AVLab Feb 2019 - Online Banking Protection Test (Windows 10)

Hello @bjm_ ,

I am sorry I am not finding the information that you posted about Webroot failing. Did I miss it in the links you posted? Or am I not understanding the results of Webroot?

EDITED: Nevermind I found it. I just needed to scroll down. oops

Thank you,

I'm not overly thrilled with the results of these tests. Perhaps I'm misunderstanding them.

IMO adjusting heuristics will not do anything to help the Identity Shield so it's flawed and again shows they don't know how the features work....and don't know how to test. So is it a Online Banking test or a Malware Test? https://docs.webroot.com/us/en/home/wsa_pc_userguide/wsa_pc_userguide.htm#SettingPreferences/AdjustingHeuristics.htm%3FTocPath%3DSetting%2520Preferences%7C_____3

Identity Shield: https://docs.webroot.com/us/en/home/wsa_pc_userguide/wsa_pc_userguide.htm#UsingIdentityProtection/ManagingIdentityProtection.htm%3FTocPath%3DUsing%2520Identity%2520Protection%7C_____1

This is our next test from the series of comprehensive tests of various types of products for protection of computers and workstations. In February 2019, we tested dozens of solutions to protect the Windows 10 operating system, paying particular attention to the possibility of blocking malicious software and resisting attacks that are aimed at operations on online banking accounts. Less than half of the tested software has so-called special components for protection of online payments which have various names such as “Safe Money”, “Banking Mode”, or “Banking Protection”. Most of these modules are directly integrated with security suites, and thus can’t be used as separate software. These components add another layer of security, useful in situations when there is a need for confidential data protection while using online banking. We assume that a user has probably installed an antivirus product, so he entrusts the security of his finances to the developer who doesn’t necessarily provide to software dedicated and specialized modules for the protection of online purchases. Therefore, we decided to check which of the most popular solutions guarantee an unrivaled level of security, regardless of whether they have such technologies. The test was designed to simulate over a dozen different scenarios of attacks that had focused on theft of important data entered into a browser or data stored in Windows 10 with a security suite installed.
All solutions have been tested on default settings, however, it’s often the case that key protection components are disabled, such as anti-keylogger or anti-ARP poisoning. Probably there will never exist an application that will fully cover and secure all attack vectors, therefore education and effective use of appropriate software is very important. For this reason, all products have been tested on modified settings for the second time. We have enabled some features, changed a protection level to more aggressive or run so-called banking mode to check if modifications in settings have an impact on attacks detection and unknown malware blocking. It’s also a hint for developers who should consider the introduction of additional protection against popular attacks. They should also consider enabling features that aren’t activated by default.

Most of the malicious scripts used in the test were written in the Python programming language and compiled into EXE executable files using the PyInstaller tool. We have used the Bettercap 2+ tool for the man-in-the-middle attacks. The reader can treat samples from the test (on the day of testing) as completely undetectable for antivirus software. Malicious software has been sent to developers and should already be detected.
If in the test malware wasn’t blocked on the default settings, we tried to retry the test with a banking mode enabled by modifying protection in such a way that an unknown threat (or an attack) caused the alert to be displayed. We were trying to change settings of Internet firewall, IPS/IDS modules, HIPS, and even heuristic scanning to the maximum level. We were also enabling additional application control or protection against poisoning ARP tables.

In the test, we have presented the results for two types of attacks related to the man-in-the-middle technique. These attacks allow to listen transmitted messages between the device and the router in the LAN (not necessarily in the home network), and manipulate the website or steal logins and password. A protection against similar attacks is very important in public networks. In such places, MITM attacks are feasible, so the user device should be properly secured – the Internet traffic should preferably be encrypted using VPN.

TripleHelix wrote:

IMO adjusting heuristics will not do anything to help the Identity Shield so it's flawed and again shows they don't know how the features work....and don't know how to test.

Knowing how Webroot works and knowing how to best test Webroot is not relevant.
AVLab-Test-of-software-for-online-banking-protection was not designed nor intended to best show-off Webroot.
AVLab-Test-of-software-for-online-banking-protection was intended to report comparative results for various types of products.

Disagree with AVLab-Test comparative results. Disregard.

Hi ,

MITM Code Injecting Attack. The test verifies whether it’s possible to inject HTML and JavaScript code into websites. ( failed )

MITM Password Sniffing Attack. The test verifies whether it’s possible to capture confidential information from websites which are secured by SSL certificate. ( Failed )

What is test? and why webroot failed?

Regards ,

Amir