https://avlab.pl/sites/default/files/68files/protection_epayment.pdf In the test, AVLab experts used scripts written in the Python programming language, the system command interpreter, PowerShell and widely available tools for Linux system. All “harmful” scripts, which checked the tested solutions protection, weren’t detectable by antivirus signatures, so reader can consider that samples used in the test were completely undetectable for antivirus applications. Glad to see that Eset was the only vendor to pass the man-in-the-middle test although it needs work against clipboard based attacks: ESET Smart Security, for effective protection against the ARP tables infection. Software from Slovak developer, as the only one, effectively protects sensitive user data in the protection test against man-in-the-middle attacks, for which ESET company deserves a recommendation from AVLab experts. Also appears this was a test using "synthetic" malware. Again, further proof that this concept is getting totally out of control.
I had the same thoughts although there were a few comments over at malwaretips.com that the product actually does have excellent on-line banking protection.
I'm not sure what to think about this test. It makes more sense to test these apps against banking trojans, not against simulators. On the other hand, sometimes these simulators lead to improvements. But anyway, most of the tests should be tackled by blocking access to memory of the browser process. This means malware shouldn't be able to inject code and read memory. Blocking malware from monitoring the clipboard and screen is also quite easy to achieve.
I can't speak for the validity of the "synthetic" malware used. But employing Python was a good choice since it is used by a lot of financial malware: Refs: https://www.anomali.com/blog/crushing-python-malware http://www.bluekaizen.org/writing-your-own-malware/
Well, the second one is rather interesting: I wonder what it would take for it to be detected. How long that would take. Anyone have an ELI5 for that? More generally, I'd like to have "synthetic malware" that 1) most AV apps recognized, but as new, so they would (if permitted) upload for analysis. That would be very useful in testing how securable AVs are against exfiltration. Anyone know of such a thing?
I believe that is exactly what SE Labs did in this test: https://www.wilderssecurity.com/thr...ntion-test-results.392018/page-3#post-2653114
This is the AV Lab Cylance created as a response to negative results it has received from AV Labs employing established standard AMTSO methodology and samples. I would be cautious of any samples downloaded from the site. I strongly suspect they have been altered to favor Cylance's detection methods which are more slanted toward pentetration exploits of vulnerabilities rather than documented real malware methods. Additionally since Cylance is directed to the enterprise market, many to these exploits will be for example, directed to corp. network vulnerabilities, etc. that would not be applicable to a home user.
Yes, I saw the criticism: https://www.mrg-effitas.com/testmyav-an-independent-next-gen-testing-vendor/ http://d-4digital.com/msp-launches-av-testing-website-to-stamp-out-misleading-reports/ I'm just looking for stuff that will reliably trigger uploads to AhnLab's Smart Defense, Emsisoft's Anti-Malware Network, ESET's LiveGrid, Microsoft's Customer Experience Improvement Program, AVIRA's Protection Cloud, etc, etc. So it would have to be new, not in their databases, but related enough to known malware that it would always get detected. And also, have no real payload
You'll have a problem on this regard. Most if not all AV behavior analysis will examine a process for malicious like behavior before triggering a reputation scan and alerting. Win 10's SmartScreen on the other hand is for the most part is all reputation based.
are you saying this means Cylance has a back door built it or their control center spies on it's customers?
I didn't say nor imply that. I'm just pointing out that it does or has received funding from the CIA. For the hardcore privacy types that @mirimir is writing an article, this fact will drive them bonkers - even if it's all absolutely harmless. Conspiracy theories run riot... but that's every user's right.
It appears to download malware from testmyav you need a likedln account and form some reason I am not able to create one. was just curious to see how cylance faired with their files. also noticed in their tools section they offer a few tools for changing the hash of the malware.
FYI on that: https://www.wilderssecurity.com/threads/ever-heard-of-cylance.382682/page-5#post-2590126
I had no problem going to testmyav yesterday. today when I got there I get what is in my screen shot.
Edit was able to go to the site just fine with chrome. then tried again with IE 11 and was able to access it again. scratching head.
