Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: McAfee Total Protection & Windows Defender

29 Jun 2016   #11
znop01

New York
 
 

Quote   Quote: Originally Posted by UsernameIssues View Post
Quote   Quote: Originally Posted by znop01 View Post
I use McAfee Enterprise 8.7.0i and the Avast online Security (Google Chrome plugin/exstention) -- And, haven't had a virus, malware, trojan, worm, nor spyware attack -- they all get caught. Updating to version 8.8 tonight
How could you know that "they all get caught"? Security apps are not going to alert you to unknown items/actions. McAfee's heuristics are not that good. Unknown things don't get caught: https://community.mcafee.com/thread/...art=0&tstart=0 The same can be said for Symantec Endpoint Protection (which I'm stuck with at work).

At least Chrome is improving:
Pwn2Own 2015: The year every web browser went down | ZDNet
Pwn2Own 2016: Chrome, Edge, and Safari hacked, $460,000 awarded in total | VentureBeat | Security | by Emil Protalinski
Perhaps, I should have said -- all attacks so far have been caught...


My System SpecsSystem Spec
.
29 Jun 2016   #12
UsernameIssues

W7 Pro SP1 64bit
 
 

Quote   Quote: Originally Posted by znop01 View Post
Quote   Quote: Originally Posted by UsernameIssues View Post
Quote   Quote: Originally Posted by znop01 View Post
I use McAfee Enterprise 8.7.0i and the Avast online Security (Google Chrome plugin/exstention) -- And, haven't had a virus, malware, trojan, worm, nor spyware attack -- they all get caught. Updating to version 8.8 tonight
How could you know that "they all get caught"? Security apps are not going to alert you to unknown items/actions. McAfee's heuristics are not that good. Unknown things don't get caught: https://community.mcafee.com/thread/...art=0&tstart=0 The same can be said for Symantec Endpoint Protection (which I'm stuck with at work).

At least Chrome is improving:
Pwn2Own 2015: The year every web browser went down | ZDNet
Pwn2Own 2016: Chrome, Edge, and Safari hacked, $460,000 awarded in total | VentureBeat | Security | by Emil Protalinski
Perhaps, I should have said -- all attacks so far have been caught...
I'm not trying to pick at your wording as much as I'm attempting to change your mindset. Your computer could have several infections right now and you might never know about them. Some infections have gone undetected for years. You just cannot say with certainty that all infections/attacks ("so far" or otherwise) are being detected/prevented.

From here:
Quote:
Harbour and two colleagues from security consulting firm Mandiant were one of four teams to enter Defcon’s controversial “Race to Zero” virus-writing contest. His team, the “chicagostreetsweepers,” finished in six hours and picked up first-place honors.
~~~
Quote:
Defcon said it notified the two largest anti-virus software providers, McAfee and Symantec, about “Race to Zero,” but the companies declined to participate.
I realize that the article quoted above is from 2008. Things have probably gotten worse since then. The contestants are not creating a new virus, they modify an existing/known/detectable virus so that it is no longer detectable by signature or heuristics.


From here:
Quote:
More than 317 million new pieces of malware -- computer viruses or other malicious software -- were created last year. That means nearly one million new threats were released each day.
The author of that article has the same flawed mindset. The quote above should read:
Quote:
More than 317 million new pieces of malware -- computer viruses or other malicious software -- were detected last year. That means nearly one million new threats were released each day.
We have no way of knowing how many pieces of malware were created that went undetected.


You might not want to do certain tasks online (e.g. banking).
My System SpecsSystem Spec
29 Jun 2016   #13
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Interesting recent test by VoodooShield developer - execution of malware samples and detection rates by top AV's including Norton, Avast & McAfee that have been mentioned in this thread. It's a long video but you can skip sections to see each AV in action.

My System SpecsSystem Spec
.

30 Jun 2016   #14
UsernameIssues

W7 Pro SP1 64bit
 
 

White listing (done well) is probably the best protection. The "Race 2 Zero" contest is sponsored by a company that makes a security app that uses White Listing. None of the malware that the contestants created got thru the sponsor's security app. VoodooShield's claim to fame is the auto mode (so that the user does not have to authorize each app in the white list).

VoodooShield is an excellent app; however, some comments about that video:
The video is probably a great marketing tool. I wonder if VoodooShield's marketing department requested the test and the video or if the developers came up with the test method all by themselves.

They make this statement, "once a single line of malicious code is allowed to run... all bets are off". Many of those 1000 files that they ran, probably never executed a single line of malicious code. The antivirus apps being tested opted not to flag the installer of the malware. We don't know if the antivirus apps would have stopped* each piece of malware once it was extracted from the installers.

*stopped before "a single line of malicious code is allowed to run".

It is unfair of VoodooShield to make this statement, "We figured 5 months was enough time for leading Antivirus software to sufficiently detect these known threats." The testing shown does not indicate that the Antivirus software involved was not going to deal with the infection once it was unpacked from the installer (before "a single line of malicious code is allowed to run"). The testing simply shows that the Antivirus software being tested does not handle the installers in a way that VoodooShield would.


For the "non-installer files" that ran, but threw an error due to some missing file (presumably quarantined by the Antivirus software being tested): there was no analysis to determine if any harm was done. e.g. was a single line of malicious code allowed to run?

VoodooShield seems to consider allowing a bad file to be written to the hard drive as a failure - even if the bad file never executed. That said, there were clearly some files that ran unabated. We just don't know how many or how damaging (if at all) they were.


Caveats to the info above:
I mainly focused on what I saw as the flawed handling of installers in the testing. Some of the infections being run in that video were not installers. The exe being run was the malicious app itself. There will be malware that some Antivirus software will intentionally not flag as malware. It is a subjective call as to what constitutes a malicious file or action. You will never get all of the Antivirus companies to agree on just what constitutes a malicious file or action. For example, I have multiple key loggers installed on this work laptop. Some Antivirus apps have quarantined some of them. Others recognize them as non-malicious.

I know that an "installation screen" that is waiting for Next to be clicked might be a ruse. The installer might very well be doing malicious things without the need for user input. Without a careful analysis of the impact of running each of those 1000 apps, they really should not claim a level of failure on the part of any Antivirus software.
My System SpecsSystem Spec
30 Jun 2016   #15
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Hi UsernameIssues - all the points you make are valid. However Voodooshield is designed not to let any new (to the machine) executables run without the user's say so once the files have been analysed for safety. It might well block installers that are harmless unless the user doesn't pay attention to installation options.

Quote   Quote: Originally Posted by UsernameIssues View Post
The installer might very well be doing malicious things without the need for user input. Without a careful analysis of the impact of running each of those 1000 apps, they really should not claim a level of failure on the part of any Antivirus software.
Good point!

Personally I've been using whitelisting software for more than two years.

Autopilot Mode is going to block anything considered unsafe by the app. Personally I prefer "Smart Mode" where I get to make the decisions.
My System SpecsSystem Spec
Reply

 McAfee Total Protection & Windows Defender




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Windows Defender Real-Time Protection - Turn On or Off
How to Turn Windows Defender Real-Time Protection On or Off in Windows 7 Windows Defender real-time spyware protection runs in the background and alerts you when spyware and other potentially unwanted software attempts to install itself or run on your computer. This will show you how to...
Tutorials
McAfee AntiVirusPlus and Windows Defender
I am aware that users should only have a single anti virus app running on their system. Every month when I run the automatic updates, the Windows Defender application is installed automatically - it is turned off as McAfee AntiVirus Plus is installed on my laptop and it performs the same...
System Security
Mcafee Total Protection 2010
Installation is very quick and easy. Taking up to 35-40 MB RAM when idle. :shock: Quick scan nearly takes 5 mins. Firewall is easily configurable.
System Security
Windows Defender With Norton or McAFee ?
Hi, If I have Norton or McAFee as anti virus and security installed on my PC is there any added benefit in having Windows Defender active or is it safe to turn if off? Rgds Auld Bint
System Security
McAfee Total Protection Beta Now Windows 7 Compatible
Note that this is the beta software and comprises ONLY Anti-virus and firewall protection. Beta Products | Home & Home Office | McAfee Their forum has some posts about it already. x86 seems to be OK and x64 seems to have one or two issues.
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 17:32.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App