My tests

Discussion in 'other anti-virus software' started by trjam, Oct 21, 2009.

Thread Status:
Not open for further replies.
  1. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    This is about as unscientific as can be and I would not even post it but it was the result that confused me. I found 5 rogue sites with the fake AV thing. It is actually getting pretty easy. I tried, Eset, G-Data, Avast Beta and MSE. The weird thing is, Eset, G-Data and MSE for the most part took care of them either not letting the web pages load, or soon there after but pretty much took care of them. Avast did not detect even one, either loading or since I was in ShadowMode, I even installed 2 of the fake AVs and ran scans with the beta and nothing. I do know how to set it up but something has to be wrong.

    Now for the others, all are getting better and catching this stuff. I kind of do this weekly just for my enjoyment and about a month ago, it was worse. But Avast Beta is weird.
     
  2. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    Oh, and no videos, just coffee.;)
     
  3. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    Some of the AVs are getting better at picking these fake software programs up, and that's got to be a bonus for users.
     
  4. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    yeah, in the last few weeks Eset has really tightened down. Before it would detect but the virus would get through. Lately, it has cleaned them with nothing MBAM could find afterwards. But the problem with Avast has to be on my end which is proof about doing this stuff and not being a expert in the field.
     
  5. nanana1

    nanana1 Frequent Poster

    Joined:
    Jun 22, 2007
    Posts:
    947
    Of the effective AV's, the only freeware AV is MSE.*puppy*
    Looks good for its future:cool:
     
  6. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    The problem though is if an AV, free or otherwise, doesn't detect the fake program and it's submitted for analysis, there's no guarantee it'll be added to their signatures simply because there's no malicious code therein.

    Admittedly some vendors are now dividing a bit more time to this area and are adding definitions, but it's probably something they wished they didn't have to do due to the files generally being 'clean'.
     
  7. Vladimyr

    Vladimyr Registered Member

    Joined:
    Feb 11, 2009
    Posts:
    461
    Location:
    Australia
    Wait and see!
    avast! 5.0.167 beta is still missing some detections and entire behaviour module, and is weeks away from release.
    Also I'm not sure that it works the same on a virtualized hard disk. E.g. I never use real-time detection with Returnil because the only time I did, weird things happened.
     
  8. Zimzi

    Zimzi Registered Member

    Joined:
    Jul 10, 2005
    Posts:
    289
    I have encountered sites with rogue software on which they altered the software code every few hours. So, at first the AV detected a rogue, and after a few hours would not.

    According to my experience Avast never had good detection of a rogue software, although, rogue software never considered as a big danger for experienced users.
     
  9. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    trjam, have you just dropped in binaries or was Network Shield also running? Because NS often blocks crap even if there are no definitions for binaries itself.
     
  10. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    Huh :doubt: they were just web sites and shields were all on.
     
  11. 1000db

    1000db Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    718
    Location:
    Missouri
    I tested MSE just last night with a couple Rogues (Cyber Security and a Fake Windows Defender) and MSE detected the former initially but didn't fully stop it. On a side note the more I use Shadow Defender the more impressed with it I am.

    MSE also classified both as FakeXPA FWIW.
     
  12. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    thats HARDLY true, ur counting a 5 sample test as the end all? please be a little more realistic. avast is a more than capable free AV.
     
  13. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    404
    Location:
    France
    Trjam,

    Don't you use the beta?

    If so, I am not sure the signatures are updated so often... (don't know why).

    The rogues are designed to run under LUA and therefore are more difficult to catch as the "trigger" has to be less tight (companies are more reluctant in this case as it creates more FP. So they mainly rely on direct signatures). As a consequence, if the update happens to be less often, it is normal you experiment a drop in recognition using signatures...
     
  14. nanana1

    nanana1 Frequent Poster

    Joined:
    Jun 22, 2007
    Posts:
    947
    You can throw another 500 sample tests at MSE and the results would still be quite the same.:cool:

    MSE really looking good and promising since its launch less than a month ago*puppy*
     
  15. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,752
    Location:
    Toronto Canada
    I'll take a large double cream thanks.;)
     
  16. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    can u say that with certainty? can u show me some hard proof of that? or is this another one of ur opinions? im sure MSE is good, but u cant say that its the ONLY good free av...
     
  17. tipo

    tipo Registered Member

    Joined:
    Dec 29, 2008
    Posts:
    440
    Location:
    romania
    the signature based security suites are not a solution anymore...they will never keep up with the rising number of malware...think of other solutions! ;)
     
  18. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    I can. As a very astute member here told me in private, they just have way to many resources and in the end it comes down to raw manpower. They are a machine that will get bigger and better. That is the reality of it.
     
  19. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    What would some of those solutions be for the average Windows user?
     
  20. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    MSE isn't a "signature based AV" the way you are thinking of it, their database isn't a series of hashes. "Signatures" in this case is the names of their heuristic/behavioral algorithms.
     
  21. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,306
    HI Jeff,

    Avast is a surprise to me. Have you posted on the Avast forums?

    Regards,
    Jerry
     
  22. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    yes and remember avast is still in beta, plus ive noticed the avast beta doesnt update very often... maybe once a day at most atm.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.