Jump to content

Is this real?


Recommended Posts

I stopped watching due to the testers methodology. A normal user would not have a folder of pre downloaded samples to run. That alone bypasses web protection and exploit protection right there.

All "testers" that do it this way are just wrong. And are just doing it to make Malwarebytes look bad for clicks and views.

  • Thanks 1
Link to post
Share on other sites

2 hours ago, Porthos said:

I stopped watching due to the testers methodology. A normal user would not have a folder of pre downloaded samples to run. That alone bypasses web protection and exploit protection right there.

All "testers" that do it this way are just wrong. And are just doing it to make Malwarebytes look bad for clicks and views.

To be fair, indendent labs like AV-TEST and AV-Comparatives use the same methodology for some of their tests.

Link to post
Share on other sites

  • Root Admin
33 minutes ago, EndangeredPootisBird said:

To be fair, indendent labs like AV-TEST and AV-Comparatives use the same methodology for some of their tests.

Yes, they're still quite unrealistic, but since everyone wants to see these sorts of comparisons the AV companies try to comply and make their software do well on them if possible.

We have reached out to review the ryuk sample used to check and see why it was missed.

Thanks

 

Link to post
Share on other sites

5 hours ago, AdvancedSetup said:

why it was missed.

 

Brilliant idea!


Also can you tell me how an expert will do the test? Very thank you!

8 hours ago, HexagonT said:

 

I am feeling a little embarrassed now. 

 

I remembered a quote from somebody:


"Asking a question is embarrassing for a moment, but not asking is embarrassing for a lifetime."

So it is good to ask this question!

Edited by HexagonT
Change from “Good idea!” to “Brilliant idea!”
Link to post
Share on other sites

14 minutes ago, HexagonT said:

Is this real too? This looks a lot more realistic since it uses a different method and the results are good.

https://inv.riverside.rocks/watch?v=lEiQVIP9gmg

 

Directly executing scripts and files from the disk is never an realistic scenario, an realistic scenario would require starting from the beginning of the attack chain, be it an drive-by-download attack, malicious macros, exploitation of vulnerabilities, you also need to launch files from directories like network drives, file sharing folders, etc.

  • Thanks 1
Link to post
Share on other sites

Antivirus software are woefully inadequate nowadays, its exactly why the results from independent lab are so dangerous, because it causes people to think antiviruses actually somehow provide 100% protection, meaning they dont bother using common sense when they surf on the internet or open emails.

Even the most advanced security products that the worlds largest businesses use can be easily bypassed, as shown by an retired penetration tester

 

https://vanmieghem.io/blueprint-for-evading-edr-in-2022/

 

The way forward in terms of protection is via an Default-Deny/Zero Trust approach, only allowing trusted code to run on an device while blocking anything unknown, its exactly what I am running on my computer,

 

Windows Defender, thanks to the tool Hard_Configurator 
 

https://github.com/AndyFul/Hard_Configurator

 

I can lock down certain aspects of my system, such as blocking any script (JavaScript, Visual Basic Script, Powershell, etc) which can be used to bypass protection.

and with the tool ConfigureDefender

https://github.com/AndyFul/ConfigureDefender

I can configure Windows Defender to block anything unknown with the

Attack Surface Reduction rule

Block executable files from running unless they meet a prevalence, age, or trusted list criterion
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#block-executable-files-from-running-unless-they-meet-a-prevalence-age-or-trusted-list-criterion

and the Cloud Protection Level set to "Block". I also have had no false positives as I have always stayed to trusted programs.

 

Edited by AdvancedSetup
Corrected font issue
Link to post
Share on other sites

@AdvancedSetup

The learning curve isnt too difficult even for people with little knowledge on how the tools work, as the tools I mentioned doesnt require knowing everything, for Hard_Configurator you just have to allow EXE, TMP and MSI files in Whitelist By Path to allow executiom of executables like .exe and .msi installers, while blocking scripts that legitimate applications very rarely require for them to work.

And for ConfigureDefender its just setting the Cloud Protection Level to Block and setting Block executable files from running unless they meet a prevalence, age, or trusted list criterion to On/Warn, latter of which is more user friendly as it allows unblocking files via an notifications from Defender.

You can also exclude files via either Windows Defender's Exclusions if it detects something legitimate as malicious, or ConfigureDefender's ASR Exclusions if the Block executable files from running unless they meet a prevalence, age, or trusted list criterion rule or other ASR rules blocks something legitimate, which only takes like 15 seconds to do.

Edited by AdvancedSetup
Corrected font issue
Link to post
Share on other sites

  • Root Admin
7 minutes ago, EndangeredPootisBird said:

The learning curve isnt too difficult even for people with little knowledge on how the tools work,

Once you've supported millions of users you'll quickly change your mind on that thought. I've been doing computer support for over 30 years now and you see a lot of people that cannot even find or launch Notepad on their own. Using forum software is beyond the scope of the vast majority of users on a computer.

Anyways... no need to beat a dead horse over this

 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.