K7 is also from India but it is regularly tested by AV-Comparatives and scores very good. I used it for a long while and it was THE lightest AV I have ever come across, At the same time, it offered excellent protection. If so, why did I switch? Because I like to tinker. That's why I am presently running G-Data. As to an AV's nation of origin, there are AVs that I wouldn't use from Germany (Avira), USA (Webroot), UK (Sophos), etc. However I would readily use G-Data (Germany), Norton (USA), Hitman (UK). IMO, selection should be based on AV's quality & other aspects more so than its nation of origin.
It's definitely not malware and is not a new product. It's one of the many antiviruses I have running on my test PC. However, I recommend avoiding it as its detection rates are sub par.
As for "detection rates". Detecting malware via signatures is good for sure, but in my opinion, an av needs powerfull heuristic analysis too. For example what im currently testing are Trend Micro and Dr Web Security Space Beta. Uploaded one fresh sample to VT. No signature detection by Trend Micro or Dr Web. But when i ran the malware sample on my testing laptop, TM blocked it instanly "Suspicious File Blocked" and Dr Web "DPH: Probably Process Hollowing 4.0" In VT detection results, you will see "not detected", althought the malware is blocked. For example Trend Micro, which does have an average malware signature base, but blocks the malware on runtime but in the other hand, Avira, Kaspersky etc does so.
The basic registry keys that any av should protect, even on "forced shutdown" aka timing attack(write registry entries just before shutdown) or for example via MSI etc installer. These registry keys should be protected, at least, in any case: DisableTaskMgr DisableCMD NoChangeStartMenu NoControlPanel NoNetworkConnections NoWinKeys NoDesktop NoFind NoFileMenu NoFolderOptions NoRun
Good point. I do think this is probably also a weak point with AV's like Win Defender, they rely mostly on the cloud for detection. But behavior blocking on the local machine is pretty much non existant. OK I see. I was just about to say that India is considered to be one of the good guys, I'm Indian too.
I've been, testing Dr. Web and beta couple of weeks for now against various bazaar samples(exe,js,vsb,ps1, bat etc). However, i'm using custom settings of Dr. Web "Behavior Analysis" (aka HIPS), where you can "tune up" predefined rules for your liking. What i liked, is Dr.Web process heuristic and process dumper abilities. Especially really, really good against process hollowing / injections. I'll keep testing it, for example so called "timing attack", which means an ability to protect the system is restarted/rebooted etc. Offtopic, Hibit Startup Monitor now also monitors Windows Policy modifications.
