Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Why I think testing "labs" are useless
Message
<blockquote data-quote="MacDefender" data-source="post: 883406" data-attributes="member: 83059"><p>My thoughts on the matter of user protection:</p><table style='width: 100%'><tr><td>Scenario</td><td>Solution</td></tr><tr><td>User downloads trustworthy apps from the Windows Store or digitally signed software, respects SmartScreen and Google Safe Browsing, and does not change default settings to execute scripts/macros embedded in documents or PDFs.</td><td>Windows Defender is perfectly fine and probably won't even trigger. It's extremely unlikely to even encounter malware if you do this.</td></tr><tr><td>User is slightly off the beaten path, sometimes downloads software or documents from places not vetted</td><td>Windows Defender or most lab tested AVs are probably fine. Most likely the malware encountered this way are not zero-days and have been incorporated in most AVs for detection</td></tr><tr><td>User partakes heavily in piracy, greyware, hacktools, or other sort of habits that routinely exposes them to malware</td><td>High end AV suite with excellent zero day signatures or layered approach (e.g. BitDefender's suite, Kaspersky, F-Secure, ESET, etc). WD is likely also acceptable but in my opinion it is not AS good as some of the options above at detecting trojans in this context of greyware.</td></tr><tr><td>User as part of his job HAS to execute code or macro documents that are delivered by potentially untrusted parties (for example, if you are a reviewer for an app publishing house, or you're a data scientist who exchanges scripts and other packages, or your business involves exchanging Microsoft Office documents with legit macros)</td><td>High end AV suite with sophisticated behavior blocking (Kaspersky, Emsisoft, F-Secure, etc) or some sort of HIPS system. Even with all of this you still may be at some risk.</td></tr><tr><td>User is expected to be directly targeted by custom-tailored attacks, is intentionally executing malware for the purpose of analysis, etc, and does many of the things mentioned in the previous row above.</td><td>Good luck. No out of the box tool is going to provide meaningful protection here. User better use most of the techniques that Malware Hub testers use to contain/isolate their environment, plus host based infection detection, plus something at the network level to monitor for indicators-of-compromise, etc.</td></tr><tr><td>User literally gets an AV lab's 10,000 samples, and clicks them one by one on their computer and does not want to be infected.</td><td>Well for you, AV tests are perfectly accurate, only choose something with 100% test scores. But why would you do that?</td></tr></table><p></p><p></p><p>If you fall into the first two categories, which I consider "the average user", it is really unlikely that you even encounter malware in the first place, much less something that defeats Windows Defender and SmartScreen reputation.</p><p></p><p>It's primarily when the user intentionally has to defeat some of those layers of security to do what they do, that they would benefit from looking elsewhere for improved protection.</p><p></p><p><strong>With that said, </strong>IMO improved protection is NOT the only reason to look at a third party AV suite. Some of them provide improved visibility into the system (like Kaspersky's Application Activity / Network Monitor), or provide pseudo sandboxing tools like Application Control that can be used as a sandboxing tool, etc, so it could be soft features that lead to selecting a different tool.</p><p></p><p>I do agree with [USER=53544]@Robbie[/USER]'s original point though that something with 93% protection isn't necessarily worse than something with 99% protection at protecting you. It's all about what the 6% difference is, and what is the chance that you would end up encountering something like that?</p><p></p><p></p><p>I'm on a computer 14 hours a day and honestly I have never encountered malware without actively going out and looking for trouble.</p></blockquote><p></p>
[QUOTE="MacDefender, post: 883406, member: 83059"] My thoughts on the matter of user protection: [TABLE] [TR] [TD]Scenario[/TD] [TD]Solution[/TD] [/TR] [TR] [TD]User downloads trustworthy apps from the Windows Store or digitally signed software, respects SmartScreen and Google Safe Browsing, and does not change default settings to execute scripts/macros embedded in documents or PDFs.[/TD] [TD]Windows Defender is perfectly fine and probably won't even trigger. It's extremely unlikely to even encounter malware if you do this.[/TD] [/TR] [TR] [TD]User is slightly off the beaten path, sometimes downloads software or documents from places not vetted[/TD] [TD]Windows Defender or most lab tested AVs are probably fine. Most likely the malware encountered this way are not zero-days and have been incorporated in most AVs for detection[/TD] [/TR] [TR] [TD]User partakes heavily in piracy, greyware, hacktools, or other sort of habits that routinely exposes them to malware[/TD] [TD]High end AV suite with excellent zero day signatures or layered approach (e.g. BitDefender's suite, Kaspersky, F-Secure, ESET, etc). WD is likely also acceptable but in my opinion it is not AS good as some of the options above at detecting trojans in this context of greyware.[/TD] [/TR] [TR] [TD]User as part of his job HAS to execute code or macro documents that are delivered by potentially untrusted parties (for example, if you are a reviewer for an app publishing house, or you're a data scientist who exchanges scripts and other packages, or your business involves exchanging Microsoft Office documents with legit macros)[/TD] [TD]High end AV suite with sophisticated behavior blocking (Kaspersky, Emsisoft, F-Secure, etc) or some sort of HIPS system. Even with all of this you still may be at some risk.[/TD] [/TR] [TR] [TD]User is expected to be directly targeted by custom-tailored attacks, is intentionally executing malware for the purpose of analysis, etc, and does many of the things mentioned in the previous row above.[/TD] [TD]Good luck. No out of the box tool is going to provide meaningful protection here. User better use most of the techniques that Malware Hub testers use to contain/isolate their environment, plus host based infection detection, plus something at the network level to monitor for indicators-of-compromise, etc.[/TD] [/TR] [TR] [TD]User literally gets an AV lab's 10,000 samples, and clicks them one by one on their computer and does not want to be infected.[/TD] [TD]Well for you, AV tests are perfectly accurate, only choose something with 100% test scores. But why would you do that?[/TD] [/TR] [/TABLE] If you fall into the first two categories, which I consider "the average user", it is really unlikely that you even encounter malware in the first place, much less something that defeats Windows Defender and SmartScreen reputation. It's primarily when the user intentionally has to defeat some of those layers of security to do what they do, that they would benefit from looking elsewhere for improved protection. [B]With that said, [/B]IMO improved protection is NOT the only reason to look at a third party AV suite. Some of them provide improved visibility into the system (like Kaspersky's Application Activity / Network Monitor), or provide pseudo sandboxing tools like Application Control that can be used as a sandboxing tool, etc, so it could be soft features that lead to selecting a different tool. I do agree with [USER=53544]@Robbie[/USER]'s original point though that something with 93% protection isn't necessarily worse than something with 99% protection at protecting you. It's all about what the 6% difference is, and what is the chance that you would end up encountering something like that? I'm on a computer 14 hours a day and honestly I have never encountered malware without actively going out and looking for trouble. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
