McAfee Total Protection & Windows Defender

Page 2 of 2 FirstFirst 12

  1. znop01
    Posts : 2
    New York
       New #11

    UsernameIssues said:
    znop01 said:
    I use McAfee Enterprise 8.7.0i and the Avast online Security (Google Chrome plugin/exstention) -- And, haven't had a virus, malware, trojan, worm, nor spyware attack -- they all get caught. Updating to version 8.8 tonight
    How could you know that "they all get caught"? Security apps are not going to alert you to unknown items/actions. McAfee's heuristics are not that good. Unknown things don't get caught: https://community.mcafee.com/thread/...art=0&tstart=0 The same can be said for Symantec Endpoint Protection (which I'm stuck with at work).

    At least Chrome is improving:
    Pwn2Own 2015: The year every web browser went down | ZDNet
    Pwn2Own 2016: Chrome, Edge, and Safari hacked, $460,000 awarded in total | VentureBeat | Security | by Emil Protalinski
    Perhaps, I should have said -- all attacks so far have been caught...
      My Computer
    Quote Quote

  3. UsernameIssues
    Posts : 10,485
    W7 Pro SP1 64bit
       New #12

    znop01 said:
    UsernameIssues said:
    znop01 said:
    I use McAfee Enterprise 8.7.0i and the Avast online Security (Google Chrome plugin/exstention) -- And, haven't had a virus, malware, trojan, worm, nor spyware attack -- they all get caught. Updating to version 8.8 tonight
    How could you know that "they all get caught"? Security apps are not going to alert you to unknown items/actions. McAfee's heuristics are not that good. Unknown things don't get caught: https://community.mcafee.com/thread/...art=0&tstart=0 The same can be said for Symantec Endpoint Protection (which I'm stuck with at work).

    At least Chrome is improving:
    Pwn2Own 2015: The year every web browser went down | ZDNet
    Pwn2Own 2016: Chrome, Edge, and Safari hacked, $460,000 awarded in total | VentureBeat | Security | by Emil Protalinski
    Perhaps, I should have said -- all attacks so far have been caught...
    I'm not trying to pick at your wording as much as I'm attempting to change your mindset. Your computer could have several infections right now and you might never know about them. Some infections have gone undetected for years. You just cannot say with certainty that all infections/attacks ("so far" or otherwise) are being detected/prevented.

    From here:
    Harbour and two colleagues from security consulting firm Mandiant were one of four teams to enter Defcon’s controversial “Race to Zero” virus-writing contest. His team, the “chicagostreetsweepers,” finished in six hours and picked up first-place honors.
    ~~~
    Defcon said it notified the two largest anti-virus software providers, McAfee and Symantec, about “Race to Zero,” but the companies declined to participate.
    I realize that the article quoted above is from 2008. Things have probably gotten worse since then. The contestants are not creating a new virus, they modify an existing/known/detectable virus so that it is no longer detectable by signature or heuristics.


    From here:
    More than 317 million new pieces of malware -- computer viruses or other malicious software -- were created last year. That means nearly one million new threats were released each day.
    The author of that article has the same flawed mindset. The quote above should read:
    More than 317 million new pieces of malware -- computer viruses or other malicious software -- were detected last year. That means nearly one million new threats were released each day.
    We have no way of knowing how many pieces of malware were created that went undetected.


    You might not want to do certain tasks online (e.g. banking).
      My Computer
    Quote Quote

  4. Callender
    Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       New #13

    Interesting recent test by VoodooShield developer - execution of malware samples and detection rates by top AV's including Norton, Avast & McAfee that have been mentioned in this thread. It's a long video but you can skip sections to see each AV in action.

      My Computer
    Quote Quote

  6. UsernameIssues
    Posts : 10,485
    W7 Pro SP1 64bit
       New #14

    White listing (done well) is probably the best protection. The "Race 2 Zero" contest is sponsored by a company that makes a security app that uses White Listing. None of the malware that the contestants created got thru the sponsor's security app. VoodooShield's claim to fame is the auto mode (so that the user does not have to authorize each app in the white list).

    VoodooShield is an excellent app; however, some comments about that video:
    The video is probably a great marketing tool. I wonder if VoodooShield's marketing department requested the test and the video or if the developers came up with the test method all by themselves.

    They make this statement, "once a single line of malicious code is allowed to run... all bets are off". Many of those 1000 files that they ran, probably never executed a single line of malicious code. The antivirus apps being tested opted not to flag the installer of the malware. We don't know if the antivirus apps would have stopped* each piece of malware once it was extracted from the installers.

    *stopped before "a single line of malicious code is allowed to run".

    It is unfair of VoodooShield to make this statement, "We figured 5 months was enough time for leading Antivirus software to sufficiently detect these known threats." The testing shown does not indicate that the Antivirus software involved was not going to deal with the infection once it was unpacked from the installer (before "a single line of malicious code is allowed to run"). The testing simply shows that the Antivirus software being tested does not handle the installers in a way that VoodooShield would.


    For the "non-installer files" that ran, but threw an error due to some missing file (presumably quarantined by the Antivirus software being tested): there was no analysis to determine if any harm was done. e.g. was a single line of malicious code allowed to run?

    VoodooShield seems to consider allowing a bad file to be written to the hard drive as a failure - even if the bad file never executed. That said, there were clearly some files that ran unabated. We just don't know how many or how damaging (if at all) they were.


    Caveats to the info above:
    I mainly focused on what I saw as the flawed handling of installers in the testing. Some of the infections being run in that video were not installers. The exe being run was the malicious app itself. There will be malware that some Antivirus software will intentionally not flag as malware. It is a subjective call as to what constitutes a malicious file or action. You will never get all of the Antivirus companies to agree on just what constitutes a malicious file or action. For example, I have multiple key loggers installed on this work laptop. Some Antivirus apps have quarantined some of them. Others recognize them as non-malicious.

    I know that an "installation screen" that is waiting for Next to be clicked might be a ruse. The installer might very well be doing malicious things without the need for user input. Without a careful analysis of the impact of running each of those 1000 apps, they really should not claim a level of failure on the part of any Antivirus software.
      My Computer
    Quote Quote

  7. Callender
    Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       New #15

    Hi UsernameIssues - all the points you make are valid. However Voodooshield is designed not to let any new (to the machine) executables run without the user's say so once the files have been analysed for safety. It might well block installers that are harmless unless the user doesn't pay attention to installation options.

    UsernameIssues said:
    The installer might very well be doing malicious things without the need for user input. Without a careful analysis of the impact of running each of those 1000 apps, they really should not claim a level of failure on the part of any Antivirus software.
    Good point!

    Personally I've been using whitelisting software for more than two years.

    Autopilot Mode is going to block anything considered unsafe by the app. Personally I prefer "Smart Mode" where I get to make the decisions.
    Last edited by Callender; 30 Jun 2016 at 12:19. Reason: add info
      My Computer
    Quote Quote

 
Page 2 of 2 FirstFirst 12

  Related Discussions
I am aware that users should only have a single anti virus app running on their system. Every month when I run the automatic updates, the Windows Defender application is installed automatically - it is turned off as McAfee AntiVirus Plus is installed on my laptop and it performs the same...
Mcafee Total Protection 2010
in System Security

Installation is very quick and easy. Taking up to 35-40 MB RAM when idle. :shock: 27800 Quick scan nearly takes 5 mins. 27803 Firewall is easily configurable. 27804
Hi, If I have Norton or McAFee as anti virus and security installed on my PC is there any added benefit in having Windows Defender active or is it safe to turn if off? Rgds Auld Bint
Note that this is the beta software and comprises ONLY Anti-virus and firewall protection. Beta Products | Home & Home Office | McAfee Their forum has some posts about it already. x86 seems to be OK and x64 seems to have one or two issues.
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 19:56.
Find Us