Serious Discussion Turtle‘s Enhanced Realworld Tests ( updated )

ShenguiTurmi

Level 3
Thread author
Well-known
Feb 28, 2023
126
Also, We don't allow malware video tests that are not in English, since it's the official language in the forum... We can't understand anything in those tests...
I tried to use English as much as possible in all my multi-language security software, as well as the content of this post, but the problem with the video wasn't very easy to solve, because I can't access Youtube/Odysee in China so I had no way to upload the video to those sites.
Perhaps just keeping the results and not posting the video is an option?
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,785
As for the free versions, most of them have no difference in protection between the free version of the product's functionality and the paid version (something like Kaspersky Free has exactly the same functionality as the paid basic version in terms of protection), while others, such as CatchPulse, have a whitelisting policy for the paid version and have no possibility of testing it.

I can't agree... You talk about KFree same as KStandard/KPlus (Intrusion Prevention + FireWall)??? but then I see BitDefender paid also tweaking some of its settings to Aggressive??? I don't think this is even remotely a fair comparison 🙄 and the same for other products with tweaked settings to Aggressive and/or enabling not default settings...
 

ShenguiTurmi

Level 3
Thread author
Well-known
Feb 28, 2023
126
I can't agree... You talk about KFree same as KStandard/KPlus (Intrusion Prevention + FireWall)??? but then I see BitDefender paid also tweaking some of its settings to Aggressive??? I don't think this is even remotely a fair comparison 🙄 and the same for other products with tweaked settings to Aggressive and/or enabling not default settings...
If we're talking only about Kaspersky, this is an additional case.
Because of Kaspersky's activation policy, you can only activate the local version in China and Russia, not the other versions (that's why Kaspersky was one of the few software that used the Chinese version in my tests), and Kaspersky's paid version in China is 21.3, while the other countries and the free version is 21.14, which is a very long time difference between the two versions.
So my choice is to write that it is the free version, maybe not fair, but I have made it clear.

This is a trial download link from Kaspersky China website.
You can see it version is 21.3.10.391.......
 
  • Like
Reactions: [correlate]

ShenguiTurmi

Level 3
Thread author
Well-known
Feb 28, 2023
126
You can install an English version in trial for the test, I'm Spanish but here I have to speak in English, and also in my VMs I have the system and the products I test in English :)
I understand what you mean and I know what you want me to do, but unfortunately, you won't encounter the situation I encountered. This is not a problem with learning a language (as you can see, I used the English version completely in Avast testing because Avast does not have a region lock).

QQ截图20231021161801.png

This is why my VM cannot be in English, and I believe MalwareTips will not allow me to use illegal authorization to publish videos and posts. (From the translation on the right, just for you to read, not the system language).

QQ截图20231021162329.png

That's why my Kaspersky is not in English.
This is a regional lock. If I use a Chinese credit card but the country fills in other information, it will inevitably be detected as fraudulent by NEXWAY and the order will be cut off. However, the Chinese version trial does not require placing an order or filling out credit card information.

I don't want to argue too much because you don't understand what happened.
Just like if I use Kaspersky's paid version, but the version is 21.3, the problem becomes why I want to use the old version.
 
F

ForgottenSeer 97327

I can't agree... You talk about KFree same as KStandard/KPlus (Intrusion Prevention + FireWall)??? but then I see BitDefender paid also tweaking some of its settings to Aggressive??? I don't think this is even remotely a fair comparison 🙄 and the same for other products with tweaked settings to Aggressive and/or enabling not default settings...
Ahhh it must hurts when your baby is not treated fair. ;) I think you are right all products should be tested on default, but as the OP posted some corporate products need configuration and some(geo) restrictions can't be overcome by the OP. So I would plead some leniency towards the language restrictions.

Maybe next test split home products from corporate products (@ShenguiTurmi), thanks for publishing the results in graphs.
 

ShenguiTurmi

Level 3
Thread author
Well-known
Feb 28, 2023
126
It's as simple as this: if I go to Kaspersky paid product and set: Intrusion Prevention module to: Unknown apps to UnTrusted, I get "100% Fort Knox" result...
I haven't adjusted any settings for consumer grade products, except for TrendMicro, as it has automatic high sensitivity.
For Enterprise product:

As you can see, AVC even adjusted Crowdstrike to Extra Aggressive.

Ahhh iit must hurts when your baby is not treated fair. ;) I think you are right all products should be tested on default, but as the OP posted some corporate products need configuration, meaning comparatives including corporate products are never fairly tested.

Maybe next test split home products from corporate products (@ShenguiTurmi), thanks for publishing the results in graphs.
Thx. Sure, This in first time I add Enterprise product for my test. I will separate them in the future.
 
  • Like
Reactions: [correlate]

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,785
There is no babies here...

I think you are right all products should be tested on default, but as the OP posted some corporate products need configuration, meaning comparatives including corporate products are never fairly tested.

I don't agree, to do some additional configuration is one thing, but, for example, set to Aggressive in only ones, and NOT the others, or just enable some non default in ones and not in others, IT IS A DIFFERENT THING!
 

ShenguiTurmi

Level 3
Thread author
Well-known
Feb 28, 2023
126
There is no babies here...



I don't agree, to do some additional configuration is one thing, but, for example, set to Aggressive in only ones, and NOT the others, or just enable some non default in ones and not in others, IT IS A DIFFERENT THING!
As I mentioned earlier, the enterprise level settings I use are those used in daily life. This is the highest setting for avoiding excessive false positives in daily work.
Enterprise grade products are never ready to use out of the box. If you keep them all as they are, you can even get a Crowdstrike and Elastic that are completely unprotected because their default policy does not include Anti Malware!
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,785

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,785
I haven't used any contact as a K. forum Admin (I'M JUST A HUMBLE MOD THERE) to get that link, if You go here:


A user posted that link, just changing part of the link, You can get others country regions downloads, as I explained yesterday here:

 

Shadowra

Level 34
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,397
Ahhh it must hurts when your baby is not treated fair. ;) I think you are right all products should be tested on default, but as the OP posted some corporate products need configuration and some(geo) restrictions can't be overcome by the OP. So I would plead some leniency towards the language restrictions.

Maybe next test split home products from corporate products (@ShenguiTurmi), thanks for publishing the results in graphs.

I don't think @harlan4096 would enjoy dismantling @ShenguiTurmi for free because Kaspersky failed at home.
I managed to watch one of his videos and the protocol is really nice: he tries to penetrate the system as best he can with samples or Powershell scripts...

Then for his country, I won't draw a picture, but China blocks a lot of sites. But at least having Windows in English would be a good start, we're here to help each other, aren't we?

Translated with www.DeepL.com/Translator (free version)
 
F

ForgottenSeer 97327

I don't think @harlan4096 would enjoy dismantling @ShenguiTurmi for free because Kaspersky failed at home. (1)


Then for his country, I won't draw a picture, but China blocks a lot of sites. But at least having Windows in English would be a good start, we're here to help each other, aren't we? (2)
1. That is why I posted: I agree home products should be tested on default

2. That is why I posted: I would plead some leniency towards the language restrictions.
 

ShenguiTurmi

Level 3
Thread author
Well-known
Feb 28, 2023
126
I don't think @harlan4096 would enjoy dismantling @ShenguiTurmi for free because Kaspersky failed at home.
I managed to watch one of his videos and the protocol is really nice: he tries to penetrate the system as best he can with samples or Powershell scripts...

Then for his country, I won't draw a picture, but China blocks a lot of sites. But at least having Windows in English would be a good start, we're here to help each other, aren't we?

Translated with www.DeepL.com/Translator (free version)
Sincerely thank you.
I initially conducted tests to rank the effectiveness of various security software, but after my second test, WiseVector proactively contacted me and I discussed the testing process with them. Then, they released a new version to completely prevent Empire's file less attacks.
Afterwards, Huorong/QiAnXin also contacted me and I reviewed the entire testing process with them, believing that it would also be helpful to them. Now that's my main purpose, that's why I'm continuing this test. So starting from the third issue, I will not only publish the results on security forums in China, but also on MalwareTips, because I hope to write in detail how the samples were generated and what modifications were made, so that security software vendors can directly follow it to enhance their protection.
I can use these tools and hackers can also use them, so enhancing protection is not a bad thing for anyone, which is also the reason why I am disclosing it in detail.
I don't work for any security software vendor, and I'm not a full-time researcher. I just want to do my best to make the internet more secure. That's why I never provide ranking charts for the tests I publish, but I try to provide detailed explanations of the attack process and sample sources.

Because of this original intention, I seem to have overlooked the people who hope to use my tests as rankings, and I will pay attention to them in the future. Start by distinguishing between enterprise level and consumer level.
 

ShenguiTurmi

Level 3
Thread author
Well-known
Feb 28, 2023
126
I haven't used any contact as a K. forum Admin (I'M JUST A HUMBLE MOD THERE) to get that link, if You go here:


A user posted that link, just changing part of the link, You can get others country regions downloads, as I explained yesterday here:

Thank you for providing the 23.15 beta version. I activated it with KTS license and it became K Plus.
Unfortunately, there was no difference in the results. Because I couldn't post the video, I randomly took a few screenshots.
If you can contact Kaspersky officials, I strongly recommend that you provide feedback on the issue with Nimbo C2. They can indeed generate VHO detection on the original Nimbo C2 exe, but it is not effective on the DLL. And unless BypassUAC is attempted, System Watcher will also be completely blind to Nimbo C2's activities, including keylog and file transfer.
QQ截图20231021172231.png

QQ截图20231021172526.png

QQ截图20231021174821.png
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top