Every Security Suite Failing His Tests...Bypassed...See Video

Looks like every one of them is failing, even Comodo on proactive settings.

https://www.youtube.com/channel/UC0clIvXIu9Wii4ytwLhxI4g/videos

 

The fail here is that it's all on Windows

But I don't speak French. Is there some public site that he's using to test with?

 

how about comodo on steroids (cruel's setup)? did (would) it fail as well?

 

I don't speak French but watching the part about containment, he isn't using Cruelsister's settings. He didn't make any changes there.

 

I can't visualize good the video. But it's a test for AV, not for HIPS is it ? I use Comodo without sandbox and HIPS in Paranoid mode: what about it ?

 

everything can be bypassed
so in other words, the sky is blue?

 

Bypasses by running .exe files? Might work for your average AV

 

Wonder how voodooshield would do?

 

I viewed the video he did for Eset. To begin with, he is using Win 7 as his test OS. Also it appeared to me he was running something from a .bat script. I do know that Eset will use AMSI to scan scripts prior to execution on Win 10.

It appears his test malware is some type of ransomware. I find it a bit odd that none are detecting it. Does make me a bit suspicious of his test malware.

 

freshly crypt a ransomware exe, run against default ESET, it will fail. no dynamic modules in ESET is such a shame..

 

I skimmed through the ZA firewall vid and at one point during the pop-up generated he clicked allow.

 

Yea I don't know...I also don't read french. Be interesting to find out.

 

Guys interesting comments...I notice he states all settings are set to maximum on each test, and still everyone is failing...

 

did you know that your safety belt in your car will 100% fail you once and let you die when you try to drive at a wall every minute of the day?

 

Want 100% security, don't turn on the computer. Dig that old Royal typewriter out of the closet, buy a ream of paper, and no worries.

 

Is this suppose to pass for genius... Not sure it is the right comparison, since you have one seat belt, vs the multitude of security soft wares he is testing, with all failures.

 

every single car is differently built, you still will die with every one of them if you keep driving it to the wall
my point is, nothing is 100%

 

There's an Eset forum member that has been doing just that behind the scenes. Most of his test ransomware are detected by AMS and HIPS behavior sigs.. Of course and due to the nature of AMS detection, a few files end up encrypted before Eset detects the 0-day ransomware.

Also it goes without saying that Eset protects you better on Win 10 than on Win 7; ELAM driver, AMSI, etc. etc..

 

all that could be solved with a proper behavior blocker. but ESET devs just put their heads in the sand and keep ignoring the problems.

 

I strongly disagree. The Ransomware shield monitors running processes for ransomware-like behavior but also takes several other aspects into account when evaluating a process, such as data from LiveGrid, the structure of files created by processes, etc. Nobody's putting their heads into sand, quite the contrary. ESET has developed a lot of technologies to prevent malware infections, such as Advanced heuristics, Advanced Memory Scanner, Exploit Blocker (behavioral), Ransomware Shield, Dynamic Threat Defense, etc. with other new technologies continually being researched and developed.
A behavior blocker would not ensure 100% detection of malware without false positives, that is a fact. However, the combination of various technologies ensures protection at various layers is what makes it much harder for attackers to make malware slip through.

 

To get this thread into proper perspective are the following comments.

1. You have some "unknown" posting a video on utube in French. So unless you speak that language, you really can't fully understand what is demonstrated.
2. He claims his "super duper" ransomware can bypass all mainstream security solutions. That alone is a big "red flag" warning.
3. How do you know for sure if the files in the demo were actually encrypted? He could have just renamed the files with the suffix he chose for his possible fake ransomware.

I really thought by now, most Wilders folks would ignore these videos where the source is not verifiable. For example, @cruelsister has long demonstrated both her and the "cat's" trustworthiness.

 

Finally for those who are not aware of or "forgot." Wilder's does have a policy statement in regards to Utube malware test video postings:

https://www.wilderssecurity.com/threads/posting-policy-recommended-threads.180128/#post-1041384

Also another ref.: https://www.wilderssecurity.com/threads/av-tests.265873/page-17#post-1639455

 

If he can do something like this for Linux, then I'll worry.

Or even, break out of a VirtualBox VM.

 

He "bypassed" Comodo Internet Security because he clicked "allow" at a HIPS popup
So, that may be a sandbox bypass (after the HIPS popup you can see a sandbox popup about XWC.exe being virtualized)... not sure if the sandbox level was at default (run virtually only) or tighten up (run virtually + limited or untrusted)

 

your screen show he allowed Explorer to execute the file, which is normal, if it was XWC.exe that was allowed then you would be right.

btw, im French