Jump to content

av-test.org results


Cavehomme
 Share

Recommended Posts

I've recently noticed that AV-Test have added Malwarebytes Premium to their testing schedule of AVs for Novemeber-December 2018. This might be old news for some of you, but I've not noticed a thread yet here.

https://www.av-test.org/en/antivirus/home-windows/windows-10/december-2018/malwarebytes-premium-3.6-184912/

Whilst the results could be better, especially on zero day, it's a way better result than in the SE Labs series of tests. Paired with Windows Defender and the Malwarebytes browser extension, it's a powerful approach to layered protection.

Link to post
Share on other sites

  • Staff

You're welcome :)

Yes, it's a very good article with some fascinating info.  By the way, just in case you were curious at all, you can learn more about how the individual components/layers in Malwarebytes Premium work to protect systems by thwarting malware/attacks at various phases of the kill chain/attack chain by reviewing the diagram and info on this page.  It also illustrates how nearly all of Malwarebytes' protection features work prior to the payload analysis phase that most AV/malware tests are centered around (things like blocking the source with Web Protection and defeating the exploits/malicious scripting etc. that attempt to download/execute malicious payloads to begin with through Exploit Protection etc.).

In that diagram, the only layers that actually go into action after the malware executable/payload/file has been downloaded are Anomaly Detection (the signature-less anomaly detection component which includes the cloud analysis/detection component), Payload Analysis (the Malware Protection component), and Behavior Monitoring (Ransomware Protection etc.) (and of course Remediation Engine, which is Malwarebytes' advanced threat removal technology such as DoR (Delete on Reboot) that kicks in once a threat has been detected along with the scan engine).

Edited by exile360
Link to post
Share on other sites

18 hours ago, exile360 said:

You're welcome :)

Yes, it's a very good article with some fascinating info.  By the way, just in case you were curious at all, you can learn more about how the individual components/layers in Malwarebytes Premium work to protect systems by thwarting malware/attacks at various phases of the kill chain/attack chain by reviewing the diagram and info on this page.  It also illustrates how nearly all of Malwarebytes' protection features work prior to the payload analysis phase that most AV/malware tests are centered around (things like blocking the source with Web Protection and defeating the exploits/malicious scripting etc. that attempt to download/execute malicious payloads to begin with through Exploit Protection etc.).

In that diagram, the only layers that actually go into action after the malware executable/payload/file has been downloaded are Anomaly Detection (the signature-less anomaly detection component which includes the cloud analysis/detection component), Payload Analysis (the Malware Protection component), and Behavior Monitoring (Ransomware Protection etc.) (and of course Remediation Engine, which is Malwarebytes' advanced threat removal technology such as DoR (Delete on Reboot) that kicks in once a threat has been detected along with the scan engine).

That's a good reminder, thanks.

By the way, just installed MWB firewall, formerly Binisoft, very nice and easy and unobtrusive. Looking forward to it being improved and integrated into MWB Pro. Hope it will still remain the option of WD being the the primary AV with MWB as the extra layers + extra firewall layer on top of WF.

Link to post
Share on other sites

10 minutes ago, Porthos said:

It is not an extra or an additional firewall. It just gives better control of the Windows firewall that is already included in Windows.

Hmm, perhaps that's been a bit pedantic? For me, an additional method to control WF is a "layer" 😉

Link to post
Share on other sites

15 minutes ago, Cavehomme said:

Hmm, perhaps that's been a bit pedantic? For me, an additional method to control WF is a "layer" 😉

Personally, I use the Windows firewall as is. Just wanted to point out, Most 3rd party firewalls disable the built-in firewall and engage their own firewall system. 

Link to post
Share on other sites

On a desktop behind a NAT Router with simplistic firewall capabilities or a NAT Router with a full Firewall implementation, I agree.  The Windows Firewall is just fine.

However...  On a portable system where you jump onto other people's networks, especially public ones, then I can see replacing the built-in Windows Firewall with a 3rd Party Firewall application.

Link to post
Share on other sites

2 minutes ago, David H. Lipman said:

On a portable system where you jump onto other people's networks, especially public ones, then I can see replacing the built-in Windows Firewall with a 3rd Party Firewall application.

That is a good case for a 3rd party.

Link to post
Share on other sites

1 hour ago, Porthos said:

It is not an extra or an additional firewall. It just gives better control of the Windows firewall that is already included in Windows.

 

25 minutes ago, David H. Lipman said:

On a desktop behind a NAT Router with simplistic firewall capabilities or a NAT Router with a full Firewall implementation, I agree.  The Windows Firewall is just fine.

However...  On a portable system where you jump onto other people's networks, especially public ones, then I can see replacing the built-in Windows Firewall with a 3rd Party Firewall application.

Why would it be less secure using Windows Firewall on a laptop connected to a public network when Windows identifies and sets the new network with a profile of "Public"?

Why is this insecure and a third party firewall would be more secure? Genuinely interested.

Link to post
Share on other sites

  • Staff

I don't know, to me, closed is closed, so as long as the firewall (be it the built in Windows Firewall, a WFP based front-end/replacement for the Windows Firewall using the same APIs, or a third party firewall) is keeping all the ports closed/stealthed as they should be and Windows has all the appropriate sharing/remote etc. protocols locked down/disabled (the Public profile configuration) then I don't see a real difference.  The big advantage, to me, of a third party/more granular firewall is for inside-out communications, i.e. greater control over the programs that communicate with the web.  The local network stuff that you have to be concerned with on a public Wi-Fi connection/network don't really translate to suddenly requiring a more granular firewall, at least based on what I've learned of such things.  The main thing is just keeping things closed/locked down to prevent other devices on the network from gaining access which should be fairly straightforward for any firewall and even Windows itself.

That said, if you're dealing with the class of hacker that can and does bypass those kinds of protections on public networks, no beefed up third party firewall is going to stop them any better than the more standard WFP stuff would, and anyway, since Microsoft themselves recommend that all firewall devs use WFP they are all going to be subject to the same kinds of potential vulnerabilities that might exist in the protocol regardless of how robust their implementation might be; at least that's my take on it.

Reference Windows Filtering Platform for more info.

The other threat is a man-in-the-middle attack where the attacker might try to alter traffic through DNS manipulation/packet manipulation and the like, but since that takes place outside your system, no firewall is going to aid you in dealing with those kinds of threats as it all comes down to the security of the internet connection itself and so tools like VPNs and DNS encryption protocols become much more important (i.e. TOR, VPN tunneling tools, proxies, encryption protocols like DNSSEC, HTTPS, and DNSCrypt etc.).

Edited by exile360
Link to post
Share on other sites

30 minutes ago, exile360 said:

I don't know, to me, closed is closed, so as long as the firewall (be it the built in Windows Firewall, a WFP based front-end/replacement for the Windows Firewall using the same APIs, or a third party firewall) is keeping all the ports closed/stealthed as they should be and Windows has all the appropriate sharing/remote etc. protocols locked down/disabled (the Public profile configuration) then I don't see a real difference.  The big advantage, to me, of a third party/more granular firewall is for inside-out communications, i.e. greater control over the programs that communicate with the web.  The local network stuff that you have to be concerned with on a public Wi-Fi connection/network don't really translate to suddenly requiring a more granular firewall, at least based on what I've learned of such things.  The main thing is just keeping things closed/locked down to prevent other devices on the network from gaining access which should be fairly straightforward for any firewall and even Windows itself.

That said, if you're dealing with the class of hacker that can and does bypass those kinds of protections on public networks, no beefed up third party firewall is going to stop them any better than the more standard WFP stuff would, and anyway, since Microsoft themselves recommend that all firewall devs use WFP they are all going to be subject to the same kinds of potential vulnerabilities that might exist in the protocol regardless of how robust their implementation might be; at least that's my take on it.

Reference Windows Filtering Platform for more info.

The other threat is a man-in-the-middle attack where the attacker might try to alter traffic through DNS manipulation/packet manipulation and the like, but since that takes place outside your system, no firewall is going to aid you in dealing with those kinds of threats as it all comes down to the security of the internet connection itself and so tools like VPNs and DNS encryption protocols become much more important (i.e. TOR, VPN tunneling tools, proxies, encryption protocols like DNSSEC, HTTPS, and DNSCrypt etc.).

Thanks Exile, I'm not an expert but I've used loads of 3rd firewalls over the years and I agree with you. Adding Binisoft / MWB to WF should deal with unsolicited connection attempts I would hope, but as you say, you can probably never be 100% sure in any scenario. Unless a person is a serious amateur or a pro, and configures their firewall very tightly with many rules, I cannot otherwise see yet a benefit to a third party firewall versus WF+Binisoft/MWB to the vast majority of users. I could be very wrong and I await any more explanations from any other user to highlight any issues.

Link to post
Share on other sites

  • Staff
1 minute ago, Amaroq_Starwind said:

This is why I love the CloudFlare DNS; on top of being extremely fast, your DNS queries are encrypted. So while it isn't a true VPN, it's still just a little bit harder to snoop on and interfere with.

Yep, I use Simple DNSCrypt (which uses both DNSSEC along with the DNSCrypt protocol) for this very reason.  I also have it configured so that it randomly rotates between multiple DNS servers to disperse my traffic across multiple providers/routes thus further randomizing my traffic.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.