I'm testing AV products against zeroday malware

Discussion in 'other anti-virus software' started by bradtech, Oct 12, 2009.

Thread Status:
Not open for further replies.
  1. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371
    This is what I was talking about earlier. Things like prevx and spyware doc, that seems nothing can get by, with the multitude of newer technologies they use.I have a bunch of files that Eset and a couple others blatantly ignore and have no clue whatsoever that they are viruses.Eset and a couple other companies are going to fall behind fast because of threatfire and other newer technologies, unless they come up with something new of their own or enhance their " advanced heuristics "

    NOD32 and others will be thought of as traditional old fashioned signature based anti's.
     
  2. bradtech

    bradtech Guest

    Mcafee VirusScan Plus with Artemis has been reviewed, and it uploading.
     
  3. bradtech

    bradtech Guest

    Only thing holding back Spyware Doctor, and Threatfire is their backend corporate solutions.. PrevX's back end is nice, and I have played with it..
     
  4. bradtech

    bradtech Guest

    New Spyware Doctor has Game Mode, and Power Save mode while your on a laptop running off battery.. I am on my laptop right now with it on..
     
  5. xandros

    xandros Registered Member

    Joined:
    Oct 30, 2006
    Posts:
    411
    Where is comodo internet security o_O
     
  6. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    The firewall has some enhanced security features- leaktest type and HIPS. I am assuming the same features are in the security suite.

    Would be nice to see Avira Premium tested as it has an http scanner which could help it do better in your tests.

    How did ZoneAlarm w/ av do?
     
  7. bradtech

    bradtech Guest

    I have decided to do it over again in the future.. After some infections got past, the vm became unstable, and would not start up after a reboot. It was doing okay with detection rates up till that variant got through and destroyed the VM Guest
     
  8. bradtech

    bradtech Guest

    Mcafee with Artemis protection is up
     
  9. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Looking forward to your GeSWall vids, Brad. I just viewed the Prevx tests. These are great fun to watch. No way would I encounter this assortment and these substantial numbers of nasties on my own, so I am grateful for the chance to see the software I use in action. Thank you! :)
     
  10. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    Have any idea if the threatfire in PCT av/as is the same version as the free stand alone threatfire product? I would not mind giving PCT a try but am not really wanting to bork my keyboard again.

    McAfee did better than I figured it would. I have tried VIPRE the past few days and things were going fine until I loaded up Opera.

    I guess another of the big boys that would be nice to test would be Gdata. It has the Bitdefender/Avast engines and pretty consistently scores near the top in on demand tests. Would be interesting to see how it does in real time.
     
  11. bradtech

    bradtech Guest

    250 MB download for G-Data.. Wow!!!
     
  12. bradtech

    bradtech Guest

    Also I asked PCTools about the differences between TF standlone and the TF in Spyware Doc.. I'd like to know also.
     
  13. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    FWIW- here is a leak test results page where the latest PCTools firewall did very well. The tests are detailed at the bottom of the latest results.

    http://www.matousec.com/projects/proactive-security-challenge/results.php

    Interesting Threatfire blog here-
    http://blog.threatfire.com/

    I am pretty sure some people still run the PCT firewall alongside Threatfire. FWIU- In the firewall Enhanced Security Verification needs to be enabled to get most of the leaktest results.
     
    Last edited: Oct 16, 2009
  14. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371
    I only use NOD32 3.0 mostly, but I play around with a bunch of others.The stuff that slips by me with 3.0 mabe would be cought with NOD32 4.0 but I don't know how big a difference between the 2 as far as detection ( if any ).All I'm saying is, Eset better have a pretty impressive NOD32 5.0 to be able to compete with Spyware Doc with threatfire, Mcafee with Artemis and a few of the others out there.I'm pretty sure Eset allready stated they have no plans to use cloud technology.
     
  15. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371
    Hip Hop Hooray ! I found a malware site list thats up to the minute current.NOD32 3.0 I must say doesn't do too shabby, holds it's own either by the site being added to the internal list of NOD updates and blocking access, or catches the virus at the site and blocks the site, either / or ..... I also been using a site for the last couple years with actual links to viruses, most of the links I click on NOD32 catches and blocks / quarantines :D
     
  16. Inspector Clouseau

    Inspector Clouseau AV Expert

    Joined:
    Apr 2, 2006
    Posts:
    1,329
    Location:
    Maidenhead, UK
    Honestly i don't think it's a good idea to "promote" such kinds of hobby AV testing in a public forum. People read it and try it out at home and get infected. It just takes a couple of exploits and the wrong AV settings (or AV that doesn't detect it) and you're infected. There are ALWAYS people that read such stuff and try it without secured environment. And even VM ware isn't secure as soon as you use bridged network access for your internet connection!

    If somebody from the AV industry writes that users replying with "Oh maybe they don't wanna get tested because they know they suck". That's not the case.

    Antivirus and other Security Solutions Companies were build TO PROTECT THE USERS IN THE BEST POSSIBLE WAY. THEY WEREN'T BUILD TO WIN AV TESTS.

    That's being said it's our ~Snip~ responsibility to point out that you can get infected if you don't have any knowledge about malware and just try this at home. There's many undetected stuff out there - even stuff that is undetected by *all*. I just found yesterday a couple of DLL files that were not detected by a single engine at virustotal. So you may download something that is something else than you expected (even if it's already clear that you try to download specific malware; it may be double infected)
    That means you can't even tell if your real machine is infected now without having the knowledge to determine YOURSELF without Internet or other AV's that something is malicious.
     
    Last edited by a moderator: Oct 16, 2009
  17. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    fairly childish way of disagreeing.

    I have stayed out of this till now. I will keep it clean, but this also applies to remove-malware.com. It seems if you are going to test accurately a vendors products against zero day malware, then it has to be kept exact.

    Meaning it has to be tested at the same time against the same exact malware, otherwise it proves nothing. The 10 you choose for Product A may not be caught at all, but if you had given A the samples you gave Product B, then A would have caught all of them like B did. But since you didnt, A gets bashed. Nope, none of this is fair or accurate.:thumbd:
     
  18. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371
    I understand what your saying Inspector Clouseau, and I don't plan on giving anyone on here the sites I know of, if they find them on their own, then thats one thing, they won't get them from me.

    I'm a computer genius ( spelling ? ) and a certified tech, very savvy with pc's.

    To the point that i'm doing all this without any virtual machine, I'm doing it str8 to my OS I use for every day tasks, and I'm not worried about getting hosed one bit :eek: :cool: :cautious: :blink: :ouch: o_O :shifty: :thumb:
     
  19. bradtech

    bradtech Guest

    "Hobby"

    Sorry, I am a Systems Administrator, and it's my responsibility to protect my infrastructure, and company against threats. In order to do that, I need to research, and educate myself on what is working well, and not cutting it anymore in terms of Anti Virus Technologies.

    Nobody is Promoting this activity for people to do in this thread. I am very aware of what I am doing, and harvest viruses ITW and send them to anti virus companies at work and at home. I've spent my whole life working on electronics, and all my working adult life in the IT field.
     
    Last edited by a moderator: Oct 16, 2009
  20. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,294
    Dont let the haters get to you brad. Alot of us appreciate what your doin here,and it's obvious that you've been around computers for awhile,so keep it up :thumb:
     
  21. bradtech

    bradtech Guest

    lol @ them thinking I am claiming to be the VB100, or Av-Comparatives.. I have no scientific formula I am using or a grading scale.. I take variants I find, and test them product.. I have no agenda to make one product look great, and the other look bad.. Just to test a product and see what it detects out of what I can find, and show it, and learn about the product. Then again if someone wants to slip me a $100.00 to skew the stats like the big dogs roll then I'd be glad to provide my services. :thumb:
     
  22. bradtech

    bradtech Guest

    I send samples to ESET, Kaspersky, and Symantec. I stated this before.. Those are the three products I work with at work.. I also have submitted samples I test with off to each product I test afterwords because users on here asked me to do so. New ones I find, I send to the product I test on that day if they miss them..

    You are way off in a whole different universe than I am.. This isn't a competition, or A vs B deal.. We all know Signature based detection is hit and miss, and fluctuates every second of the day on who has what.. I am looking for products that break that mold, and provide layers of defense.. I want to showcase that technology, and show with proof which Companies are doing their job to "protect us simpletons" from being infected..

    Every Company I have contacted and told I was going to test their product was happy to send me a copy of their software or a free functional trial key because they are confident in their product.. You have to question a company that thinks their users are to stupid, and need to be protected and let the "experts" do the testing.. It may make my **** flutter like a pigeons heart if I was fascist.

    That being said G-Data has been uploaded, and did great. :thumb:
     
  23. Judge Dee

    Judge Dee Guest

    I mean in no way to to denigrate the OP, nor those who appreciate his work. It's exciting to see the enthusiasm.
    Yet the crux of this disagreement, IMO, is what this forum is supposed to be.
    In the past the trend was for amateurs and enthusiasts to post a question, and the professionals/experts would give their opinions. Now the trend seems to be for everyone to give their opinions. Blue has stated succinctly the flaws in this testing. If this forum is meant to be professional, that's bad. If not, than it doesn't matter.
    Again, I'm not attacking or degrading anyone. I have my preferences, obviously, but I'm only one member.
     
  24. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    @ccomputertek...
    If you can't find something intelligent to say, then perhaps it is best not to say anything at all. I fail to see how your above statement adds any value to this thread, apart from bringing us even further off topic and trying to start more squabbles.
     
  25. bradtech

    bradtech Guest

    I have collected around 25 samples now, and have a lot more on a dvd.. Thing is, I am just an individual so I understand, and know that the tests I conduct really do not matter.. Once again I am doing this for my own curiousity, and to find out what works, and what does not.. The technologies, and methods behind the successful products, and the failings of others, and to incorporate that into the organization I work for.. I see ESET, Kaspersky, and Symantec fail/succeed every day.. I find testing these different products enjoyable, and am just giving users a glimpse at a moment of time on how a product stacks up against 10-20 variants on the internet that day.. I could throw 50 variants I have collected at them real time.. But then again, I just wanted to test brand new stuff on that day because that's where most of us get our ass kicked.. The variant someone gets redirected to that websense does not block, there is no signature out yet, and maybe one out of 41 on virustotal detects it.. When you deal with 1,000s upon 1,000s of machines it's bound to happen.. I hate that this has turned into a kind of flame war.. I did not claim to be a "certified tester" of products, nor should my tests hold any water other than how a product at a certain time of the day holds up against 10 or 15 threats that were released on that day or the day before..
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.