Antivirus product self-protection test #2 from Anti-Malware Test Lab

And il wait for that day

 

People always forget that if the antivirus is not disabled by malware, it can still receive definition updates and has some potential to remove the malware. You could interact with tech support/virus lab and they can release a virus definition for you.

What I mean is that you could get infected on monday but tuesday's definition update would fix it. Once the AV is disabled, this is not possible anymore.

 

But then it will start all over again with 128 bit

 

Yes correct but it doesn't change the fact that the AV has flat out failed. If it was a keylogger you've already potentially lost your bank acocunt details, secret passwords. If it was a worm it could have already replicated to other storage means or completely replaced critical files you need with copies of itself. Basically, you could have potentially lost a lot of money/work.

 

Again, if the security software has a HIPS/BB (or other similar) component, they still have a large chance of blocking the malware.

As far as I've heard Windows 8 will still have support for running 32-bit apps. I think it must have since most software at the moment is 32-bit (and Windows 8 should be released in two years if MS decides to follow it's plans on releasing an OS every 3 years).

 

Yes but that isn't what is being tested. If it had HIPS you don't really need self-defense.

 

i don`t see prevx. i bet it`s way harder to crack than kaspersky...

 

The HIPS I run protects all the other security apps I run. That HIPS itself is well-protected. Invulnerable? Of course (well, sort of).

 

According to most I have seen and this for an example Windows 8 will possibly be 64 and 128 bit. http://news.softpedia.com/news/128-bit-Windows-8-and-Windows-9-Explored-by-Microsoft-123691.shtml Though the 64 bit may run 32 bit software as it does now if a 128 bit version emerges it is not like that it will run 32 bit software, as the current 64 bit will not run anything 16 bit. I expect any of these vendors still programming 32 bit security software at that point won't be around for long. As BoerenkoolMetWorst mentioned, then starts the 128 bit problem. I hope they make a better effort to keep up with that than they have 64 bit.

 

Hahaha.... Check Prevx forum. Check last ten builds. Each build was vulnerable to same type of threat. They improved self-protection in each build. Check latest build beta. They are still working on self-defense. Kaspersky products have strongest self-defense.

 

yet, they were unable to secure their own website...

There is no point of having 100% self-protection when you download rogue when trying to get that above mentioned "best self-defended" software

 

Kaspersky defends itself quite well. YMMV whether it defends anything else on your machine that well. Getting past it is easier than getting rid of it. True of several products.

 

what happened to kaspersky, happens to all vendors. Kaspersky is a very good product and this little instance does by no means take away from how effective the product is. Anyone thinking so, needs to go ahead and decorate their house for Christmas.

 

Self-defense has nothing to do with website. Websites attacks are much common now a day. Even Microsoft, Symantec, and other sites were compromised in last two months. Some vendors disclose such information responsible, but some do not mention that their site was attacked. Moreover, Kaspersky USA site was hacked, not Kaspersky global site (Russian). Website hacking has not harmed you, but with weaken security, you will be

 

I do agree with you.
But the same thing can be said about quite a lot of products aswell.

I just wanted to show how bashing other products and fanboism looks stupid if you look at it as a third person.

 

They could have tested the version of NIS 2011, I'm sure that would achieve better results.

Congratulations to Kaspersky.

 

Some pending questions before evaluating the validity of such test.

Provided that the normal way to use a computer should be under LUA, or provided that UAC restricts by defaults admin level actions in Win 7, most of the tests, supposed then to run with limited rights, and trying to modify registry keys or to access threads with higher rights should be denied by defaults.
How were set up the OSes then? With admin rights and with UAC turned off?

 

site security and pc security is different thing site runs on servers where you have to open ports try to open few ports of your system and dont download rough even you see the difference.

many antivirus sites hacked but they never mention

secondly if you notice the KIS remove the latest build for their server just for user security sake and they are checking what happened or may be putting new servers

and last you get your ans here in bottom line

https://www.wilderssecurity.com/showthread.php?t=284754&page=2

 

I will ask you a question which has to do with the Broad Frame of the Anti-Malware Industry.
It is a Theoretical Question and has Nothing to do
with the Respective Test/Tester (i.e. Anti-Malware Test Lab):

Within a given Geographic location, do Testers and Vendors always interact in a lawful and ethical way?
For example, what if the -Way Security software is trying to be Compromised-
is revealed (or even worse sold) to the Vendors of a specific Geographic Region
and in turn, they are well-prepared for the Test?

Once again, this has Nothing to do with the
Respective Test/Tester (i.e. Anti-Malware Test Lab).

 

so its hard to shut down kis 2011 to stop it screwing your machine up,great! lol

 

In some cases the vendors know well in advance the date of the tests and can therefore make sure that on that date all updates are as good as they can be re protection and false+ves as for knowing which tests will be used to try and shut down a product,they may have prior warning of those as well so can bolster the product defences to suit I suppose

 

I don't want to start making guesses about possible conspiracy theories, because it's always endless discussion. People always like to think that "the evil unreliable Russians are cheating again!" I'll try to stick with known facts or basic logic.

Just wanted to point out, that in traditional detection tests antiviruses might get advantage according to their location. Russian AV might be faster in adding virus records for Russian samples, and US AV might react faster to US samples. Russian AV might score better in Russian test where samples are collected from honeypot located in Russia.

If the test is about different ways to attack the AV, the techniques are same whether you are in Mongolia or Peru. I don't think there is a country specific way to modify process memory or unload drivers. The operating systems are same world wide, and therefore are the attacks.

 

Its not a conspiracy to state with some tests the vendors do know the date and can prepare for the test to optimise their results:-the VB100 tests spring to mind,they have always given dates of tests in advance

 

I have no idea about the used OS settings, but I think the AV's should be capable of ensuring their operation/functionality in all circumstances and with every possible OS settings. I guess the best AV in this area(self-protection)is the one that can still function and keep up protection in all scenarios?

 

I was asked if the testing organisations always interact with ethical and lawful ways when geography is concerned, and I simply don't know the right answer. It is possible but since no one can prove it with valid evidence, I see it turning to a typical conspiracy discussion where everything is suspicious.

Regarding VB, AV-comparatives and such tests it's not conspiracy to inform about test dates, because all vendors get the same information. What I understood from the original question, was that some antiviruses are given "special information" because they are from same country as the testing organisation. For example, Nigerian testing organisations giving advantage to Nigerian products. Trying to discuss about this will lead to what I mentioned previously.

However, I wanted to explain what I meant with my original "geo argument"