MRG Effitas Online Banking Browser Security Certification Q1 2020

Discussion in 'other anti-virus software' started by waking, Jun 17, 2020.

  1. waking

    waking Registered Member

    Joined:
    Jan 25, 2016
    Posts:
    176
    MRG Effitas Online Banking Browser Security Certification Q1 2020
    https://www.mrg-effitas.com/wp-content/uploads/2020/05/2020_OBQ1_v1.pdf
     
  2. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,891
    Location:
    Innsbruck (Austria)
    hm, some version numbers look strange (e.g. "Bitdefender Internet Security 2019 23.0.24.134"). Version 24.0 came out already in August 2019...
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,966
    Location:
    The Netherlands
    So basically, most security tools can't block malicious extensions but most could block TinyNuke. Win Defender did quite good in the "In-the-Wild" real financial malware test.
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,643
    Location:
    U.S.A.
    Not exactly. To begin, note the browser used for testing was Chrome.

    Assumed is all AV's employing the hardened browser concept will disable use of extensions by whatever means exist for the browser being used for safe banking activities. It appears that if Chrome is being used for safe banking activities, it is possible for malware to enable its Developer mode in AV hardened browser mode. Once this mode is enabled, it is now possible to add extensions including malicious ones.

    I suspect Kaspersky which passed this test has figured out a way to prevent Chrome Developer mode from being enabled in its hardened browser mode.
    https://developer.chrome.com/extensions/faqhttps://developer.chrome.com/extensions/faq
     
    Last edited: Jun 20, 2020
  5. Gein

    Gein Registered Member

    Joined:
    Dec 8, 2013
    Posts:
    219
    Blocking untrusted extensions is one of those "mystical" and "who knows how it works" features of Webroot.
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,966
    Location:
    The Netherlands
    Yes Webroot had some interesting features.

    You would think that this attack won't work against hardened browsers? I believe they simply block all extensions from getting installed.
     
  7. Gein

    Gein Registered Member

    Joined:
    Dec 8, 2013
    Posts:
    219
    That's what most vendors banking browsers do. They launch a separate chrome derivative and a user logs in through there, which bypasses any infected addons they might have installed on their base Chrome browser. The downside is that, in the past, these browsers have been several versions behind the native Chrome release which exposes users to additional security risks. I think in one such case the browser was using a vulnerable version of TLS for users to bank with.

    IMO launching a separate browser during this test is sidestepping the issue. If you have an infected addon in Chrome, and your security software launches firefox for you to bank in, test passed. Even though the security software didn't really do anything.
     
  8. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,912
    Location:
    Outer space
    Indeed, for both those reasons I've never liked AV banking browsers.
     
  9. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,643
    Location:
    U.S.A.
    They do. The problem again is Chrome Developer mode allows extensions to be created and used "on-the-fly."

    Also and notable is Kaspersky is one of the few AV's that monitors add-ons/extensions for malicious activity. As such, activation of Chrome Developer mode most likely is immaterial as far as Kaspersky's passing of this MRG simulator test.
     
  10. Space Ghost

    Space Ghost Registered Member

    Joined:
    Apr 21, 2011
    Posts:
    225
    Location:
    Poland
    Chrome is the most popular browser according to the market share
    https://en.wikipedia.org/wiki/Usage_share_of_web_browsers
     
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,643
    Location:
    U.S.A.
    FYI on Chrome Developer mode:
    https://techjourney.net/remove-disable-developer-mode-extensions-warning-popup-in-chrome-edge/

    Of note:
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.