MRG Effitas 360 Degree Assessment & Certification Q4 2016

Yes exactly, this has to be one of the dumbest complaints ever. The point was to check which AV performs the best, it's not about Win SmartScreen. And besides, who knows how many people disable stuff like UAC and Win SS because of the annoyance factor? Plus Win SS doesn't actually identify malware, it just let's people know some app might not be trustworthy, and people can easily dismiss this warning.

 

Again, the link is useless to sustain your affirmation

Regarding the test I want to know how good is a product not how good is in combination with another, because there are as many combinations as possible configurations

 

I posted the report link here: https://www.wilderssecurity.com/thr...tification-q4-2016.392182/page-3#post-2654495

You have to register w/NSS Labs to get the report. Thereafter you will receive an e-mail from them periodically on their "latest and greatest."

 

Thanks.

Regarding the test I just said that the AV companies that have a web filtering component it doesn't make any difference to have it installed or not because they know that a site is bad because the can recognize the malware on it so if the web filtering is disable the AV will stop it. Even modern AV will use the URL where the file was downloaded as an input for their cloud engines so it makes even more useless the web filtering component. Of course for phishing can be useless but modern browsers will block any login in a HTTP site.

And obviously if you use an AV and the web filtering of another AV company you may get some additional protection but the testing organizations can not test all the combinations even if we are talking about Microsoft products.

I don't care and I don't want them to enable smart screen because I want to know how good a product is, and not how it performs in combination with other products because I may want not to use them for whatever reason.

I don't know what matin is trying to proof with the test

@Martin_C

 

+1

 

It's funny to see how some people is afraid of Windows Defender, it seems either they can't live without it or WD is just the devil itself for them

 

yes totally and they keep staying on Windows adding tons of softwares fueling their paranoia . I rather go in Linux will be far safer. Personally, i keep WD because it is built-in and interact nicely with the system, i really don't need it at all.
Anyway now WD is a Windows Component (see group policy) and should be considered as such and not the way MSE was (an standalone solution).
If it wasn't i won't even care and discuss about it.

My security methodology :

- Harden the OS as much as i can (that includes using all native features available)
- Add security softwares if i need some layers to be covered.

 

Somewhat interesting article:

Microsoft Flaws Mitigated by Removing Admin Rights: Avecto
Link: http://www.securityweek.com/microsoft-flaws-mitigated-removing-admin-rights-avecto

For whatever reason, I cannot access the linked .PDF report within that article at the moment.

 

Here's the link: http://img03.en25.com/Web/AvectoLimited/{a6065f43-7417-4f64-b148-f635d48342a4}_report-microsoft-vulnerabilities-2016.pdf?elqTrackId=5eb33f1aa0c641d49422fd740e3d14a9&elqaid=510&elqat=2 . I had no problem accessing it.

And when we are talking limiting admin rights for the average Win 10 home user, we are talking running as a standard user - correct?

 

Excellent article, @WildByDesign.

(.PDF opens fine here)

 

From report:

So it seems that malware developers are not moving to SUA compatible malware. Maybe because most people still run as Admin and they don't have to?

EDIT: IDK how another AV test thread became thread about Windows built-in security

 

seems the case:

To be noted:

It is why im still amazed by some people here using admin accounts as main account for surfing and downloading stuff...

 

yes, 100% of the computers i fixed from infection were on admin account; 100% of those i switched to SUA (and explained to the users some basic safe habits) weren't infected after.

because , Windows built-in security is the foundation on how you secure your system, then you can add whatever softs you need and want ; but the basis must be enabled.

 

Sveta don't sweat it, these Win Defender fanboys are getting totally out of control. They can't seem to accept the fact that it's crap, and come with lame excuses about how Win SS would have blocked all of your samples.

 

Actually, the report from Avecto is a bit misleading. Because they don't know what malware would be loaded on the machine if successfully exploited. Removing admin rights doesn't block the code execution itself, it only blocks the elevation request. In other words, if malware is capable to run without any admin rights (like some banking trojans and ransomware can do) then removing admin rights won't help.

http://hexatomium.github.io/2016/02/16/lua-powers/

 

What the report is recommending is "all" admin rights be removed. That is, people should be using standard user accounts; not the default limited admin account.

 

In response to the never ending "mindless" Windows Defender vs. the AV Labs testing comments are my following comments which are implied in my "Microsoft Challenge."

The AV Labs are not testing browser security effectiveness; they are testing AV software effectiveness. The SmartScreen protection built into IE and Edge is a browser protection. Additionally, no equivalent like protection exists in FireFox or Chrome in default configuration. When an AV Lab runs a comparative test, it should approximate how the tested AV software will perform regards of browser used.

Therefore, it is necessary to disable SmartScreen in IE and Edge when either browser is used in AV Lab tests. Additionally if browser based SmartScreen is enabled, it could interfere with malware downloads. That is remote possibility, since it only checks files loaded into the designated download folder.

Getting back to my "Microsoft Challenge," I do believe the AV Labs should start doing individual IE, Edge, FireFox, and Chrome AV software comparatives using with all recommended security settings for the browsers enabled. I believe this is necessary to test overall product security effectiveness when a given browser is used. It is a well known fact that not all security product features work without issues for all the main four browsers mentioned.

 

In regards to SmartScreen browser protection, it is what the AV vendors describe as "post-mitigation" detection. That is the malware is already present in the browser memory space when and if it is detected. The problem with this approach is that the malware could have already performed malicious activity prior to being detected. AppContainer if employed, will contain the malware spreading from outside the browser - maybe. However, it does nothing to stop pass word stealers, memory based keyloggers, and like from doing "their thing."

On the other hand, many major AV vendors web filtering protection inspect web traffic prior to being loaded into the browser. They do so by using a NDIS mini-port filter attached to the network adapter IPv4/6 connection or by capturing inbound traffic at the firewall level using the Windows Filtering Platform(WFP). This facility also allows for scanning of non-browser based inbound web traffic if so desired. The AV products can also inspect inbound encrypted web traffic using their respective SSL protocol scanning feature.

 

+1
Because a typical user does not fiddle with these settings.
He buys an AV, or Internet-Security, or even a Total-Protection and installs it with default settings.

I don't like the turning in circles, whether some components should be disabled, or not, by AV-Testing-Labs.
Disabling OS build in security is no "Real-World testing" period...

 

That is not correct.
Please reread the link I posted on page one in post #25.
The in-browser SmartScreen will block BEFORE any web content is parsed and rendered.

 

Exactly.
Users looking at all those reports released week after week from various labs, are made to believe that they see the results of a fresh out-of-the-box OS tested.
They have no way of knowing that they see the results of a semi-disabled OS.

 

Because they are comparing commercial AV's not OS security features?

 

There was a concern that did test Win 10 native protections with all features enabled. It also BTW used URL samples provided by MRG:

Ref.: http://www.pcmag.com/article2/0,2817,1926596,00.asp​

 

That "test" you refer to now, are of the old SmartScreen implementation.

The NSS Labs test I have linked to earlier in thread are of the new SmartScreen implementation. (link are in post #19 on page one of this thread)

Surely you remember the NSS Labs test that showed, and I quote from report :

With Windows 10 1607 branch (Anniversary Update), SmartScreen got yet another huge update.
And I quote from Microsoft link :

Official link : https://blogs.windows.com/business/...-of-the-windows-10-stack/#PMgmIRs0Dx2vGQUg.97

And as the NSS Laps test showed, that update in Anniversary Update was a very powerful boost.

 

The NSS Lab tests were for anti-phishing and social engineering malware only. I posted this fact previously multiple times in this thread.