Everybody knows ON/OFF for all security programs. It is the fundamental weakness of the "users want to use stuff" paradigm.
A user's ability to disable security and do stuff has to be taken away from them for security to be effective. This is very unpopular and in today's work, almost heresy, but people are always the problem. Always.
... it depends. I have DeepInstinct (enterprise) on one computer, and I have to log-in to cloud portal to turn it off, and even then finding that switch is a few levels into the portal, so if you installed it on family member's pc, it would be always ON unless you guided them to portal and gave them the password.
... it depends. I have DeepInstinct (enterprise) on one computer, and I have to log-in to cloud portal to turn it off, and even then finding that switch is a few levels into the portal, so if you installed it on family member's pc, it would be always ON unless you guided them to portal and gave them the password.
Most people would figure out how to turn it off if they really wanted to turn it off.
I observe a growing trend where more and more people under the age of 30 are either not using security software or they are disabling it. That generation/those generations consider strong, preventative security to be nothing but a hindrance to their mental health - because they cannot cope with being a "user that wants to use stuff" and being blocked from doing what they want, when they want it.
In this video, we compare 7 entreprise antivirus programs.
The aim is to see how effective they are, and rank them from worst to best.
Please note:
- the antiviruses are already ranked in the video, I've taken into account Web blocking, the reaction to an attack, my malware pack and how the antivirus will defend itself.
- Please be courteous and respect my ranking. Filming took over 9 hours and 2 hours of preparation.
- The final episode will pit 2 antiviruses against each other.
- personal information was hidden on the panel of these antivirus programs. some of them didn't belong to me. Many thanks to @kamiloxf , who supplied me with most of the antivirus software I tested!
- all antivirus are default, I've only activated IF NECESSARY some options that the editor hasn't activated (heuristics, PUP detection etc.)
- the protocol is the same.
WithSecure is the Enterprise version of F-Secure.
The product is presented as an agent to be installed, and features a fairly simple panel.
It clearly follows the F-Secure nomenclature: it can be configured both online and locally!
URL: 10/10 - WithSecure blocks all links
Fake crack: 1/1 - Blocked directly by APC (Avira Protection Cloud)
Malware Pack: 45 out of 168.
Execution: Some good, some not so good. On attacks, WithSecure defends itself well with DeepGuard.
Things get more complicated later on, when AlertaAgent is allowed to pass through and install itself quite deeply on the machine.
Then the malware with the Tank icon destroys parts of the system, and a RAT (MSBuilder.exe) passes through without blocking (but disappears on reboot).
SOS: F-Secure failed to scan the machine, malware killed the scan...
NPE: 4
KVRT: 2
It ranks 7th because, although DeepGuard is excellent, it clearly lacks a few rules to protect effectively against large malware, especially signed malware.
It's a shame.
DeepInstinct is a well-known and popular enterprise antivirus.
Its agent has no settings: everything is managed online!
I leave my settings.
Web: 8/10 - 2 infections passed
Fake crack: 0/1 - No files blocked!!!
Malware pack: Remains 42 out of 168.
Execution: DeepInstinct shines with its behavioral defenses and manages to avoid several attacks.
But this didn't last, as 2 malwares were installed, 1 of which clearly destroyed the system.
The system is dead...
It's in 6th place, a slackening at DeepInstinct? I'm disappointed!
SentinelOne is DeepInstinct's direct competitor - same operation, same country of origin!
however, its Web interface is much more complete and rather complicated...
Web: 9/9 - a URL is dead
Fake crack: 1/1 - installation is blocked
Malware pack: Remains 45 out of 168
Execution: S1 does not show any analysis, I wait until there is no activity.
I start executing, S1 is reactive and protects me. But it's pretty weak on scripts. Although it blocks some, it lets a few through, which it will mitigate later.
But it will encounter the same malware as DeepInstinct, which will destroy the system.
It ranks 5th.
CylancePROTECT is BlackBerry's antivirus software, completely designed for the enterprise.
In this test, I install CylanceOptics, its EDR.
The settings are already predefined, on level 2.
Web: 8/9 - one malware missed.
Crack: 1/1 - Blocked
Malware Pack : Cylance doesn't scan, I'm forced to run.
During execution, Cylance scores very well, which I appreciate (even though it let Alerta through).
Unfortunately, a FileCoder ransomware will get through without any reaction from Cylance and encrypt the data.
If it had been blocked, I think Cylance would have won points.
It's ranked 4th, a fine improvement on my last test, but it still has some way to go!
CrowndStrike Falcon is an enterprise-class antivirus program with an excellent reputation, but also a reputation for producing major bugs (BSODs in the enterprise).
No agent interface here! Everything is controlled online!
Default setting.
Web: 9/9 - a URL was dead
Crack: 1/1 - directly forbidden
Malware Pack: 39 out of 168
Execution: Falcon does very well and is very sharp on blocking!
It blocks the installation of Alerta, but will only be tricked by the malware into killing DeepInstinct and SentinelOne.
CrowndStrike attempts to repair the system, but is unable to restore it.
Pity.
He's 3rd
Harmony is the enterprise antivirus from CheckPoint, publisher of ZoneAlarm.
It's also the antivirus I've had the most trouble with: it took me 3 attempts to get it to work, as well as a lengthy installation despite the fiber...
The settings have been customized, but are fairly close to the manufacturer's settings.
Web: 10/10 - everything was blocked
Crack: 1/1 - Dropped files were blocked.
Malware Pack: 19 out of 168
Execution: Harmony comes close to excellence in malware blocking!
2 files passed, including the malware that had made WithSecure suffer, although the attack was partially mitigated by the antivirus.
SOS :
Harmony: Unable to scan
NPE: 3
Although it did block, it will be 2nd. The malware prevents antivirus functions from working properly (scanning) and a script is passed through, although it is blocked by the Harmony firewall.
Microsoft Defender does have a version for business! It already uses the architecture already present but offers a script so that we can benefit from it. He added several rules but also an EDR, which I will test.
Web : 9/9 - a URL is dead
Crack : 1/1 - the installation is blocked
Malware Pack: Remains 17 out of 168 Execution: Microsoft Defender clearly has the best engine in this test! It avoids all the traps that I set for it, the PUBLISHER and the Cloud also block me from malware during execution! Only Alerta passes.
SOS: Microsoft Defender does not detect anything.
NPE detects 4 files that are not active, easily deletable.
He more than deserves his 1st place!
All the tests are over.
The final will oppose Microsoft Defender against ESET Smart Security
