MRG Effitas Online Banking Browser Security Certification for Q1 2017

Some forum posters here really confuse the heck out of me. When 3rd-party AVs use reputation-based systems to improve their protection, it's all fine and dandy...but when Microsoft does it, it should not be counted...

I wonder what age we are living in where people are still stuck at looking at "detection" only...

 

If you have read my comments in the like Q4-2106 test thread, I assume the other vendors share those opinions. That is MRG testing has left the realm of real world testing and entered the one of theoretical penetration testing.

 

Do they? I haven't actually used an AV since 2006, so perhaps that's the problem. But AFAIK, AV's will always clearly state if some app is malware or not, there is no inbetween. So if Win SmartScreen reports that some app is "unknown" that should be marked as a fail in my book. So if guest's theory is right, Win SS will hardly improve malware detection rate of Win Def.

This automatically means that disabling Win SS during testing is not an issue. Of course if white-listing is allowed, then it will obviously improve "detection" because it will simply block unknown apps from running, no matter if they are malware or not. Any other AV could implement such a system, and in theory they will all have a 100% detection rate.

 

Well I guess that's why they do 2 tests. I'm not defending MRG but looking at the 2 tests why is Webroot the only one that has corrected the issue from test one to test two? As MRG says it's like extra free QA for the vendors which is good IMO.

 

MS care about the test because they are in touch with the tester
MS sells security products in case you haven't notice, nobody is going to buy anything from them if his most famous security product scores always the last one in tests.
The have invested a lot of money in all their security products for enterprise and in their new ml/ai cloud and of course in windows defender, so of course they care about it, and they want to look good in test to sell more taking into account all the bad propaganda that WD has had in the past

 

if we talk corporate environment, i agree. WD ATP is the best example.
if we talk home users (which is the actual debate), they don't at all.

+1

1- come on Rasheed, you have the mindset about the AVs in the 90's , now AV's can't make the decision just by their signature engine; what about FUD malware (those wrapped/packed and encrypted), the HIPS/BB /sandbox are the only features stopping them.
2- unknown isn't means malicious, it is just unknown, and may be flagged later as safe (like updated or unsigned file from a soft) or malicious (malware). It is a fail if used by a happy clicker, a pass if used by a smart user; in my book i consider people blocking an alert a win because people in real life stop at the red light...idiots will keep crossing the road. The problem is you believe that products must be omniscient and must do everything instead of the user. will never happen, at least not until 20 years with real Ai.
3- stop thinking WD as alone feature, it is now WDSC on Win10, get prepared with EMET getting in WDSC.
4- what do you think they are doing with HIPS or Application Control, they already use those whitelisting methods. look at Kaspersky and some others.

 

You didn't answer my question. Do you know if in general AV's alert about "unknown software"? If yes, it should be allowed as a pass, but according to MRG's criteria it should be clearly stated that you're dealing with malware. Also, I wonder if AV's offer white-listing (default enabled), with that I mean: all apps not on the list are not allowed to run. This should normally result in a 100% protection rate. So then we might as well stop with AV testing.

 

PC Matic. Problem is their FP rate is so astronomical, not one AV Lab has certified them. But if your an anti-exec aficionado, that shouldn't matter - right?

 

Wow, I just took a look, it looks like crapware. But yes, false positives will always be a problem, with both black and whitelisting.

 

Here's the link to the Virus Bulletin RAP test where PC Matic scored 99.9% on the RAP test: https://www.virusbulletin.com/virusbulletin/2016/08/vb100-comparative-review . You have to scroll down in the report a ways to find it. Guess what the FP count was? How about 13,753.

 

the signature engine will not, but their side features like BB/HIPS will.

 

Reading your answer I guess you haven't read what I wrote at all and you are not aware of the share of back ends between the different products.

 

You guessed wrongly.
i'm fully aware, my point is all MS does is improving the Enterprise version first (where the money is), home users comes last.

 

You didn't get it.
1)the enterprise av and the personal one shares a lot of stuff
2)if they score bad with the personal AV they are not going to sell anything because in the enterprise environment everyone thinks that ms security products are crap. They only way to change this perception is making the personal AV score good

 

i know that since years but it doesn't matter on our discussion. we don't discuss here about corporate environments.

Stop sell what? companies bought MS products since the age of time , without WD even being present, nothing will change that. They need MS products in some extent based on the company software model, resources available and deployment plan.
You really believe that WD or any AVs is the main protection mechanism in corporate environment...? (it is not.)
So if they do bad in tests, will it be a game changer? (not at all.)
As if a company will modify their purchases plan because of some obscure lab tests result?... be serious please... (and even if some does, i pity the admin having to handle this kind of CEO)

You can't apply home user "thought model" into corporate environment, but the opposite can be.

 

Sorry the moment you change the subject and started to talk about MS products in general I stop reading.


Is not very smart to say that the fact that the consumer product and the Enterprise one share a lot of stuff is not linked at all with the fact that ms is interested in investing in the consumer product.

And yes companies takes decision about what security product to purchase based in tests, home made test, reviews, comparison and the perception in general is that ms security products are crap and a part of it comes from the perception of the consumer product.
If you find this hard to understand we don't
need to talk any longer.

 

Again who care of the relation between consumer products and enterprise one on this thread. You debating for details. MS invest first in Ent products, everybody knows that. We can see it with all the security features/platform available in Ent version that are lacking in Home version. (Windows ATP, credential/device Gurad, etc...).

Just by saying that i can tell you never worked in the IT department of a big company...as if admins read reviews of the latest home user products to base their security setup in corporate environment...gimme a break.
When in the past i joined an IT department, i asked to my chief admin "you don't use AV like ESET, Avast?" he smiled at me and said..."you are not at home, you are in a company using 500+ workstations, what we use for security, you probably never heard of"
by the way, do you know what is one of the most used security application used in a serious corporate environment?

Don't apply consumer model to corporate environment. if you can't , indeed there is nothing much to discuss together.

 

Of course if you start to twist what I wrote there is nothing to talk about. I would at least expect some reading comprehension.

The example of you asking to the chief, and the last 3 paragraphas in general show 2 things.
1. This example has nothing to do with what I wrote. Read it again.
2. How ignorant you were

 

Geese, guest and guest, two of my favorite posters, lets make an agreement to both disagree.....

 

ok... so move on then...
i just wanted to point that admins in "serious" companies generally don't use products reviewed in test labs and magazines.

yes i was ignorant like everybody in some points, it was more than 15+ years ago; it was my first real IT position in a serious tech company selling hardware to military...so of course they don't have the same security model as the other classic companies i worked for. Those classic companies using "big names" endpoint solutions, some even using home user products...

Of course, i agree to disagree , even accepting pointed my mistakes when i have verified facts to contradict me. if not...i won't care of the statement. i'm like that

 

I know, this is why I never mentioned lab-tests and magazines.
So keep talking with yourself, and try to read English more often

 

Those 3rd-party AV users will always want to bash MS simply because, for them (some even claim they don't use any AV but they're always aware of the 'darn' WD), this company will always be crap in respect to security. Oh, and for them, MS is prohibited to make improvements in that regard. Die you MS.

 

Wrong, I don't care about what AV people prefer, my problem is with the fanboys. If WD scores good there is no problem, if it scores badly they come up with excuses. In general I think M$ has done a great job in making the OS (Win 8 and 10) a lot safer, they tried to make it harder to exploit. Too bad they ruined Win 10 with all of the spying.

But M$ also produces a lot of crap, certain products are just not good enough, take Edge for example. I'm just telling it like it is, but fanboys can't deal with it. And BTW, most third party AV's are crap too. Way too bloated and bad for privacy. But I'd still prefer the best free third party AV over crappy Win Def.

 

I agree. Testing procedure is doubted when score is low and not when result is great (even if procedures are similar).
Also for hardening and protections in latest Windows OS and for most other aspects of this OS.

 

Also to get the facts straight, WD didn't have "true" reputational cloud scanning until "first sight" was introduced with Win 10 1607. All the major third party AV vendors have had cloud rep scanning for years.

Then there is the question about heuristic analysis being performed in the cloud by WD. Again if malware takes out the Internet connection, that security check is not being performed. This is in stark contrast to third party AV's that perform heuristic analysis locally. They utilize it when they get a "generic" signature detection, certificate or hash discrepancy in addition to a rep alert to sandbox the process and monitor for suspect behavior.