This is about as unscientific as can be and I would not even post it but it was the result that confused me. I found 5 rogue sites with the fake AV thing. It is actually getting pretty easy. I tried, Eset, G-Data, Avast Beta and MSE. The weird thing is, Eset, G-Data and MSE for the most part took care of them either not letting the web pages load, or soon there after but pretty much took care of them. Avast did not detect even one, either loading or since I was in ShadowMode, I even installed 2 of the fake AVs and ran scans with the beta and nothing. I do know how to set it up but something has to be wrong. Now for the others, all are getting better and catching this stuff. I kind of do this weekly just for my enjoyment and about a month ago, it was worse. But Avast Beta is weird.
Some of the AVs are getting better at picking these fake software programs up, and that's got to be a bonus for users.
yeah, in the last few weeks Eset has really tightened down. Before it would detect but the virus would get through. Lately, it has cleaned them with nothing MBAM could find afterwards. But the problem with Avast has to be on my end which is proof about doing this stuff and not being a expert in the field.
The problem though is if an AV, free or otherwise, doesn't detect the fake program and it's submitted for analysis, there's no guarantee it'll be added to their signatures simply because there's no malicious code therein. Admittedly some vendors are now dividing a bit more time to this area and are adding definitions, but it's probably something they wished they didn't have to do due to the files generally being 'clean'.
Wait and see! avast! 5.0.167 beta is still missing some detections and entire behaviour module, and is weeks away from release. Also I'm not sure that it works the same on a virtualized hard disk. E.g. I never use real-time detection with Returnil because the only time I did, weird things happened.
I have encountered sites with rogue software on which they altered the software code every few hours. So, at first the AV detected a rogue, and after a few hours would not. According to my experience Avast never had good detection of a rogue software, although, rogue software never considered as a big danger for experienced users.
trjam, have you just dropped in binaries or was Network Shield also running? Because NS often blocks crap even if there are no definitions for binaries itself.
I tested MSE just last night with a couple Rogues (Cyber Security and a Fake Windows Defender) and MSE detected the former initially but didn't fully stop it. On a side note the more I use Shadow Defender the more impressed with it I am. MSE also classified both as FakeXPA FWIW.
thats HARDLY true, ur counting a 5 sample test as the end all? please be a little more realistic. avast is a more than capable free AV.
Trjam, Don't you use the beta? If so, I am not sure the signatures are updated so often... (don't know why). The rogues are designed to run under LUA and therefore are more difficult to catch as the "trigger" has to be less tight (companies are more reluctant in this case as it creates more FP. So they mainly rely on direct signatures). As a consequence, if the update happens to be less often, it is normal you experiment a drop in recognition using signatures...
You can throw another 500 sample tests at MSE and the results would still be quite the same. MSE really looking good and promising since its launch less than a month ago
can u say that with certainty? can u show me some hard proof of that? or is this another one of ur opinions? im sure MSE is good, but u cant say that its the ONLY good free av...
the signature based security suites are not a solution anymore...they will never keep up with the rising number of malware...think of other solutions!
I can. As a very astute member here told me in private, they just have way to many resources and in the end it comes down to raw manpower. They are a machine that will get bigger and better. That is the reality of it.
MSE isn't a "signature based AV" the way you are thinking of it, their database isn't a series of hashes. "Signatures" in this case is the names of their heuristic/behavioral algorithms.
yes and remember avast is still in beta, plus ive noticed the avast beta doesnt update very often... maybe once a day at most atm.