Jump to content

Recommended Posts

6 hours ago, Damjan said:

ESET, worst performer in :

https://www.av-comparatives.org/tests/real-world-protection-test-july-october-2022/

ESET:                                      98.9%
Microsoft Defender (free) :99.5%
 
 
Link to comment
Share on other sites

1 hour ago, Damjan said:

Microsoft Defender vs Ransomware 2022 (crypto virus). Windows Defender is not good

Since you referred to a PC Security Channel test, here is an Eset Internet Security test against ransomware: https://www.youtube.com/watch?v=ps7XNo-DOmI&list=PLRs8fqjYD5ILw73zeNeEXpwoP9Swk13qD&index=18 that was performed a while back.

Comparing to two test results shows WD does have behavior detection capability against 0-day ransomware whereas, EIS does not. Since the Eset test is a bit dated, a retest of EIS would be required before a definitive conclusion can be had on current Eset 0-day ransomware protection capability.

Link to comment
Share on other sites

Would love to see AV-Comparative do a test with Eset Premium with Live Guard. I am curious if it would fare better than the Internet Security. Or even on the PC Security Channel.

Link to comment
Share on other sites

3 minutes ago, MartinPe said:

Would love to see AV-Comparative

AV-C doesn't get into simulated malware testing per se. Note that in AV-C APT tests, real malware is deployed via advanced methods such Win trusted LoL processes. A better source would be MRG Effitas

Link to comment
Share on other sites

I forgot that MRG Effitas which tests Eset's business products; i.e. Eset Endpoint Security, performs simulated ransomware tests for behavior capability as part of its yearly 360 test series. Eset failed to get ransomware certified in the following tests:

https://www.mrg-effitas.com/wp-content/uploads/2022/02/MRG_Effitas_360_Q4_2021.pdf

https://www.mrg-effitas.com/wp-content/uploads/2022/08/MRG_Effitas_360_Q2_2022v3.pdf

https://www.mrg-effitas.com/wp-content/uploads/2022/11/MRG_Effitas_360_Q3_2022-final.pdf

Bottom line here is one would be well advised to deploy Eset's recommended HIPS and firewall rules against ransomware. These will protect you at least against the commonly known attack vectors used by ransomware.

 

Edited by itman
Link to comment
Share on other sites

There is a positive side though to Eset's lack of ransomware behavior detection. The honeypots set up by its research division are quite effective in capturing emerging ransomware threats such as this one: https://www.bleepingcomputer.com/news/security/new-ransomware-attacks-in-ukraine-linked-to-russian-sandworm-hackers/ .

Link to comment
Share on other sites

13 hours ago, itman said:

I forgot that MRG Effitas

Hello itman,

From the links provided (and from AV comparatives in the last 5 years) it seems like Windows Defender performs better or at par , compared with all other paid solution.

So, why are people still pay good money for an illusion of "better" protection?????

Link to comment
Share on other sites

6 hours ago, czesetfan said:

Weak protection against ransomware. Do you have a guess how the currently introduced Intel TDT can help in the fight against this ? 

In my opinion, it doesn't help at all, since only a small number of computers have this new technology.

Link to comment
Share on other sites

2 hours ago, rotaru said:

Hello itman,

From the links provided (and from AV comparatives in the last 5 years) it seems like Windows Defender performs better or at par , compared with all other paid solution.

So, why are people still pay good money for an illusion of "better" protection?????

Very simple, because the other solutions have more tools against threats than Windows Defender.
For you to know this well, open windows defender and you will see the lack of tools to help you.

Link to comment
Share on other sites

  • ESET Insiders
2 hours ago, rotaru said:

Hello itman,

From the links provided (and from AV comparatives in the last 5 years) it seems like Windows Defender performs better or at par , compared with all other paid solution.

So, why are people still pay good money for an illusion of "better" protection?????

I can speak only for myself. I buy it because ESET performs better than MD on my system. I don't think that here is much difference in protection level but system impact is much smaller with ESET on my system. Since I encounter malware approx. once every ten years, 95% vs. 99% detection ration doesn't matter to me.

I also like that I can configure my AV how I like without having to use 3rd party tool or Gpedit /registry.

Link to comment
Share on other sites

46 minutes ago, New_Style_xd said:

Very simple, because the other solutions have more tools against threats than Windows Defender.
For you to know this well, open windows defender and you will see the lack of tools to help you.

Hello,

It is not important "how many tools you have" but rather how efficient are the tools you use.

This is what Defender has: do you think it is not enough????

DEfender settings.jpg

Link to comment
Share on other sites

12 minutes ago, Minimalist said:

because ESET performs better

ESET has minimum impact on PC performance, but computers these days are extremely fast.

Basically, with ESET a website will load in 0.05 sec while with another antivirus , 4 time slower, in 0.2 sec

The difference is not noticeable.

The difference in price it is : $150 for 3pc/3 year  vs ZERO.

Link to comment
Share on other sites

15 minutes ago, rotaru said:

This is what Defender has: do you think it is not enough????

The ability to configure MD advanced settings via a simple GUI interface  is only available via use of a third party tool such as thing one: https://www.ghacks.net/2018/10/29/configuredefender-windows-defender-configuration-tool/

Link to comment
Share on other sites

3 minutes ago, itman said:

The ability to configure MD advanced settings via a simple GUI interface  is only available via use of a third party tool

Yes, and what? It is a public free tool , with 3 buttons , anyone should be able to use.

ESET has , in exchange, at least several hundred settings combinations and still ads more with each version.

Link to comment
Share on other sites

8 hours ago, czesetfan said:

Do you have a guess how the currently introduced Intel TDT can help in the fight against this ? 

Quote

Intel(R) Threat Detection Technology comprises of a set of libraries and a public API interface that uses low level CPU telemetry data to perform early detection of advanced malware threats. It is intended for Independent Security Vendors (ISVs) and Cloud Service Providers (CSPs) to integrate with their security solutions and add signature less hardware based runtime threat detection capability. Through its solution stack Intel TDT enables deployment of advanced machine learning based classification and modeling algorithms to learn system behaviors and profile threats with CPU telemetry as feature vectors. Upon detection of malicious activity notifications are generated for further investigation and remediation by the integrating security application. TDT’s APIs, telemetry framework and Machine Learning pipeline also provide security applications the opportunity to build their own detection heuristics to address threats of interest to them.

More information can be found at https://01.org/intel-secl.

https://github.com/JUSDJTIN/lib-tdt

Bottom line - it will enable Eset to detect ransomware behavior at the CPU level. The given here is detection effectiveness is directly dependent upon the advanced machine learning algorithms and application of same by the security vendor. Note that Eset already deploys AML algorithms in its products. To date, the application of same has been restricted in scope. Most likely to reduce the incident of false positives. Assumed here is by relying on TDT's behavior anomaly triggering for initial detection, it will allow Eset to be more aggressive in its application of its own behavior algorithms.

I also don't know what Eset's problem is with restricting the scope of Intel processors covered. Of note:

Quote

TDT is only supported on Intel 6th generation (SkyLake) and later Core and Xeon CPU families at this time.

Edited by itman
Link to comment
Share on other sites

  • ESET Insiders
1 hour ago, rotaru said:

ESET has minimum impact on PC performance, but computers these days are extremely fast.

Basically, with ESET a website will load in 0.05 sec while with another antivirus , 4 time slower, in 0.2 sec

The difference is not noticeable.

The difference in price it is : $150 for 3pc/3 year  vs ZERO.

Yes I agree about website speed loading. The difference in speed when performing file related operations is much higher though.

At work I can compare MD and Panda when performing daily backup over network. It's around 5 GB in size, a lot of small files. With Panda installed it takes about 2 - 3 minutes, with MD enabled it takes 40 - 45 minutes. So the difference is huge in this situation.

I also agree that PCs are very fast so most people won't notice slowdown when using MD. Only after disabling it one can notice the difference in speed when performing file related operations.

Link to comment
Share on other sites

Another comment about Intel's TDT and it's built-in ransomware detection capability. It is only applicable to 11th+ generation processors; specifically Core vPro business-class processors. Hence Eset's only currently supporting this class of processors.

Quote

Intel Hardware Shield is a built-in security feature that out-of-the-box security protections directly to the CPU hardware, such as:

  • Helping to prevent malicious code injection by restricting memory access in the BIOS at runtime.
  • Dynamically launching the OS and hypervisor in an Intel® hardware–secured code environment inaccessible from firmware. This technique also helps verify that the operating system and its virtual environment are running directly on Intel hardware, as opposed to malware that is spoofing the hardware.
  • Providing operating system visibility into the BIOS- and firmware-protection methods used at boot time.

Intel TDT uses hardware telemetry to detect fileless malware, cryptomining, polymorphic malware, and ransomware in real-time based on CPU metrics and behavioral detections. When a threat is discovered, TDT will send signals to security software integrated with the platform to alert it of the threat.

"As threats are detected in real-time, Intel TDT sends a high-fidelity signal that can trigger remediation workflows in the security vendor's code. Intel TDT issues no specialized efficacy or performance reports; rather, the data is seamlessly incorporated as a part of normal endpoint sensor reporting," Intel's TDT product brief explains.

Intel TDT security featureIntel TDT security feature
Source: Intel

Intel TDT also allows security software to offload memory scans to the onboard Intel graphics engine for better performance.

As these features run directly on the CPU and run below any software, including the BIOS and firmware, it prevents malware from hiding from the hardware security features.

 

https://www.bleepingcomputer.com/news/security/intel-adds-hardware-based-ransomware-detection-to-11th-gen-cpus/

As the above illustrates, it is actually 11th gen. processor's Intel TDT that is detecting the ransomware behavior.

Edited by itman
Link to comment
Share on other sites

Even Microsoft Defender supports Intel TDT. But Microsoft's documents almost never mention home version in anything, even though many Endpoint features are supported. So, I'm not sure if home users also benefits from it.

Link to comment
Share on other sites

6 hours ago, rotaru said:

Hello,

It is not important "how many tools you have" but rather how efficient are the tools you use.

This is what Defender has: do you think it is not enough????

DEfender settings.jpg

As I said, and I need a third-party tool. you a third party tool, knowing who guarantees that this change will make the difference or the tool itself could be infected.

Link to comment
Share on other sites

1 minute ago, New_Style_xd said:

As I said, and I need a third-party tool. you a third party tool, knowing who guarantees that this change will make the difference or the tool itself could be infected.

I'm not who you quoted, but this tool is extremely popular for quite a few years now and is available on GitHub. So if downloaded from the source, it's always the real one. The dev is always active on the malwaretips forum. His apps are also signed and never publishes a new version before making sure it's not detected by any vendor. 

It's possible to verify from the app itself whether the changes have been made or not and there are other ways to verify also. So those are not the issues. MD is not bad nowadays, but has some other annoying issues here and there. 

Link to comment
Share on other sites

9 minutes ago, SeriousHoax said:

I'm not who you quoted, but this tool is extremely popular for quite a few years now and is available on GitHub. So if downloaded from the source, it's always the real one. The dev is always active on the malwaretips forum. His apps are also signed and never publishes a new version before making sure it's not detected by any vendor. 

It's possible to verify from the app itself whether the changes have been made or not and there are other ways to verify also. So those are not the issues. MD is not bad nowadays, but has some other annoying issues here and there. 

any malware has signature.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...