Faisal A. Garba, Rosemary M. Dima, A. B. Isa, A. Bello, A. Aliyu, F. U. Yarima, S. A. Ibrahim
{"title":"Windows操作系统下第三方杀毒软件的必要性再评估","authors":"Faisal A. Garba, Rosemary M. Dima, A. B. Isa, A. Bello, A. Aliyu, F. U. Yarima, S. A. Ibrahim","doi":"10.54216/jcim.090105","DOIUrl":null,"url":null,"abstract":"There is a general assumption that one must purchase costly antivirus software products to defend one’s computer system. However, if one is using the Windows Operating System, the question that arises is whether one needs to purchase antivirus software or not. The Windows operating system has a market share of 31.15% behind Android with a market share of 41.56% worldwide amongst all the operating systems. This makes Windows a prime target for hacking due to its large user base. Windows 11 a recent upgrade to the Windows operating system has claimed to have taken its security to the next level. There is a need to evaluate the capability of the Windows 11 default security against antivirus evasion tools. This research investigated the capability of Windows 11 default security by evaluating it against 6 free and open-source antivirus evasion tools: TheFatRat, Venom, Paygen, Defeat Defender, Inflate and Defender Disabler. The criteria for the selection of the antivirus evasion tools were free and open source and recently updated. A research lab was set up using Oracle VirtualBox where two guest machines were installed: a Windows 11 victim machine and the Kali Linux attacking machine. The antivirus evasion tools were installed on the Kali Linux machine one at a time to generate a malware and pass it to the victim machine. Apache web server was used in holding the malicious sample for the Windows 11 victim machine to download. A score of 2 was awarded to an antivirus evasion tool that successfully evaded the Windows 11 security and created a reverse connection with the attacking machine. From the research results: TheFatRat had a 25% evasion score, Venom had 20% while the rest had a 0% evasion score. None of the payloads generated with the antivirus evasion tools was able to create a connection with the Kali Linux attacking machine. The research results imply that the default Windows 11 security is good enough to stand on its own. A third-party antivirus solution will only supplement the already good protection capability of Windows 11.","PeriodicalId":169383,"journal":{"name":"Journal of Cybersecurity and Information Management","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Re-Evaluating the Necessity of Third-Party Antivirus Software on Windows Operating System\",\"authors\":\"Faisal A. Garba, Rosemary M. Dima, A. B. Isa, A. Bello, A. Aliyu, F. U. Yarima, S. A. Ibrahim\",\"doi\":\"10.54216/jcim.090105\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"There is a general assumption that one must purchase costly antivirus software products to defend one’s computer system. However, if one is using the Windows Operating System, the question that arises is whether one needs to purchase antivirus software or not. The Windows operating system has a market share of 31.15% behind Android with a market share of 41.56% worldwide amongst all the operating systems. This makes Windows a prime target for hacking due to its large user base. Windows 11 a recent upgrade to the Windows operating system has claimed to have taken its security to the next level. There is a need to evaluate the capability of the Windows 11 default security against antivirus evasion tools. This research investigated the capability of Windows 11 default security by evaluating it against 6 free and open-source antivirus evasion tools: TheFatRat, Venom, Paygen, Defeat Defender, Inflate and Defender Disabler. The criteria for the selection of the antivirus evasion tools were free and open source and recently updated. A research lab was set up using Oracle VirtualBox where two guest machines were installed: a Windows 11 victim machine and the Kali Linux attacking machine. The antivirus evasion tools were installed on the Kali Linux machine one at a time to generate a malware and pass it to the victim machine. Apache web server was used in holding the malicious sample for the Windows 11 victim machine to download. A score of 2 was awarded to an antivirus evasion tool that successfully evaded the Windows 11 security and created a reverse connection with the attacking machine. From the research results: TheFatRat had a 25% evasion score, Venom had 20% while the rest had a 0% evasion score. None of the payloads generated with the antivirus evasion tools was able to create a connection with the Kali Linux attacking machine. The research results imply that the default Windows 11 security is good enough to stand on its own. A third-party antivirus solution will only supplement the already good protection capability of Windows 11.\",\"PeriodicalId\":169383,\"journal\":{\"name\":\"Journal of Cybersecurity and Information Management\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1900-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Cybersecurity and Information Management\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.54216/jcim.090105\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Cybersecurity and Information Management","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.54216/jcim.090105","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Re-Evaluating the Necessity of Third-Party Antivirus Software on Windows Operating System
There is a general assumption that one must purchase costly antivirus software products to defend one’s computer system. However, if one is using the Windows Operating System, the question that arises is whether one needs to purchase antivirus software or not. The Windows operating system has a market share of 31.15% behind Android with a market share of 41.56% worldwide amongst all the operating systems. This makes Windows a prime target for hacking due to its large user base. Windows 11 a recent upgrade to the Windows operating system has claimed to have taken its security to the next level. There is a need to evaluate the capability of the Windows 11 default security against antivirus evasion tools. This research investigated the capability of Windows 11 default security by evaluating it against 6 free and open-source antivirus evasion tools: TheFatRat, Venom, Paygen, Defeat Defender, Inflate and Defender Disabler. The criteria for the selection of the antivirus evasion tools were free and open source and recently updated. A research lab was set up using Oracle VirtualBox where two guest machines were installed: a Windows 11 victim machine and the Kali Linux attacking machine. The antivirus evasion tools were installed on the Kali Linux machine one at a time to generate a malware and pass it to the victim machine. Apache web server was used in holding the malicious sample for the Windows 11 victim machine to download. A score of 2 was awarded to an antivirus evasion tool that successfully evaded the Windows 11 security and created a reverse connection with the attacking machine. From the research results: TheFatRat had a 25% evasion score, Venom had 20% while the rest had a 0% evasion score. None of the payloads generated with the antivirus evasion tools was able to create a connection with the Kali Linux attacking machine. The research results imply that the default Windows 11 security is good enough to stand on its own. A third-party antivirus solution will only supplement the already good protection capability of Windows 11.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
