AVLab.pl Test of security solutions in blocking attacks on Internet banking

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Adrian Ścibor

From AVLab.pl
Thread author
Verified
Well-known
Apr 9, 2018
175
Hi!

It's been a while since we did a review of online banking security. Maybe because there is so much work involved, which is very discouraging :) However, here it is - the latest edition. For transparency - not all vendors are included in the report. If they didn't fix bugs in time, we decided not to publish it. Or respect their decision not to be included in the official results. Of course, this applies to those who responded to our feedback.

Result website: Overview of techniques and attacks in Windows 11 - AVLab

We will hold the next edition in six months, if users will be interested.
 

Freki123

Level 15
Verified
Top Poster
Aug 10, 2013
748
It makes no different, because SmartScreen react. I suppose the AGuard is disabled on default. AG does not apply to other than HTTP/S protocols.
Yes it's disabled by default. I think it could have disabled clipboard swap at stage one (because application guard doesn't allow clipboard usage by default at all :D).
At least that's the behavior of application guard in edge the way I remember it.
Thanks for the answer :)
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,102
"All security features enabled" means for Microsoft, that all default Windows built-in protection was enabled + PUA:

MICROSOFT Defender​

Configuration had all security features enabled, among others: Windows Firewall, SmartScreen, PUA blocking. For HTTP, the test was done on the EDGE browser, instead of Chrome.

The advanced settings that are available via PowerShell or 3rd party tools, were not enabled. The PUA feature is probably useless in banking attacks, so the results are actually for the default Windows built-in protection.

G Data and Windows built-in (default settings) missed 4 tests, so they are not good solutions for banking in a (small) business environment. Windows built-in protection (default settings) is probably not an optimal solution in (small) businesses, even if one does not use the computer for banking.
If one wants to use Windows built-in protection for banking in small businesses, then it is recommendable to use the computers with Windows Pro + Application Guard for Edge. Of course, using one of the tested AVs is also a good solution.

At home, it is recommendable to use a Standard User Account in daily work, and a separate account for banking. One can also enable some advanced Defender settings (like Network Protection, ASR rules, etc.).

People interested in banking protection can also look at some tests made by MRG Effitas:

1642679384182.png



MRG Effitas uses the AVs business versions. Microsoft Defender uses advanced settings. In the previous tests, Defender did not get highest results in Botnet and Banking tests.
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
At home, it is recommendable to use a Standard User Account in daily work, and a separate account for banking.
Correct, but if possible also use a 100% dedicated machine. Extra important for any genuine company/enterprise as sadly many times the economy administrator/s also use their private/personal email, Facebook/Instagram and other social media accounts and even game on the same machine, that even in smaller companies can handle millions of the companies assets.

Why wasn't the current consumer version of Comodo tested - you used the enterprise version for this test?
It was vendor's choice.
Good to know.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,556
Hi!

It's been a while since we did a review of online banking security. Maybe because there is so much work involved, which is very discouraging :) However, here it is - the latest edition. For transparency - not all vendors are included in the report. If they didn't fix bugs in time, we decided not to publish it. Or respect their decision not to be included in the official results. Of course, this applies to those who responded to our feedback.

Result website: Overview of techniques and attacks in Windows 11 - AVLab

We will hold the next edition in six months, if users will be interested.
Thanks for this interesting test (y)
Hope that you will do the test again in 6 months with results from more vendors published.
They have time now to prepare themselves.
 

Adrian Ścibor

From AVLab.pl
Thread author
Verified
Well-known
Apr 9, 2018
175
The advanced settings that are available via PowerShell or 3rd party tools, were not enabled. The PUA feature is probably useless in banking attacks, so the results are actually for the default Windows built-in protection.
Available via PS... I'm not respect such of hidden configuration. Advanced settings should be available via MDefender interface. It's kind of like testing F-Secure, but hello! Use our command line tool, because it has more settings and is more advanced than the GUI mode.
No, I don't allow such hardened settings for just one product. Microsoft should do it better, because they have the people and money to do it. Hiding something in the system and then saying - We are here! Use the hidden advanced features, but not from the GUI, because it is not exist! Insteed use the Powershell but read guide paper before! This is unfair to the available settings in a third-party vendors with their GUI mode.

Was Kaspersky tested with Safe Money browser?
Yes, it was.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,102
Correct, but if possible also use a 100% dedicated machine. Extra important for any genuine company/enterprise as sadly many times the economy administrator/s also use their private/personal email, Facebook/Instagram and other social media accounts and even game on the same machine, that even in smaller companies can handle millions of the companies assets.
...
(y)(y)
I did not dare to propose this. A similar solution would be OK at home, by using a separate smartphone only for banking.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,102
Available via PS... I'm not respect such of hidden configuration. Advanced settings should be available via MDefender interface. It's kind of like testing F-Secure, but hello! Use our command line tool, because it has more settings and is more advanced than the GUI mode.

I do not have any serious objections to this test and testing methodology. On the contrary, it is a very interesting test and I fully agree with the conclusions that follow from it. You decided to use default Windows built-in security as reference protection and some other testing labs made the decision to test Defender ATP (or a similar paid version).

Anyway, the picture that follows from the test is only one-sided. Many people can see the world differently than Microsoft and AV testing labs. They do not hesitate to use PowerShell or the well known and trusted 3rd party tools to get for free most of Microsoft ATP. You may think it crazy, but this is even proposed in some IT books (like CompTIA Security + Guide to Network Security Fundamentals By Mark Ciampa) and several respected sources (BleepingComputer.com, Ghacks.net, Computerworld.com, etc.).

No, I don't allow such hardened settings for just one product. Microsoft should do it better, because they have the people and money to do it. Hiding something in the system and then saying - We are here! Use the hidden advanced features, but not from the GUI, because it is not exist! Insteed use the Powershell but read guide paper before! This is unfair to the available settings in a third-party vendors with their GUI mode.
...

Anyone here will probably agree with you. But, it seems that you would like to convince Microsoft about something and this is a waste of time. Microsoft already sells Defender with ATP features (not the free version) and clearly say that Defender free is for home users. I also doubt if Microsoft would accept using Defender free in this test among COMODO Advanced Endpoint Protection, F-Secure Total, G Data Total Security, Kaspersky Total Security, etc. They would probably suggest using Defender for Endpoint. Of course, this does not mean that Microsoft would be right, because many people in the (very) small businesses use default Defender free, anyway.(y)
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,102

Adrian Ścibor,​

I noticed that all tested products would pass all tests if the FTP protocol was restricted.
Would it be possible to effectively block unauthorized FTP transfers to pass your tests?

Edit1.
One can block ports 20, 21, 22, 990, 3000-3050 to block transfer via FTP and SFTP.

Edit2.
The native support for the FTP server is disabled by default on Windows Home and Pro.
The support for FTP has been removed from Chrome web browsers.
The malware has to install the FTP client.
The malware/data can be downloaded/uploaded via FTP by using PowerShell, etc.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,102
Thanks for the test :). The most Internet banking protection test only test the HTTP protocol. Nice to see FTP.
Many malware samples used to use FTP , but most of them used Windows native support for FTP (FTP Server or web browser). The native support for FTP is enabled in Enterprises, but rarely in small businesses. That is why I am curious how often are malicious attacks via FTP without such support (Chrome removed FTP support and FTP Server is disabled by default on Windows Home and Pro).:unsure:

Edit.
Most of the tested products blocked the HTTP attack vector, so the question is how popular are the attacks performed fully via FTP.
 
Last edited:

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
Many malware samples used to use FTP, but most of them used Windows native support for FTP (FTP Server or web browser). The native support for FTP is enabled in Enterprises, but rarely in small businesses. That is why I am curious how often are malicious attacks via FTP without such support (Chrome removed FTP support and FTP Server is disabled by default on Windows Home and Pro).:unsure:

I was going to ask exactly that, FTP protocol was dropped/deprecated in Chrome, Edge and Firefox, so how was it tested for browser internet banking protection?

 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top