Damjan 11 Posted November 24, 2022 Share Posted November 24, 2022 Eset win: Advanced Threat Protection Test 2022 - Consumer - AV-Comparatives 👏 micasayyo 1 Link to comment Share on other sites More sharing options...
rotaru 15 Posted November 24, 2022 Share Posted November 24, 2022 6 hours ago, Damjan said: Eset win: Advanced Threat Protection Test 2022 - Consumer - AV-Comparatives 👏 ESET, worst performer in : https://www.av-comparatives.org/tests/real-world-protection-test-july-october-2022/ ESET: 98.9% Microsoft Defender (free) :99.5% Link to comment Share on other sites More sharing options...
Damjan 11 Posted November 25, 2022 Author Share Posted November 25, 2022 Microsoft Defender vs Ransomware 2022 (crypto virus). Windows Defender is not good: Link to comment Share on other sites More sharing options...
itman 1,781 Posted November 25, 2022 Share Posted November 25, 2022 1 hour ago, Damjan said: Microsoft Defender vs Ransomware 2022 (crypto virus). Windows Defender is not good Since you referred to a PC Security Channel test, here is an Eset Internet Security test against ransomware: https://www.youtube.com/watch?v=ps7XNo-DOmI&list=PLRs8fqjYD5ILw73zeNeEXpwoP9Swk13qD&index=18 that was performed a while back. Comparing to two test results shows WD does have behavior detection capability against 0-day ransomware whereas, EIS does not. Since the Eset test is a bit dated, a retest of EIS would be required before a definitive conclusion can be had on current Eset 0-day ransomware protection capability. micasayyo 1 Link to comment Share on other sites More sharing options...
MartinPe 10 Posted November 25, 2022 Share Posted November 25, 2022 Would love to see AV-Comparative do a test with Eset Premium with Live Guard. I am curious if it would fare better than the Internet Security. Or even on the PC Security Channel. Link to comment Share on other sites More sharing options...
itman 1,781 Posted November 25, 2022 Share Posted November 25, 2022 3 minutes ago, MartinPe said: Would love to see AV-Comparative AV-C doesn't get into simulated malware testing per se. Note that in AV-C APT tests, real malware is deployed via advanced methods such Win trusted LoL processes. A better source would be MRG Effitas Link to comment Share on other sites More sharing options...
New_Style_xd 70 Posted November 25, 2022 Share Posted November 25, 2022 In several tests done over the years, Eset always loses to Kaspersky in ransomware. Link to comment Share on other sites More sharing options...
itman 1,781 Posted November 25, 2022 Share Posted November 25, 2022 (edited) I forgot that MRG Effitas which tests Eset's business products; i.e. Eset Endpoint Security, performs simulated ransomware tests for behavior capability as part of its yearly 360 test series. Eset failed to get ransomware certified in the following tests: https://www.mrg-effitas.com/wp-content/uploads/2022/02/MRG_Effitas_360_Q4_2021.pdf https://www.mrg-effitas.com/wp-content/uploads/2022/08/MRG_Effitas_360_Q2_2022v3.pdf https://www.mrg-effitas.com/wp-content/uploads/2022/11/MRG_Effitas_360_Q3_2022-final.pdf Bottom line here is one would be well advised to deploy Eset's recommended HIPS and firewall rules against ransomware. These will protect you at least against the commonly known attack vectors used by ransomware. Edited November 26, 2022 by itman rotaru 1 Link to comment Share on other sites More sharing options...
itman 1,781 Posted November 26, 2022 Share Posted November 26, 2022 There is a positive side though to Eset's lack of ransomware behavior detection. The honeypots set up by its research division are quite effective in capturing emerging ransomware threats such as this one: https://www.bleepingcomputer.com/news/security/new-ransomware-attacks-in-ukraine-linked-to-russian-sandworm-hackers/ . Link to comment Share on other sites More sharing options...
czesetfan 29 Posted November 26, 2022 Share Posted November 26, 2022 Quote itman Weak protection against ransomware. Do you have a guess how the currently introduced Intel TDT can help in the fight against this ? Link to comment Share on other sites More sharing options...
rotaru 15 Posted November 26, 2022 Share Posted November 26, 2022 13 hours ago, itman said: I forgot that MRG Effitas Hello itman, From the links provided (and from AV comparatives in the last 5 years) it seems like Windows Defender performs better or at par , compared with all other paid solution. So, why are people still pay good money for an illusion of "better" protection????? Link to comment Share on other sites More sharing options...
New_Style_xd 70 Posted November 26, 2022 Share Posted November 26, 2022 6 hours ago, czesetfan said: Weak protection against ransomware. Do you have a guess how the currently introduced Intel TDT can help in the fight against this ? In my opinion, it doesn't help at all, since only a small number of computers have this new technology. Link to comment Share on other sites More sharing options...
New_Style_xd 70 Posted November 26, 2022 Share Posted November 26, 2022 2 hours ago, rotaru said: Hello itman, From the links provided (and from AV comparatives in the last 5 years) it seems like Windows Defender performs better or at par , compared with all other paid solution. So, why are people still pay good money for an illusion of "better" protection????? Very simple, because the other solutions have more tools against threats than Windows Defender. For you to know this well, open windows defender and you will see the lack of tools to help you. Link to comment Share on other sites More sharing options...
ESET Insiders Minimalist 16 Posted November 26, 2022 ESET Insiders Share Posted November 26, 2022 2 hours ago, rotaru said: Hello itman, From the links provided (and from AV comparatives in the last 5 years) it seems like Windows Defender performs better or at par , compared with all other paid solution. So, why are people still pay good money for an illusion of "better" protection????? I can speak only for myself. I buy it because ESET performs better than MD on my system. I don't think that here is much difference in protection level but system impact is much smaller with ESET on my system. Since I encounter malware approx. once every ten years, 95% vs. 99% detection ration doesn't matter to me. I also like that I can configure my AV how I like without having to use 3rd party tool or Gpedit /registry. micasayyo 1 Link to comment Share on other sites More sharing options...
rotaru 15 Posted November 26, 2022 Share Posted November 26, 2022 46 minutes ago, New_Style_xd said: Very simple, because the other solutions have more tools against threats than Windows Defender. For you to know this well, open windows defender and you will see the lack of tools to help you. Hello, It is not important "how many tools you have" but rather how efficient are the tools you use. This is what Defender has: do you think it is not enough???? Link to comment Share on other sites More sharing options...
rotaru 15 Posted November 26, 2022 Share Posted November 26, 2022 12 minutes ago, Minimalist said: because ESET performs better ESET has minimum impact on PC performance, but computers these days are extremely fast. Basically, with ESET a website will load in 0.05 sec while with another antivirus , 4 time slower, in 0.2 sec The difference is not noticeable. The difference in price it is : $150 for 3pc/3 year vs ZERO. Link to comment Share on other sites More sharing options...
itman 1,781 Posted November 26, 2022 Share Posted November 26, 2022 15 minutes ago, rotaru said: This is what Defender has: do you think it is not enough???? The ability to configure MD advanced settings via a simple GUI interface is only available via use of a third party tool such as thing one: https://www.ghacks.net/2018/10/29/configuredefender-windows-defender-configuration-tool/ Link to comment Share on other sites More sharing options...
rotaru 15 Posted November 26, 2022 Share Posted November 26, 2022 3 minutes ago, itman said: The ability to configure MD advanced settings via a simple GUI interface is only available via use of a third party tool Yes, and what? It is a public free tool , with 3 buttons , anyone should be able to use. ESET has , in exchange, at least several hundred settings combinations and still ads more with each version. Link to comment Share on other sites More sharing options...
itman 1,781 Posted November 26, 2022 Share Posted November 26, 2022 (edited) 8 hours ago, czesetfan said: Do you have a guess how the currently introduced Intel TDT can help in the fight against this ? Quote Intel(R) Threat Detection Technology comprises of a set of libraries and a public API interface that uses low level CPU telemetry data to perform early detection of advanced malware threats. It is intended for Independent Security Vendors (ISVs) and Cloud Service Providers (CSPs) to integrate with their security solutions and add signature less hardware based runtime threat detection capability. Through its solution stack Intel TDT enables deployment of advanced machine learning based classification and modeling algorithms to learn system behaviors and profile threats with CPU telemetry as feature vectors. Upon detection of malicious activity notifications are generated for further investigation and remediation by the integrating security application. TDT’s APIs, telemetry framework and Machine Learning pipeline also provide security applications the opportunity to build their own detection heuristics to address threats of interest to them. More information can be found at https://01.org/intel-secl. https://github.com/JUSDJTIN/lib-tdt Bottom line - it will enable Eset to detect ransomware behavior at the CPU level. The given here is detection effectiveness is directly dependent upon the advanced machine learning algorithms and application of same by the security vendor. Note that Eset already deploys AML algorithms in its products. To date, the application of same has been restricted in scope. Most likely to reduce the incident of false positives. Assumed here is by relying on TDT's behavior anomaly triggering for initial detection, it will allow Eset to be more aggressive in its application of its own behavior algorithms. I also don't know what Eset's problem is with restricting the scope of Intel processors covered. Of note: Quote TDT is only supported on Intel 6th generation (SkyLake) and later Core and Xeon CPU families at this time. Edited November 26, 2022 by itman Link to comment Share on other sites More sharing options...
ESET Insiders Minimalist 16 Posted November 26, 2022 ESET Insiders Share Posted November 26, 2022 1 hour ago, rotaru said: ESET has minimum impact on PC performance, but computers these days are extremely fast. Basically, with ESET a website will load in 0.05 sec while with another antivirus , 4 time slower, in 0.2 sec The difference is not noticeable. The difference in price it is : $150 for 3pc/3 year vs ZERO. Yes I agree about website speed loading. The difference in speed when performing file related operations is much higher though. At work I can compare MD and Panda when performing daily backup over network. It's around 5 GB in size, a lot of small files. With Panda installed it takes about 2 - 3 minutes, with MD enabled it takes 40 - 45 minutes. So the difference is huge in this situation. I also agree that PCs are very fast so most people won't notice slowdown when using MD. Only after disabling it one can notice the difference in speed when performing file related operations. Link to comment Share on other sites More sharing options...
itman 1,781 Posted November 26, 2022 Share Posted November 26, 2022 (edited) Another comment about Intel's TDT and it's built-in ransomware detection capability. It is only applicable to 11th+ generation processors; specifically Core vPro business-class processors. Hence Eset's only currently supporting this class of processors. Quote Intel Hardware Shield is a built-in security feature that out-of-the-box security protections directly to the CPU hardware, such as: Helping to prevent malicious code injection by restricting memory access in the BIOS at runtime. Dynamically launching the OS and hypervisor in an Intel® hardware–secured code environment inaccessible from firmware. This technique also helps verify that the operating system and its virtual environment are running directly on Intel hardware, as opposed to malware that is spoofing the hardware. Providing operating system visibility into the BIOS- and firmware-protection methods used at boot time. Intel TDT uses hardware telemetry to detect fileless malware, cryptomining, polymorphic malware, and ransomware in real-time based on CPU metrics and behavioral detections. When a threat is discovered, TDT will send signals to security software integrated with the platform to alert it of the threat. "As threats are detected in real-time, Intel TDT sends a high-fidelity signal that can trigger remediation workflows in the security vendor's code. Intel TDT issues no specialized efficacy or performance reports; rather, the data is seamlessly incorporated as a part of normal endpoint sensor reporting," Intel's TDT product brief explains. Intel TDT security feature Source: Intel Intel TDT also allows security software to offload memory scans to the onboard Intel graphics engine for better performance. As these features run directly on the CPU and run below any software, including the BIOS and firmware, it prevents malware from hiding from the hardware security features. https://www.bleepingcomputer.com/news/security/intel-adds-hardware-based-ransomware-detection-to-11th-gen-cpus/ As the above illustrates, it is actually 11th gen. processor's Intel TDT that is detecting the ransomware behavior. Edited November 26, 2022 by itman Link to comment Share on other sites More sharing options...
SeriousHoax 87 Posted November 26, 2022 Share Posted November 26, 2022 Even Microsoft Defender supports Intel TDT. But Microsoft's documents almost never mention home version in anything, even though many Endpoint features are supported. So, I'm not sure if home users also benefits from it. Link to comment Share on other sites More sharing options...
New_Style_xd 70 Posted November 26, 2022 Share Posted November 26, 2022 6 hours ago, rotaru said: Hello, It is not important "how many tools you have" but rather how efficient are the tools you use. This is what Defender has: do you think it is not enough???? As I said, and I need a third-party tool. you a third party tool, knowing who guarantees that this change will make the difference or the tool itself could be infected. Link to comment Share on other sites More sharing options...
SeriousHoax 87 Posted November 26, 2022 Share Posted November 26, 2022 1 minute ago, New_Style_xd said: As I said, and I need a third-party tool. you a third party tool, knowing who guarantees that this change will make the difference or the tool itself could be infected. I'm not who you quoted, but this tool is extremely popular for quite a few years now and is available on GitHub. So if downloaded from the source, it's always the real one. The dev is always active on the malwaretips forum. His apps are also signed and never publishes a new version before making sure it's not detected by any vendor. It's possible to verify from the app itself whether the changes have been made or not and there are other ways to verify also. So those are not the issues. MD is not bad nowadays, but has some other annoying issues here and there. Link to comment Share on other sites More sharing options...
New_Style_xd 70 Posted November 26, 2022 Share Posted November 26, 2022 9 minutes ago, SeriousHoax said: I'm not who you quoted, but this tool is extremely popular for quite a few years now and is available on GitHub. So if downloaded from the source, it's always the real one. The dev is always active on the malwaretips forum. His apps are also signed and never publishes a new version before making sure it's not detected by any vendor. It's possible to verify from the app itself whether the changes have been made or not and there are other ways to verify also. So those are not the issues. MD is not bad nowadays, but has some other annoying issues here and there. any malware has signature. Link to comment Share on other sites More sharing options...
Recommended Posts