AVLab - three tests against bashware, ransomware and cryptominer threats

Discussion in 'other anti-virus software' started by avlab, Jun 14, 2018.

  1. avlab

    avlab Registered Member

    Joined:
    Aug 2, 2013
    Posts:
    25
    Location:
    Poland
    Hello Guys,

    We pepared three security tests against bashware, ransomware and cryptominer threats. Full report you can find on our English webpage: https://avlab.pl/en/best-antivirus-software-2018-based-three-security-tests

    To perform security tests we had used our new automatic system which is based on Linux, NodeJs and Python scripts. All information, algorithm and details you can find in article.
     

    Attached Files:

  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Thanks for the "heads-up." Thorough and creative testing as usual from your organization.
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    @avlab for clarification, did the ransomware samples used bypass Windows Defender Controlled Folder protected directories?
     
  4. avlab

    avlab Registered Member

    Joined:
    Aug 2, 2013
    Posts:
    25
    Location:
    Poland
    Hi itman. To make prodecures as full-automate we created files in a folder on the disk. If these files were encrypted, the result was clear - files has been encrypted by ransomware. We did not check whether Windows Defender protects the folders specified in "Data Controlled". Regardless, if some files would be encrypted, so the result is negative. But I understand you. It is up to the user to set additional folders with private files as protected in Windows Defender.
     
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Thanks for the prompt reply.

    As far as I am concerned, Microsoft's creation the protected folders option in Win 10 was a "self admission" that Windows Defender ransomware detection was deficient.
     
  6. avlab

    avlab Registered Member

    Joined:
    Aug 2, 2013
    Posts:
    25
    Location:
    Poland
    That's way they choose the easy way but not necessarily the right.
     
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Actually I thought it was a bit too much info and unclear. Did they only use three malware samples? And I would advice them to scrap this whole "level" system, only thing that matters if the threat was blocked or not.
     
  8. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Hum ………. Were you fully awake when you read the report?
     
  9. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Per the test report:
    Early level detection is the most advanced level of protection.

    Low level detection affords the least level of protection. This is because the malware has begun execution. As such, it may have been able to perform malicious activities such as credential harvesting and other recon activities prior to being detected attempting to perform system modification activities. The data gained by the attacker can then be used to launch a customized targeted attack. Best example of this is the attacker drops a backdoor. He then attempts an immediate attack that is detected and blocked. Later he uses the backdoor to deliver an attack he know will succeed on the device. Another example is ransomware that delivers additionally malware payloads. The ransomware attack is successfully blocked but the additional malware have been successfully installed.
     
    Last edited: Jun 16, 2018
  10. Ford Prefect

    Ford Prefect Registered Member

    Joined:
    Oct 31, 2008
    Posts:
    111
    Location:
    Germany, Ruhrpott
    Taking a look at some vendors' results, it is interesting to observe that some Enterprise solutions scored better in the ''early level" than the corresponding Consumer solutions. From my understanding, "early level" detections are cloud- and signature--based.

    @avlab: I guess you did not perform all tests in parallel, so vendors adapted cloud- / signature-based detections based on telemetry data of their proactive components (and maybe based on some other channels).

    This testing approch would be a little bit inaccurate from my point of view.

    However, again a test covering interesting aspects.
     
  11. avlab

    avlab Registered Member

    Joined:
    Aug 2, 2013
    Posts:
    25
    Location:
    Poland
    The tests were performed at the same time. The difference is that technology licenses are implemented to a different extent. For example, G DATA, Arcabit and F-Secure have Bitdefender technology, but the result is weaker than Bitdefender. This is explained in the summary.
     
  12. Ford Prefect

    Ford Prefect Registered Member

    Joined:
    Oct 31, 2008
    Posts:
    111
    Location:
    Germany, Ruhrpott
    Thanks for your feedback. I did read the summary, but I wanted to point to a different observation:
    E.g. compare Avira pro Business and Avira free AV. Business catched more samples in early level. Probably these detections are cloud- and signature--based. I don't think that there is a difference concerning the relevant components in Business and Consumer product (same for G Data).
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    That's what you get with too much info, my bad. :D

    Just because malware has already been loaded doesn't mean it can achieve its goal, it's the job of the behavior blocker to block suspicious activities.
     
  14. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    "In a perfect PC security world" such would be achievable. We are not there yet and probably never will be in spite of all the current Next Gen and AI hype.
     
  15. avlab

    avlab Registered Member

    Joined:
    Aug 2, 2013
    Posts:
    25
    Location:
    Poland
    After the test, everyone received feedback. The producer did not have any comments regarding with difference result for both solutions.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.