Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Security Statistics and Reports
Product Enquiry - Which products should we test in your opinion?
Message
<blockquote data-quote="Trident" data-source="post: 1097024" data-attributes="member: 99014"><p>But again I’m going to repeat what I posted earlier, the purpose of running security software is to provide users with malware-free environment. This is done through a variety of layers and modules targetting:</p><ul> <li data-xf-list-type="ul">Distribution: web filtering, CDR, IPS</li> <li data-xf-list-type="ul">Pre-execution: static analysis, dynamic analysis, sandboxing, CDR, reputation, standard antivirus</li> <li data-xf-list-type="ul">Post-execution: anti-bot, behavioural monitoring.</li> </ul><p>These should be enough to tackle banking trojans in due time. If not tackled, the malware has already probably exfiltrated passwords, payment details and worst of all, session cookies. The process takes 2-3 seconds and can’t be interrupted by banking protection.</p><p></p><p>Banking protection hence is an unnecessary <strong>gimmick</strong> <strong>screaming “look how much we are doing for you</strong>”, when in reality nothing is being done. It is <strong>extremely sad</strong> that some vendors are heavily-focused on such gimmicks and not enough focused on core security modules.</p><p></p><p>As per the F-Secure documentation for example, available here:</p><p>[URL unfurl="true"]https://community.f-secure.com/internet-security-en/kb/articles/5276-what-is-banking-protection-and-how-does-it-work[/URL]</p><p></p><p>F-Secure banking protection merely disconnects processes with no “safe” reputation from the internet — something that should be happening without banking protection and round the clock too — not just when user are banking. Had F-Secure developed a firewall that is, but firewall doesn't sound as fancy as "Banking Protection".</p><p>F-Secure DeepGuard is highly aggressive towards unknown and suspicious processes anyway so such processes will most likely end up terminated, no banking protection required.</p><p></p><p>F-Secure Banking Protection will provide ~0 security in the following cases:</p><ul> <li data-xf-list-type="ul">Users open malicious website, for example website infected with Magecart malware</li> <li data-xf-list-type="ul">Users open brand new phishing site that looks convincing</li> <li data-xf-list-type="ul">Users open a scam store</li> <li data-xf-list-type="ul">Code injection in a trusted process (which most banker trojans use)</li> <li data-xf-list-type="ul">MITM or any sort of connection manipulation (as traffic is not re-routed through VPN, despite F-Secure offering that)</li> <li data-xf-list-type="ul">Theft and loss of data through other means, for example grabbing from browser/password manager, clipboard</li> </ul><p>The only benefit slightly meaningful is that, if attackers take user to chasee.com instead of Chase, banking protection does not trigger, which should be an indicative that this is not a banking website. And even that will go unnoticed by many.</p></blockquote><p></p>
[QUOTE="Trident, post: 1097024, member: 99014"] But again I’m going to repeat what I posted earlier, the purpose of running security software is to provide users with malware-free environment. This is done through a variety of layers and modules targetting: [LIST] [*]Distribution: web filtering, CDR, IPS [*]Pre-execution: static analysis, dynamic analysis, sandboxing, CDR, reputation, standard antivirus [*]Post-execution: anti-bot, behavioural monitoring. [/LIST] These should be enough to tackle banking trojans in due time. If not tackled, the malware has already probably exfiltrated passwords, payment details and worst of all, session cookies. The process takes 2-3 seconds and can’t be interrupted by banking protection. Banking protection hence is an unnecessary [B]gimmick[/B] [B]screaming “look how much we are doing for you[/B]”, when in reality nothing is being done. It is [B]extremely sad[/B] that some vendors are heavily-focused on such gimmicks and not enough focused on core security modules. As per the F-Secure documentation for example, available here: [URL unfurl="true"]https://community.f-secure.com/internet-security-en/kb/articles/5276-what-is-banking-protection-and-how-does-it-work[/URL] F-Secure banking protection merely disconnects processes with no “safe” reputation from the internet — something that should be happening without banking protection and round the clock too — not just when user are banking. Had F-Secure developed a firewall that is, but firewall doesn't sound as fancy as "Banking Protection". F-Secure DeepGuard is highly aggressive towards unknown and suspicious processes anyway so such processes will most likely end up terminated, no banking protection required. F-Secure Banking Protection will provide ~0 security in the following cases: [LIST] [*]Users open malicious website, for example website infected with Magecart malware [*]Users open brand new phishing site that looks convincing [*]Users open a scam store [*]Code injection in a trusted process (which most banker trojans use) [*]MITM or any sort of connection manipulation (as traffic is not re-routed through VPN, despite F-Secure offering that) [*]Theft and loss of data through other means, for example grabbing from browser/password manager, clipboard [/LIST] The only benefit slightly meaningful is that, if attackers take user to chasee.com instead of Chase, banking protection does not trigger, which should be an indicative that this is not a banking website. And even that will go unnoticed by many. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
