I'm testing AV products against zeroday malware

Cool! When can we expect this review on YT?

 

ImmunetProtect Done and Uploading

Fesecure 2010 done and Uploading

Twister Anti Virus done and uplodating

How I would personally rate these products..

Twister stood out big time to me.. Fesecure, and Immunet let a lot get by... Both detected similiar stuff, but the machine was totally hosed to the point no return lol

My twister review is a long video.. I threw stuff at it, and then found more to throw at it.. Played with settings etc.. Probably will be up in an hour or two.

 

could u test the latest avast v5 beta?

 

Sure..

 

Just finished Avast 5.. Starting to upload it.. Did very good, but missed a fake av that redirects your Internet Explorer constantly.

 

That's not very surprising for F secure, it does a great job at missing stuff IMHO.

 

http://www.youtube.com/watch?v=TX5QVvpeXfI

ImmunetProtect review

 

would be interested to know if zonealarm 2010 does as well as kaspersky 2010.

 

Kaspersky 2010 did well.. That ircbot got by but the kaspersky expert up above said that it deleted what needed to be deleted to render it useless. Other than that it was perfect.

 

I really have to ask - what is anyone learning from this exercise?

By learning I mean acquiring knowledge/understanding that has some long term value. Sure, throw some stuff against a bunch of products, get some nice visual feedback of the action, and somehow keep score (whatever that means in this case). However, does any of this equip anyone to make an informed decision on anything at all?

I have to tell you, I'm at a bit of a loss over the commotion being shown here.

Blue

 

I thought it was me but I won't decide one way or the other from the info given here if I use one AV over another. As they say to crowds that gather for no reason, "ok folks nothing happening here move along"...I know I'll be burned but that's my 2 cents and FWIW is anybody going to chg a AV based on a small sample

 

did u send the sample to avast?

 

The reviews obviously show you how well different security products test against malware--which can help you make an easy decision on what anti-malware product you want to use. It also keeps you aware of how well products basically perform.

So, what's your point?

 

My point is that if you believe this type of activity provides an unambiguous and useful metric of product performance, IMHO you're sadly mistaken. Obviously, you appear to disagree.

Blue

 

Hi Blue,

to be honest, I couldn't give a hoot over how well the different products do against the tests. What interests me is whether or not the VM environment at least shields the host environment from the malware samples, and whether or not any VM getting destroyed requires no more than the reverting to a previous snapshot by the user.

 

Of course, the only way to do that test is to dispense with the "AV test", run the collection of samples in an unprotected environment, and hope that they're not VM aware.

Blue

 

I guess we should trust av-comparatives, and all the tests that mainly test stuff that is already out there.. Let's face it, zero day redirects are what most of us with a layered defense run up against anymore.. Plus I do see a trend with certain products that are always in the dark or totally miss most of the malware out there.. What metric would you use in determining how well a product performs? I apologize if I don't really find a lot of these big name testers reviews as a useful metric considering I see different results in the real world of what works, and what does not..

 

I also disagree. The guy has already stated he is no expert, and is doing it for his own personal gain. I doubt anybody is going to change they're AV because of it. He is being nice enough to test products because people asked him too. Then a Admin. comes and basically bashes him for no reason. How useful is that?

 

Plus I am doing this to mainly familiarize myself with products.. There really is nothing scientific, or set in stone when I review these.. It's something I would be doing in my spare time that I am sharing.. Take it for what it's worth.. I am only interested in finding zero days, and seeing how well these products keep them off the machine..

 

Of course, I already stated that I'm not throwing 100,000s of collected samples.. I am just taking the newest threats out in the wild, and throwing anyhwere from 10-20 at a product to see the different mechanisms, and detection methods the product uses to stop it.. I could careless about viruses that are 2-3 weeks old, and thrown at a product.. Websense, ironport, etc does good at stopping older redirects.. Plus I use a Software Restriction Policy through Active Directory..

 

I never said I disagreed. I was commenting on how you seemed to be completely disregarding the knowledge you actually gain from the reviews.

 

I have installed zonealarm and will test it later tonight or tomorrow..

 

First of all, Bradtech is sharing his zero day testing with the Wilders community which is something we don't see often except for Matt at Remove Malware and Languy99. Secondly, there are those who literally rejoices that their product is doing good and later becomes a "A versus B" thread. As long as this doesn't come to fruition or something alike, I'm sure the administrator don't mind it.

 

I would like to add that out of the ten or twenty samples I throw up against a product.. The next ten to twenty may be something totally different.. Take the reviews for what they are worth.. How a certain product goes up against new variants released by some virus maker on that day.. I am more interested in behavior aspects of the products.. Products that do not rely totally on signatures.

 

Agreed.