Battle Trend micro or Mcafee ?

[TuxTalk]

This.

I don't mind data collection if it is being used for good, like sending info about viruses. Also, one of the reasons why I use a third-party AV instead of windows defender is so that Microsoft doesn't get any more of my data than they already have. They already collect more than enough.

For Windows you can install

O&O ShutUp10++: Free antispy tool for Windows 10 and 11

With this tool you have full control over which comfort functions under Windows 10 and Windows 11 you wish to use, and you decide when the passing on of your data goes too far.

www.oo-software.com

I also dont mind, since i never sign up or give any adress to the AV vendor, i buy from 3rd party website.
Use a Spamaccount for registration and my VPN blocks all the telemetry send to them.

 

[Jonny Quest]

https://www.mcafee.com/en-us/consumer-support/policy/legal.html#children

Same as all the other AV, dont think Emsi does not collect any data, since you are using Windows, i dont get the point of being scared if any AV collect data.
Since Windows does it too. Want more privacy, use a Linux Distro.

And maybe it's also a lesser of the evils type of thing as far as what AV collects what data, and how much?

 

[KnownStormChaser]

For Windows you can install

O&O ShutUp10++: Free antispy tool for Windows 10 and 11

With this tool you have full control over which comfort functions under Windows 10 and Windows 11 you wish to use, and you decide when the passing on of your data goes too far.

www.oo-software.com

I also dont mind, since i never sign up or give any adress to the AV vendor, i buy from 3rd party website.
Use a Spamaccount for registration and my VPN blocks all the telemetry send to them.

I use Control D to block OS telemetry, works pretty well, and on all my devices.

 

[simmerskool]

Very brave. I admire you!

on my McAfee_VM my wallpaper is a picture of 1984 Big Brother just to remind me to proceed with "caution" (but other than this mystery M is behaving nicely on this win10)

 

[Trident]

McAfee collects the same data any other AV does for Identity Monitoring. If you deploy F-Secure, Webroot, Trend Micro, Norton, Avast or others with Identity/Breach monitoring (yes, all these vendors have version with it and the list will only grow), the vendor will inevitably collect all the details that McAfee asks for.

If people don’t want all these details collected, they have the option of not using Identity Monitoring, Social Network Protection, Email Scan and so on.

Under every on-demand scan, there is a switch (toggle) whether or not to upload new and unknown files to McAfee.

In the cases where new and unknown files need to be uploaded, for European citizens the GDPR is extremely strict of the definition what’s personal data (a note in hotel like “guest complained that on their 27th anniversary, a yellow chandelier fell in the room” is considered personal information even when anonymous).
McAfee by law is required to implement strict so-called “pre-scrubbing” script that removes any identifiers that could link to the individual in any way.
I know because I am developing an AI-infused platform for hospitality at the moment and the personal data handling requirements are MAD under GDPR.

Furthermore, AV software like F-Secure, Emsisoft and many others also collect information, starting from “My Account” page to telemetry about running processes, behaviours, visited sites prior to an attack and so on.

A business that does not collect any data simply doesn’t exist.
McAfee offers solely paid software and doesn’t need to use personal data for revenue generation purposes, their revenue comes from charging (and over-charging) the paying consumer. McAfee business model is not the same as let’s say Qihoo 360.

When consumers use free solutions (such as free security software, free AI chatbots and so on), consumers pay with their data.

 

[simmerskool]

McAfee collects the same data any other AV does for Identity Monitoring.

agreed, but during install and shortly afterwards, mcafee actively pushed give me access to your email account(s). IIRC they even said or used words to the effect of I want your personal data, ergo to me it seemed they were (are) going over the top in this regard, but believe you, older folks notice this, younger folks perhaps not so much... I've decided not to worry about it.

 

[Trident]

agreed, but during install and shortly afterwards, mcafee actively pushed give me access to your email account(s). IIRC they even said or used words to the effect of I want your personal data, ergo to me it seemed they were (are) going over the top in this regard, but believe you, older folks notice this, younger folks perhaps not so much... I've decided not to worry about it.

I haven’t seen the prompt/wording myself, cuz McAfee upgraded my cheap LiveSafe licenses with these features very long time ago (around 2-3 years now) and I configured everything so I gave them the data.

 

[simmerskool]

I haven’t seen the prompt/wording myself, cuz McAfee upgraded my cheap LiveSafe licenses with these features very long time ago (around 2-3 years now) and I configured everything so I gave them the data.

@Trident I looked but did not get a snip or a photo of personal data comment -- always possible I misread it. McAfee is getting quieter on my desktop. for me, a good sign. Since you mentioned Trend a post or 2 ago, can you explain what goes on under the hood with TM pay guard, Eset safe-banking, how those 2 are different (chatgpt thinks so) and why McAfee is not offering this (unless I missed it on its comparison webpage).

 

[Trident]

@Trident I looked but did not get a snip or a photo of personal data comment -- always possible I misread it. McAfee is getting quieter on my desktop. for me, a good sign. Since you mentioned Trend a post or 2 ago, can you explain what goes on under the hood with TM pay guard, Eset safe-banking, how those 2 are different (chatgpt thinks so) and why McAfee is not offering this (unless I missed it on its comparison webpage).

McAfee does not offer any browser virtualisation technologies, McAfee deems everything they offer sufficient to protect the users machines and when there is no malware/dodgy code running, there is no need for virtualisation.

As to Eset vs Trend Micro, TM launches the default browser (whichever one it is) with light isolation around it and still as a child process (if already running). The secure session is a spin-off of the “insecure”. Trend Micro then uses aggressive browser script analysis (as opposed to not so aggressive in normal browser) and more aggressive website analysis. Trend Micro also protects the “secure session” against patching, screen grabbing and so on.
Trend Micro does that predominantly in user-mode through the AEGIS behavioural blocking hooks.

ESET launches a brand new session and uses kernel-level isolation which is a bit more secure.

Both of the features (as a side effect) can help users identify legitimate sites, because when the site is legitimate, they are prompted to use the secure browser, otherwise they aren’t.

If users maintain clean machines, this feature is “nice to have” at most but not a necessity.

 

[simmerskool]

McAfee does not offer any browser virtualisation technologies, McAfee deems everything they offer sufficient to protect the users machines and when there is no malware/dodgy code running, there is no need for virtualisation.

As to Eset vs Trend Micro, TM launches the default browser (whichever one it is) with light isolation around it and still as a child process (if already running). The secure session is a spin-off of the “insecure”. Trend Micro then uses aggressive browser script analysis (as opposed to not so aggressive in normal browser) and more aggressive website amalysis. Trend Micro also protects the “secure session” against patching, screen grabbing and so on.
Trend Micro does that predominantly in user-mode through the AEGIS behavioural blocking hooks.

ESET launches a brand new session and uses kernel-level isolation which is a bit more secure.

Both of the features (as a side effect) can help users identify legitimate sites, because when the site is legitimate, they are prompted to use the secure browser, otherwise they aren’t.

If users maintain clean machines, this feature is “nice to have” at most but not a necessity.

matches my limited understanding and basically what chatGPT said fwiw! I have seen Eset safe-banking "bypass" vpn and use different DNS -- perhaps its own -- banks seem to recognize this & login more ..."easily" (not sure what the right word is) BIG THANKS for your reply.

 

[Trident]

matches my limited understanding and basically what chatGPT said fwiw! I have seen Eset safe-banking "bypass" vpn and use different DNS -- perhaps its own -- banks seem to recognize this & login more ..."easily" (not sure what the right word is) BIG THANKS for your reply.

Yeah, it transports data between bank/user in a more secure way. This is known as web isolation, which is very similar to VPN (not to say the same). The traffic travels to Eset (or some third-party provider they are paying for the service) and then to the bank, and vice versa, being encrypted in transport.
The benefit is the additional encryption added on top of the HTTPS one.

Norton years ago had similar feature for paying customers but they discontinued it. It was embedded in SafeWeb.

 

[RoboMan]

I've been reading all the latest posts about Trend or MCAfee carefully. On an average laptop, my BitDefender license is expiring. I'm not sure how to choose between Trend or MCAfee to replace it; their operating principles seem roughly similar... What do you recommend?

Trend Micro offers a better general security experience. Anyways, although you didn't put it on the table, if the possibility exists, I'd recommend renewing your BitDefender license. It's overall a better option, a top-tier antivirus, and you've already proved it works well on your device

 

[Zero Knowledge]

Simple, go with McAfee or what ever is cheaper in your country. I've never warmed to Trend. Way too many false positives. McAfee because they have more users and more users = better IOC's, Detection's etc. And from reading recent tests it's gotten much lighter and more efficient. The problem with McAfee was never detection, always UI and bloat. They seemed to have fixed this.

 

[Trident]

The problem with McAfee was never detection, always UI and bloat. They seemed to have fixed this.

There was a massive problem with detection years ago, it was very inconsistent, on a good day McAfee could detect pretty much anything you throw at it, other days it could be nearly a joke.

This has changed, McAfee now produces consistent results. The new architecture is working much better for them (and for the users). McAfee GTI (the cloud) I would assume now contains intelligence from Trellix (which includes FireEye and all feeds they are subscribed to). So all in all yes, McAfee has much more intelligence than Trend Micro available, around 7-8 years ago, the McAfee intelligence was over a petabyte.

 

[stonjean633]

There was a massive problem with detection years ago, it was very inconsistent, on a good day McAfee could detect pretty much anything you throw at it, other days it could be nearly a joke.

This has changed, McAfee now produces consistent results. The new architecture is working much better for them (and for the users). McAfee GTI (the cloud) I would assume now contains intelligence from Trellix (which includes FireEye and all feeds they are subscribed to). So all in all yes, McAfee has much more intelligence than Trend Micro available, around 7-8 years ago, the McAfee intelligence was over a petabyte.

No wonder McAfee Intelligence got boosted.It made sense now. By purchasing FireEye, they got their access to FE DTI( FireEye Dynamic Threat Intelligence ) Those are gathered from sensors scattered around the globe and from boxes of their customers. Whenever an attack pattern is recognized from one box,it will be shared thru the rest of the network enabling proactive defense.

Seems McAfee GTI =FE DTI

 

[stonjean633]

Forgot to add that FireEye also bough Mandiant around 2014. It was already a cyber powerhouse even before McAfee purchased FE.

 

[Jonny Quest]

I appreciate the recent posts that include parenthesis defining some of the concepts of TM and McAfee, it's helping me to understand it more.

 

[Trident]

They are merged, the Skyhigh (which was McAfee brand before), the FireEye DTI and McAfee GTI is now all merged together and managed under Skyhigh. The consumer security products are also part of this network and feeds, and who knows to how many feeds McAfee is subscribed for their home version too.

 

[Trident]

I appreciate the recent posts that include parenthesis defining some of the concepts of TM and McAfee, it's helping me to understand it more.

The concept of both:

Capture the new file (minifilter driver). ->
-> Agent uses highly efficient and extremely optimised local heuristics to quickly determine the risk lebel of the file. For Trend that’s the various patterns, for McAfee, there is a bunch of files too (including Yara rules and we will discuss the McAfee architecture in depth on another thread).
These rules are designed to do the job with minimal performance impact, as well as to reduce the overhead from hash calculations and full blown AI analysis->

-> If the local rules are inconclusive, agent calculates fingerprint (fuzzy hash) and submits to the cloud, along with some file metadata, including but not limited to certificates and so on.
Th server returns verdict: safe, malicious, suspicious, unknown. ->

-> If verdict is safe, they don’t deal with the file anymore. If malicious, they do what they are paid for and remove the file. ->

-> If suspicious or unknown, they subject it to static analysis, which involves disassembling (converting the machine code to assembly). For scripts and office files, static deobfuscation methods are used, such as decoding base64, hex and so on to ASCII.

At this point they extract a bunch of features (along with the emulator results which were gathered earlier), pre-filter them and feed them to the AI models online. The AI models return probability in percentage (or fraction) that the file is malware.
If the file still passes, behavioural monitoring is used to determine the risk level and mitigate any damage.

Any Trend Micro detections that contain TRX: that’s Trend Micro X-Gen (AI).
VSX + TRX: X-Gen detection that stems from VSX (emulator) results.
Example: Trojan.VSX.TRX.PE049Z -> file was emulated, machine learning model for portable executables with ID 049Z believes that the file behaves like malware.
JS.Downloader.TRX.JS07997 -> machine learning model with ID 07997 believes that this JS file is a loader, based on static analysis.

McAfee: RealProtect detections indicate static and dynamic AI analysis, as well as behavioural blocking detections.

 

[partha_roy]

McAfee any day if you are looking for reliable protection and an absolute hassle-free experience.