Volume 10 , Issue 1 , PP: 18-33, 2022 | Cite this article as | XML | Html | PDF | Full Length Article
Faisal A. Garba 1 * , Rosemary M. Dima 2 , A. Balarabe Isa 3 , A. Abdulrazaq Bello 4 , A. Sarki Aliyu 5 , F. Umar Yarima 6 , S. Abbas Ibrahim 7
Doi: https://doi.org/10.54216/JCIM.090105
There is a general assumption that one must purchase costly antivirus software products to defend one’s computer system. However, if one is using the Windows Operating System, the question that arises is whether one needs to purchase antivirus software or not. The Windows operating system has a market share of 31.15% behind Android with a market share of 41.56% worldwide amongst all the operating systems. This makes Windows a prime target for hacking due to its large user base. Windows 11 a recent upgrade to the Windows operating system has claimed to have taken its security to the next level. There is a need to evaluate the capability of the Windows 11 default security against antivirus evasion tools. This research investigated the capability of Windows 11 default security by evaluating it against 6 free and open-source antivirus evasion tools: TheFatRat, Venom, Paygen, Defeat Defender, Inflate and Defender Disabler. The criteria for the selection of the antivirus evasion tools were free and open source and recently updated. A research lab was set up using Oracle VirtualBox where two guest machines were installed: a Windows 11 victim machine and the Kali Linux attacking machine. The antivirus evasion tools were installed on the Kali Linux machine one at a time to generate a malware and pass it to the victim machine. Apache web server was used in holding the malicious sample for the Windows 11 victim machine to download. A score of 2 was awarded to an antivirus evasion tool that successfully evaded the Windows 11 security and created a reverse connection with the attacking machine. From the research results: TheFatRat had a 25% evasion score, Venom had 20% while the rest had a 0% evasion score. None of the payloads generated with the antivirus evasion tools was able to create a connection with the Kali Linux attacking machine. The research results imply that the default Windows 11 security is good enough to stand on its own. A third-party antivirus solution will only supplement the already good protection capability of Windows 11.
malware , antivirus , evasion , Windows
[1] Koret, J., &Bachaalany, E. (2015). The Antivirus Hacker’s Handbook. Indianapolis: John Wiley & Sons, Inc.
[2] Baker, E. (2018). Evaluating the Necessity of Third-Party Antivirus Software. University of Skovde.
[3] Garba, F. A., Abdullahi, F. U., Abba, A., Yarima, F. U., Zakari, Z. A., Musa, A. L., et al. (2021). Evaluating Antivirus Evasion Tools Against Bitdefender. FINTECH-2021: International Conference on Fintech Opportunities and Challenges, Iqra University, Pakistan. Pakistan: Iqra University.
[4] JavatPoint. (2021). What is Windows? Retrieved April 24, 2022, from Javat Point: https://www.javatpoint.com/windows.
[5] GlobalStats, S. (2022, March). Operating System Market Share Worldwide. Retrieved April 23, 2022, from StatcounterGlobalStats: https://gs.statcounter.com/os-market-share
[6] Baxter, D., Hanson, M., &Weatherbed, J. (2022, February 04). Windows 11 features, pricing and everything you need to know. Retrieved April 21, 2022, from Techradar: https://www.techradar.com/news/windows-11-home-and-pro
[7] Olenick, D. (2021, June 25). Sizing Up the Security Features Slated for Windows 11. Retrieved April 23, 2022, from Bank Info Security: https://www.bankinfosecurity.com/sizing-up-securityfeatures- in-windows-11-a-16943
[8] Hachman, M. (2022, April 5). This new Windows 11 security feature will force you to reset your PC. Retrieved April 23, 2022, from PC World: https://www.pcworld.com/article/629717/this-newwindows- 11-security-feature-will-force-you-to-reset-your-pc.html
[9] David Weston . (2022, April 5). New security features for Windows 11 will help protect hybrid work. Retrieved April 12, 2022, from
Microsoft:https://www.microsoft.com/security/blog/2022/04/05/new-security-features-for-windows- 11-will-help-protect-hybrid-work/.
[10] Gatlan, S. (2022, April 5). Microsoft announces new Windows 11 security, encryption features. Retrieved April 23, 2022, from Bleeping Computer:
https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-new-windows-11- security-encryption-features/
[11] Garba, F. A. (2019). The Anatomy of Cyber Attack: Dissecting the Cyber Kill Chain. Scientific and Practical Cyber Security Journal (SPCSJ) , 29-44.
[12] Blackhat. (2020, February 2). Offensive Security Tool: TheFatRat.Retrieved July 26,2021, from Blackhat Ethical Hacking.
[13] JavaRockstar. (2017, February 18). TheFatRat Tutorial – Generate Undetectable Payload FUD, Bypass Anti-Virus, Gain Remote Access. Retrieved July 26, 2021, from Hacking Vision:https://hackingvision.com/2017/02/18/the-fat-rat-tutorial-pwnwinds/.
[14] HackeRoyale. (2020, 6, 27). How FatRat Can Be Used To Create Exploits For Hacking: Tutorial. Retrieved July 26, 2021, from HackeRoyale: https://www.hackeroyale.com/fatrat-massiveexploit- tool/.
[15] Rahalkar, S., &Jaswal, N. (2019). The Complete Metasploit Guide.Packt Publishing.
[16] Microsoft. (2022, May 13). Protect security settings with tamper protection. Retrieved May 15, 2022, from Microsoft: https://docs.microsoft.com/en-us/microsoft-365/security/defenderendpoint/ prevent-changes-to-security-settings-with-tamper-protection?view=o365-worldwide.
[17] Adam, A. S., &Sufyanu, Z. (2021). Performance Comparison of PyRAT and Phantom Antivirus Software. Sule Lamido UniversityJournal of Science and Technology, 65-72.
[18] Dogonyaro, N. M., Victor, W. O., Shafii, A. M., & Obada, S. L. (2021). Comparative Performance Analysis of Anti-virus Software. Springer Nature Switzerland AG.
[19] Botacin, M., Ceschin, F., Geus, P., &Grégio, A. (2020). We need to talk about antiviruses: challenges & pitfalls of AV. Computers & Security , 1-15.
[20] Adam, A. S., Sufyanu, Z., Sani, T., & Idris, A. (2020). Evaluating the Effectiveness of Antivirus Evasion Tools against Windows Platform.FUDMA Journal of Sciences, 89 – 92.
[21] Panagopoulos, I. (2020). Antivirus Evasion Methods. Piraeus.