MRG Effitas Online Banking Browser Security Certification Q1 2020 https://www.mrg-effitas.com/wp-content/uploads/2020/05/2020_OBQ1_v1.pdf
hm, some version numbers look strange (e.g. "Bitdefender Internet Security 2019 23.0.24.134"). Version 24.0 came out already in August 2019...
So basically, most security tools can't block malicious extensions but most could block TinyNuke. Win Defender did quite good in the "In-the-Wild" real financial malware test.
Not exactly. To begin, note the browser used for testing was Chrome. Assumed is all AV's employing the hardened browser concept will disable use of extensions by whatever means exist for the browser being used for safe banking activities. It appears that if Chrome is being used for safe banking activities, it is possible for malware to enable its Developer mode in AV hardened browser mode. Once this mode is enabled, it is now possible to add extensions including malicious ones. I suspect Kaspersky which passed this test has figured out a way to prevent Chrome Developer mode from being enabled in its hardened browser mode. https://developer.chrome.com/extensions/faqhttps://developer.chrome.com/extensions/faq
Blocking untrusted extensions is one of those "mystical" and "who knows how it works" features of Webroot.
Yes Webroot had some interesting features. You would think that this attack won't work against hardened browsers? I believe they simply block all extensions from getting installed.
That's what most vendors banking browsers do. They launch a separate chrome derivative and a user logs in through there, which bypasses any infected addons they might have installed on their base Chrome browser. The downside is that, in the past, these browsers have been several versions behind the native Chrome release which exposes users to additional security risks. I think in one such case the browser was using a vulnerable version of TLS for users to bank with. IMO launching a separate browser during this test is sidestepping the issue. If you have an infected addon in Chrome, and your security software launches firefox for you to bank in, test passed. Even though the security software didn't really do anything.
They do. The problem again is Chrome Developer mode allows extensions to be created and used "on-the-fly." Also and notable is Kaspersky is one of the few AV's that monitors add-ons/extensions for malicious activity. As such, activation of Chrome Developer mode most likely is immaterial as far as Kaspersky's passing of this MRG simulator test.
Chrome is the most popular browser according to the market share https://en.wikipedia.org/wiki/Usage_share_of_web_browsers
FYI on Chrome Developer mode: https://techjourney.net/remove-disable-developer-mode-extensions-warning-popup-in-chrome-edge/ Of note:
