment, you may not know about it if you have insufficient protection. Banking protection can keep your money safe.
Very, very few users understand banking protection is intended to protect a browser banking session on a system with an active banking trojan infection.

They also do not understand that banking protection does not protect against Man-in-the-Browser (MitB) attacks. Not all banking protection systems can protect against replay attacks.

Even long-time advanced users do not know.
 
F

ForgottenSeer 114834

Very, very few users understand banking protection is intended to protect a browser banking session on a system with an active banking trojan infection.

They also do not understand that banking protection does not protect against Man-in-the-Browser (MitB) attacks. Not all banking protection systems can protect against replay attacks.

Even long-time advanced users do not know.

Security software with banking protection features is designed to enhance the safety of online banking sessions, but its effectiveness can be compromised on a system already infected with a banking trojan.

Purpose of Banking Protection in Security Software:

Secure Session Management: Banking protection aims to create a secure environment for online transactions. It can involve isolating the browser session or using specialized modes to prevent interference from other software.

Site Verification: It helps ensure that the website you're interacting with is genuine and not a phishing site designed to steal your credentials.

Real-time Monitoring: The software may monitor for suspicious activity or changes in the browser session that could indicate a security threat.

Protection from Known Threats: It can block known malicious sites and prevent access to harmful content that could compromise your banking session.


Limitations with an Active Banking Trojan:

System-Wide Impact: Banking trojans are often designed to bypass browser-level protections by operating at a deeper system level. They can intercept and manipulate data before it reaches the browser's security features.

Keylogging and Data Capture: Many banking trojans include keyloggers or screen capture functionality, which can capture sensitive information like login credentials and transaction details, regardless of the browser’s protections.

Deep Integration: Some advanced trojans can integrate themselves deeply into the system, making them harder for security software to detect and remove. They might operate in a way that avoids detection by typical banking protection features.

Manipulation of Sessions: A trojan can potentially manipulate the browser or the banking session itself, altering what the user sees or intercepting data without triggering alarms in the banking protection software.

In essence, while banking protection software is a valuable tool for enhancing security, it is not foolproof (as you have indicated) if your system is already compromised by a sophisticated banking trojan. Comprehensive system security and regular maintenance are crucial for effective protection.
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,355
peSecurity software with banking protection features is designed to enhance the safety of online banking sessions, but its effectiveness can be compromised on a system already infected with a banking trojan.
But again I’m going to repeat what I posted earlier, the purpose of running security software is to provide users with malware-free environment. This is done through a variety of layers and modules targetting:
  • Distribution: web filtering, CDR, IPS
  • Pre-execution: static analysis, dynamic analysis, sandboxing, CDR, reputation, standard antivirus
  • Post-execution: anti-bot, behavioural monitoring.
These should be enough to tackle banking trojans in due time. If not tackled, the malware has already probably exfiltrated passwords, payment details and worst of all, session cookies. The process takes 2-3 seconds and can’t be interrupted by banking protection.

Banking protection hence is an unnecessary gimmick screaming “look how much we are doing for you”, when in reality nothing is being done. It is extremely sad that some vendors are heavily-focused on such gimmicks and not enough focused on core security modules.

As per the F-Secure documentation for example, available here:

F-Secure banking protection merely disconnects processes with no “safe” reputation from the internet — something that should be happening without banking protection and round the clock too — not just when user are banking. Had F-Secure developed a firewall that is, but firewall doesn't sound as fancy as "Banking Protection".
F-Secure DeepGuard is highly aggressive towards unknown and suspicious processes anyway so such processes will most likely end up terminated, no banking protection required.

F-Secure Banking Protection will provide ~0 security in the following cases:
  • Users open malicious website, for example website infected with Magecart malware
  • Users open brand new phishing site that looks convincing
  • Users open a scam store
  • Code injection in a trusted process (which most banker trojans use)
  • MITM or any sort of connection manipulation (as traffic is not re-routed through VPN, despite F-Secure offering that)
  • Theft and loss of data through other means, for example grabbing from browser/password manager, clipboard
The only benefit slightly meaningful is that, if attackers take user to chasee.com instead of Chase, banking protection does not trigger, which should be an indicative that this is not a banking website. And even that will go unnoticed by many.
 
Last edited:
F

ForgottenSeer 114834

But again I’m going to repeat what I posted earlier, the purpose of running security software is to provide users with malware-free environment. This is done through a variety of layers and modules targetting:
  • Distribution: web filtering, CDR, IPS
  • Pre-execution: static analysis, dynamic analysis, sandboxing, CDR, reputation, standard antivirus
  • Post-execution: anti-bot, behavioural monitoring.
These should be enough to tackle banking trojans in due time. If not tackled, the malware has already probably exfiltrated passwords, payment details and worst of all, session cookies. The process takes 2-3 seconds and can’t be interrupted by banking protection.

Banking protection hence is an unnecessary gimmick screaming “look how much we are doing for you”, when in reality nothing is being done. It is extremely sad that some vendors are heavily-focused on such gimmicks and not enough focused on core security modules.

As per the F-Secure documentation for example, available here:

F-Secure banking protection merely disconnects processes with no “safe” reputation from the internet — something that should be happening without banking protection and round the clock too — not just when user are banking. Had F-Secure developed a firewall that is, but firewall doesn't sound as fancy as "Banking Protection".
F-Secure DeepGuard is highly aggressive towards unknown and suspicious processes anyway so such processes will most likely end up terminated, no banking protection required.

F-Secure Banking Protection will provide ~0 security in the following cases:
  • Users open malicious website, for example website infected with Magecart malware
  • Users open brand new phishing site that looks convincing
  • Users open a scam store
  • Code injection in a trusted process (which most banker trojans use)
  • MITM or any sort of connection manipulation
  • Theft and loss of data through other means, for example grabbing from browser/password manager, clipboard
The only benefit slightly meaningful is that, if attackers take user to chasee.com instead of Chase, banking protection does not trigger, which should be an indicative that this is not a banking website. And even that will go unnoticed by many.
No, banking protections are not infallible. While they offer a high level of security, no security system is completely impenetrable.

While it's essential to consider other security features like antivirus, firewall, and malware protection, having banking protection as part of your suite provides an added level of security specifically tailored to financial transactions.

However, it's important to note:

Not all banking protection features are created equal. Some suites may offer more robust protection than others.

User behavior is crucial. Even the best security suite can't protect against careless actions like clicking on phishing links or sharing personal information.
 
  • Like
Reactions: Zartarra

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,355
having banking protection as part of your suite provides an added level of security specifically tailored to financial transactions
It is a first-world necessity and problem, just as essential as this:
1723421996548.png
 
F

ForgottenSeer 114834

But can you safely buy it though? Because on Chrome OS + Linux that you are running, as well as on your mobile devices, there is no “banking protection”. No, no. I suggest you don’t engage in high-risk activities.
ChromeOS is not susceptible to the same diseases as your beloved windows. 🤪

A deeper understanding of the digital world empowers users to safeguard themselves from phishing scams and malicious sites.
 
  • Like
Reactions: SeriousHoax

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,844
ESET now have banking protection on by default on supported browsers, Chrome, Edge, Firefox, Brave. Personally, I don't have much interest in banking protection as @Trident implied banking protection is more like a first-world necessity & problem while here I am chilling in a so called third-world country 😄
But I'm curious to see if ESET can now provide similar banking protection by default without requiring a separate banking protection module. FYI, users can turn off ESET's always on banking protection and use it separately like other products.
 
F

ForgottenSeer 114834

But again I’m going to repeat what I posted earlier, the purpose of running security software is to provide users with malware-free environment. This is done through a variety of layers and modules targetting:
  • Distribution: web filtering, CDR, IPS
  • Pre-execution: static analysis, dynamic analysis, sandboxing, CDR, reputation, standard antivirus
  • Post-execution: anti-bot, behavioural monitoring.
These should be enough to tackle banking trojans in due time. If not tackled, the malware has already probably exfiltrated passwords, payment details and worst of all, session cookies. The process takes 2-3 seconds and can’t be interrupted by banking protection.

Banking protection hence is an unnecessary gimmick screaming “look how much we are doing for you”, when in reality nothing is being done. It is extremely sad that some vendors are heavily-focused on such gimmicks and not enough focused on core security modules.
If every security solution has its vulnerabilities, does this cast doubt on their overall effectiveness?

While banking protection features can provide an extra layer of security, they shouldn't replace common sense practices. It's essential to evaluate the specific features offered by a security solution and consider your individual needs.
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,355
If every security solution has its vulnerabilities, does this cast doubt on their overall effectiveness?

While banking protection features can provide an extra layer of security, they shouldn't replace common sense practices. It's essential to evaluate the specific features offered by a security solution and consider your individual needs.
But banking protection should not even be necessary, vendors should not be failing to detect banking trojans targeting home users. Targeted attacks on businesses are something else. If security software requires you to open banking website to disconnect untrusted executables from the network, its infrastructure is not the most efficient one. You can do better.
 
  • Like
Reactions: simmerskool
F

ForgottenSeer 114834

But banking protection should not even be necessary, vendors should not be failing to detect banking trojans targeting home users. Targeted attacks on businesses are something else. If security software requires you to open banking website to disconnect untrusted executables from the network, its infrastructure is not the most efficient one. You can do better.
Rapid Evolution of Threats: Cybercriminals constantly develop new techniques, making it difficult for security software to stay ahead of all threats.

Complexity of Detection: Banking trojans often mimic legitimate software, making them hard to distinguish.

User Error: Even the best security measures can be circumvented by users clicking on malicious links or downloading infected files.

While idealistically, banking protection wouldn't be necessary if vendors had perfect detection, the reality is more complex.

A multi-layered approach involving user education, robust security software, and vigilant monitoring is currently the most effective strategy
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,355
The rapid evolution of threats can be circumvented by reputation-based techniques where attackers are trapped. Mutating too little, means the malware will be discovered and whitelisted. Mutating too much means the malware will have unfavourable reputation and will end up being deleted.

Mimicking legitimate software is the essence of every trojan and has been like that for 20 years +. Often, this mimicking will be the detection trigger. Legitimate software is very easy to detect and systems like anomaly detection are used.

User error is something normal, this is why users are running security software in the first place.
 
  • Like
Reactions: simmerskool

Jonny Quest

Level 21
Verified
Top Poster
Well-known
Mar 2, 2023
1,045
But banking protection should not even be necessary, vendors should not be failing to detect banking trojans targeting home users. Targeted attacks on businesses are something else. If security software requires you to open banking website to disconnect untrusted executables from the network, its infrastructure is not the most efficient one. You can do better.
But are they really failing, as in F-Secure's instance, failing to protect against banking trojans or other browser exploits, and that Banking protection is just another layer on top of that?
Should Adrian then no longer test this feature as well as the other vendors versions in his banking reviews?

The benefit of banking protection is mainly that if you have an infected environment, you may not know about it if you have insufficient protection. Banking protection can keep your money safe.
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,355
But are they really failing
Exactly that’s the reason why banking protection is unnecessary, because there is no evidence that other modules are failing.

Should Adrian then no longer test this feature as well as the other vendors versions in his banking reviews?
That is a question Adrian can answer, I can’t.

Looking nowhere else but at Adrian’s tests, everyone blocks all malware. So what is the benefit of banking protection, I let users be the judge.
 

Jonny Quest

Level 21
Verified
Top Poster
Well-known
Mar 2, 2023
1,045
Exactly that’s the reason why banking protection is unnecessary, because there is no evidence that other modules are failing.


That is a question Adrian can answer, I can’t.

Looking nowhere else but at Adrian’s tests, everyone blocks all malware. So what is the benefit of banking protection, I let users be the judge.
Fair enough. It can then just be a "peace of mind" sense of security, a bit of a sales tool, of the "protection" it provides.
 
F

ForgottenSeer 114834

The rapid evolution of threats can be circumvented by reputation-based techniques where attackers are trapped. Mutating too little, means the malware will be discovered and whitelisted. Mutating too much means the malware will have unfavourable reputation and will end up being deleted.

Mimicking legitimate software is the essence of every trojan and has been like that for 20 years +. Often, this mimicking will be the detection trigger. Legitimate software is very easy to detect and systems like anomaly detection are used.

User error is something normal, this is why users are running security software in the first place.
The fact that they have maintained a persistent threat for over twenty years suggests fundamental flaws in existing security measures.
 
  • Like
Reactions: SeriousHoax

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top