Jump to content
BeanSlappers

This guys test a few days ago with Eset

Recommended Posts

You can see in the test that ESET detected 100% of the samples in that SYNTHETIC (ie. not a real-world) "test" so no better result could be achieved.

We have already commented on it as follows:

This test is completely wrong. First of all, you skip the very first layer of defense - Web access protection which is very strong in ESET and blocks download from malicious urls which could save users in many cases from new malware even entering the system. Secondly, by disabling real-time protection you prevent HIPS from receiving events on the file system level and thus make HIPS and all HIPS dependent components ineffective, such as: Ransomware shield, Exploit Blocker, Advanced Memory Scanner, Deep Behavior Inspection, Advanced Machine Learning, etc.

Disabling real-time protection is not just disabling the use of signatures which are, by the way, typically smart DNA signatures in case of ESET, ie. they only describe the malicious behavior to be detected. Disabling RTP prevents other modules from working effectively since they won't receive information about file system events which have nothing to do with signature detection whatsoever.

In real world users must not and do not disable particular protection modules. If they do, they must understand they do it at their own risk and expose the machine to malware attacks and infection.

Share this post


Link to post
Share on other sites
6 hours ago, BeanSlappers said:

Hey Guys,

How is this going to result going to be resolved to be made better?

https://www.youtube.com/watch?v=ps7XNo-DOmI

 

In tests before , he used to turn off all protections in order to get the malware inside the computer and then turn on real-time to see the results against his python script that runs the malware.

This time he has turned off real-time protection also , which seems to be weird kind of a test , only the HIPS was working, I believe real-time protection can and will do protect against the malware that trying to run

He tests only 1 layer of protection , while security products rely on multi-layer protections everywhere , not only ESET , because they already know that you can bypass one layer , so maybe the second can stop? the third? etc..

Share this post


Link to post
Share on other sites
3 hours ago, Marcos said:

You can see in the test that ESET detected 100% of the samples in that SYNTHETIC (ie. not a real-world) "test" so no better result could be achieved.

We have already commented on it as follows:

This test is completely wrong. First of all, you skip the very first layer of defense - Web access protection which is very strong in ESET and blocks download from malicious urls which could save users in many cases from new malware even entering the system. Secondly, by disabling real-time protection you prevent HIPS from receiving events on the file system level and thus make HIPS and all HIPS dependent components ineffective, such as: Ransomware shield, Exploit Blocker, Advanced Memory Scanner, Deep Behavior Inspection, Advanced Machine Learning, etc.

Disabling real-time protection is not just disabling the use of signatures which are, by the way, typically smart DNA signatures in case of ESET, ie. they only describe the malicious behavior to be detected. Disabling RTP prevents other modules from working effectively since they won't receive information about file system events which have nothing to do with signature detection whatsoever.

In real world users must not and do not disable particular protection modules. If they do, they must understand they do it at their own risk and expose the machine to malware attacks and infection.

Thank you Marcus.

Share this post


Link to post
Share on other sites
Posted (edited)

Another "absurd" test from the PC Security Channel.

To begin, the author is an Emsisoft employee that "supposedly" runs this web site independently. If you believe that, I assume you also still believe in the tooth fairy.

The reason why he disabled real-time scanning is his supposed objective is to test Eset's behavior detection. He repeatedly refers to Eset's HIPS indicating the fool has no idea how Eset's protection mechanisms work. By disabling real-time protection, he disabled the most important new Eset protection; Augur's advanced machine learning.

This type of "garbage" testing is what you would expect from the amateur ad hoc malware test sites. These also espouse disabling a security solution's real-time protection to supposedly test a products behavior detection capability. However, the PC Security Channel author purports that he is a skilled "security professional."

Finally and most import and highlighted previously by @Marcos is this. Malware doesn't just "magically" arrive on your PC. All this like crap testing assumes just that since the amateurs just run their previously downloaded password protected archived samples one after another. The whole objective of modern security software is to prevent those downloads from happening. If this can be achieved, anything after that point is irrelevant.

Edited by itman

Share this post


Link to post
Share on other sites

Even if we forget the fact that it's a synthetic test with Web access protection ruled out which is an important 1st defense layer in real world, ESET still scored 100%. However, disabling also real-time protection makes the AV product even more crippled since real-time protection affects especially HIPS as already explained. In real world that would equal to a situation when an attacker managed to log in remotely or locally with administrator rights, disabled or uninstalled the AV and then the user wondered how come the AV hadn't protected him or her.

Share this post


Link to post
Share on other sites
Posted (edited)

As far as all this amateur ad hoc malware testing is concerned, I think the Chicken Little nursery rhyme is appropriate. Foxey Loxey is the malware payload deliverer:

Quote

Chicken Little

Chicken Little likes to walk in the woods. She likes to look at the trees. She likes to smell the flowers. She likes to listen to the birds singing.

One day while she is walking an acorn falls from a tree, and hits the top of her little head.

- My, oh, my, the sky is falling. I must run and tell the lion about it, - says Chicken Little and begins to run.

She runs and runs. By and by she meets the hen.

- Where are you going? - asks the hen.

- Oh, Henny Penny, the sky is falling and I am going to the lion to tell him about it.

- How do you know it? - asks Henny Penny.

- It hit me on the head, so I know it must be so, - says Chicken Little.

- Let me go with you! - says Henny Penny. - Run, run.

So the two run and run until they meet Ducky Lucky.

- The sky is falling, - says Henny Penny. - We are going to the lion to tell him about it.

- How do you know that? - asks Ducky Lucky.

- It hit Chicken Little on the head, - says Henny Penny.

- May I come with you? - asks Ducky Lucky.

- Come, - says Henny Penny.

So all three of them run on and on until they meet Foxey Loxey.

- Where are you going? - asks Foxey Loxey.

- The sky is falling and we are going to the lion to tell him about it, - says Ducky Lucky.

- Do you know where he lives? - asks the fox.

- I don't, - says Chicken Little.

- I don't, - says Henny Penny.

- I don't, - says Ducky Lucky.

- I do, - says Foxey Loxey. - Come with me and I can show you the way.

He walks on and on until he comes to his den.

- Come right in, - says Foxey Loxey.

They all go in, but they never, never come out again.

 

Edited by itman

Share this post


Link to post
Share on other sites
Posted (edited)

Let's talk about malware delivery since I am really tired of this ad hoc amateur testing baloney.

90%+ of malware including ransomware arrives on a device via e-mail. That is the malware dropper is the e-mail itself. If your going to test a product's anti-malware capability, you need to duplicate how the malware was delivered. This means your malware sample needs to be the source e-mail. Additionally, the e-mail must be delivered through normal e-mail methods; not downloaded as a password protected archive malware sample. If downloaded as an archive, extract the e-mail malware sample and e-mail to yourself.

What is going on with these ad hoc tests is the samples being used are malware components embedded in the e-mail; scripts or whatever. Running these outside the context on how they were actually deployed is not only irresponsible, it is ridiculous. The common perception being perpetuated is that the malware payload; i.e. sample, is effective regardless of how it is deployed. That's is a flat out misconception.

Finally, ponder a bit on what is the basic element of malware behavior testing. That element is duplicating the behavior on how the malware was delivered originally.

Edited by itman

Share this post


Link to post
Share on other sites

Also let's talk about AMTSO testing standards that member AV labs adhere to. The standard for real-time AV product testing is the malware sample must be downloaded from its source.

If "simulated" malware is employed in a test series, it must be indicated as such and can not be used to penalize for non-detection in certification testing.

Share this post


Link to post
Share on other sites

As usual someone claiming to know what they are doing but the test is basically rigged. It won't be the last but sadly people may see this and not realise.

To tell the truth most users wouldn't download multiple forms of malware all at once but most users shouldn't be disabling key features either

Share this post


Link to post
Share on other sites
1 hour ago, peteyt said:

As usual someone claiming to know what they are doing but the test is basically rigged. It won't be the last but sadly people may see this and not realise.

To tell the truth most users wouldn't download multiple forms of malware all at once but most users shouldn't be disabling key features either

Reading the comments on the YouTube , you can see that most of the people believe what they see and also request another tests for another AVs

If you are aware where you access and don't open suspicious files and don't go into suspicious websites , most likely your AV won't detect anything in that time unless something bad happened in your normal websites or you got yourself directed to somewhere bad , it happens sometimes.

But for me I never had ESET fail me , it can fail me I know that it's possible because nothing is 100% sure , but still even if it fails me one time I don't think that I would go on hating-mode , it's ok , I can format and resurrect again.

More important than AntiVirus is that the user who are sitting behind the monitor understands what he is doing on the computer.

There are videos that ESET got worse while they show another AVs they got 100% like Kaspersky , but still doesn't drive me to take Kaspersky , It's still a personal choice after all , I just can't get out of my mind that Kaspersky and Norton one day slowed your computer to the maximum , even now if they claim super fast programs , I still believe in the same program that was programmed to be light in the first place.

Share this post


Link to post
Share on other sites
4 hours ago, Nightowl said:

Reading the comments on the YouTube , you can see that most of the people believe what they see and also request another tests for another AVs

If you are aware where you access and don't open suspicious files and don't go into suspicious websites , most likely your AV won't detect anything in that time unless something bad happened in your normal websites or you got yourself directed to somewhere bad , it happens sometimes.

But for me I never had ESET fail me , it can fail me I know that it's possible because nothing is 100% sure , but still even if it fails me one time I don't think that I would go on hating-mode , it's ok , I can format and resurrect again.

More important than AntiVirus is that the user who are sitting behind the monitor understands what he is doing on the computer.

There are videos that ESET got worse while they show another AVs they got 100% like Kaspersky , but still doesn't drive me to take Kaspersky , It's still a personal choice after all , I just can't get out of my mind that Kaspersky and Norton one day slowed your computer to the maximum , even now if they claim super fast programs , I still believe in the same program that was programmed to be light in the first place.

The thing is when people get infected they tend to blame the AV for not protecting them but they rarely ask the important question of where did it come from. I've seen a lot of people in the past for example downloading illegal cracks and even adding them as exceptions and then when they turn out to be actually malicious they blame the AV. These same type of users probably ignore window updates including patches but then complain when they get exploited even though there was a patch available.

For me like yourself it comes down to preference AV wise. Most of the well known AVs tend to get similar scores across AV tests. If you kept going for the one that was top you'd be moving constantly and it gets more complicated when you look at different tests and see different scores.

If your AV is doing you good unless it scores very poor on a reputable test e.g. not a YouTuber, your best sticking. As they say if it isn't broken don't fix it.

Share this post


Link to post
Share on other sites
9 hours ago, Nightowl said:

Reading the comments on the YouTube , you can see that most of the people believe what they see and also request another tests for another AVs

If you are aware where you access and don't open suspicious files and don't go into suspicious websites , most likely your AV won't detect anything in that time unless something bad happened in your normal websites or you got yourself directed to somewhere bad , it happens sometimes.

But for me I never had ESET fail me , it can fail me I know that it's possible because nothing is 100% sure , but still even if it fails me one time I don't think that I would go on hating-mode , it's ok , I can format and resurrect again.

More important than AntiVirus is that the user who are sitting behind the monitor understands what he is doing on the computer.

There are videos that ESET got worse while they show another AVs they got 100% like Kaspersky , but still doesn't drive me to take Kaspersky , It's still a personal choice after all , I just can't get out of my mind that Kaspersky and Norton one day slowed your computer to the maximum , even now if they claim super fast programs , I still believe in the same program that was programmed to be light in the first place.

Eset hasn't failed me either, and everything works perfectly,  I think that I might just go off it, and yeah I wasn't blind to him turning things off.  I was with  Kaspersky because I moved to Eset.  I did the move cause they tech support is bloody useless, and not to mention a lot of problems with the network protection with making the network no see other computers and not allowing connection to them most times.  Me personally I need to be able to get to everything on the network when I need it and so does the people that live here too.  Eset makes that happen with no problems for me with the network side of things.  Noticed the difference soon as I removed Kaspersky and installed Eset.  Glad I mad the change to be honest.

Share this post


Link to post
Share on other sites
14 hours ago, peteyt said:

The thing is when people get infected they tend to blame the AV for not protecting them but they rarely ask the important question of where did it come from. I've seen a lot of people in the past for example downloading illegal cracks and even adding them as exceptions and then when they turn out to be actually malicious they blame the AV. These same type of users probably ignore window updates including patches but then complain when they get exploited even though there was a patch available.

For me like yourself it comes down to preference AV wise. Most of the well known AVs tend to get similar scores across AV tests. If you kept going for the one that was top you'd be moving constantly and it gets more complicated when you look at different tests and see different scores.

If your AV is doing you good unless it scores very poor on a reputable test e.g. not a YouTuber, your best sticking. As they say if it isn't broken don't fix it.

Use google , and try to search for un-released games , people do search for cracks/cd-keys for un-released games , so what do you expect? , same as films that are still in theaters , people search for it over the internet.. well , it's still in theater you can't find it on internet

The most important part in Security is the person sitting infront of the monitor, not the AV.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...