AV-Test.org - Defending against Ransomware: 28 Protection Solutions Put to the Test u

[harlan4096]

Defending against Ransomware: 28 Protection Solutions Put to the Test under Windows 10

The fight against ransomware is a two-front battle waged both on home PCs and corporate workstations. How well does security software protect against these diabolical encryption attackers? In the current November test, 15 Internet security suites for consumer users and 13 solutions for corporate users showed how well they stacked up in ten realistic scenarios against an attack via e-mail, script, macro or ransomware. The Advanced Threat Protection test proves that detection of the attacker alone is not always sufficient. That is why the lab clearly spells out in the test results all the steps, from the time the attack is launched until it is fended off – or until encryption occurs.

In its series of so-called Advanced Threat Protection tests, the lab at AV-TEST put 15 well-known Internet security suites for consumer users and 13 solutions for corporate users to the test under Windows 10. In ten defined scenarios, the testers explain step-by-step how the attacks unfold and what happens in between. The evaluation clearly shows that detection of malware alone does not always protect against the consequence of partial or complete encryption.

15 well-known protection packages for consumer users from the manufacturers Avast, AVG, Bitdefender, BullGuard, F-Secure, G DATA, Kaspersky, Malwarebytes, Microsoft, Microworld, Norton, PC Matic, Protected.net, Quick Heal and VIPRE Security were put to the test.

For corporate users, 13 endpoint solutions underwent a test regimen. The products involved were from Avast, Bitdefender (two versions), Comodo, F-Secure, G DATA, Kaspersky, Malwarebytes, Microsoft, Seqrite, Sophos, Symantec and VMware.

The overview tables of the 15 and 13 tested protection solutions respectively show the summarized evaluation of the 10 attacks and the maximum achievable score of 36 points in this November test. It should be noted that the maximum point score in Advanced Threat Protection differs from test to test. It is always dependent on the type of scenario and the number of steps evaluated in each phase, for which points are awarded accordingly.

28 protection packages put to the test: ransomware can also be fended off

In the classic tests involving malware prevention, there is always only the result "attacker identified" or "attacker not identified". In the Advanced Threat Protection tests, detection is only the first step recorded in the overall test regimen. All of the steps registered in the lab are later spelled out in the evaluation charts, which are modeled after a MITRE ATT&CK matrix graphic. That sounds complicated – but it's not. The chart clearly shows all the steps of an attack scenario and how the protection software reacts. If an assault is completely thwarted under one of the first two steps "Initial Access" or "Execution", the attack is considered successfully prevented, and a product receives the maximum points toward its protection score (3 to 4). As an easier overview, the field in the chart is then highlighted in green. If a field remains orange, the corresponding test item is considered unsuccessful (no detection). If there is an orange field at the end of the chart, the attack is considered undetected, whereas a yellow field indicates only partial detection of the attack. In terms of ransomware, this means that some, but not all, of the files were encrypted (some files encrypted). If the last field is highlighted in orange, everything was encrypted (files encrypted).

In the current November test, the products subjected to 10 attacks could achieve a possible 36 points for a maximum protection score. Those achieving lower scores experienced problems in one or more scenarios.
...

Full Report