DFK Threat Simulator vs ......

Discussion in 'other anti-trojan software' started by budfox, Oct 20, 2006.

Thread Status:
Not open for further replies.
  1. budfox

    budfox Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    103
    I was about to reimage my drive and decided to infect my system with DFK threat simulator and Martins Keylogger.

    Here is the results of my scan.

    #1 AVG antispyware (aka EWIDO)
    trojan.xshadow.b
    martins keylogger
    torjan.small
    eicar test virus

    #2 Counterspy
    Vanquishrootkit

    #3 SpywareDoctor
    eircar test virus

    #4 Spysweaper
    Nothing.

    I have to say I am surprised that the two highest rated programs in the media did the worst. I always run multiple programs, but I have to say that I dont see myself renewing #3, and #4 next year.
     
  2. budfox

    budfox Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    103
    Just for laughs I reimaged my drive, and this time ran AVG antispywares resident protection before launching the DFK threat.

    AVG blocked the trojans from being installed. My new favorite security app.
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    I have to say that I really don´t have a clue if I passed the test or what, I tried to simulate a real attack by allowing only the .exe files to be launched, but I´m not sure if the rootkit and trojan were able to run, and it also seemed like SSM stopped all the shutdown attempts. I also did not get to see the "Own3d" message. I will have to do some more testing. :rolleyes:
     
  4. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Grisoft (AVG) made a very smart move when they bought Ewido. Their AV is improving, too, from what I see in recent tests. IMO, the AVG suite is now to be *taken verrrry seriously*.

    I tried the DFK test earlier, as I reported in another thread. SSM popped-up warnings again & again & again. A person would need to have a death wish in order to fail this test with SSM in attendance. I finally disabled SSM in order to run the rest of the test in peace.

    Milli-seconds after SSM went to his room (to sulk, no doubt) Cyberhawk then blew the whistle, and asked to upload the files to its database. I assume that CH will give a much earlier warning now.
     
  5. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Of several HIPS I was playing with, DFK doesn't seem to shut down SSM even though it is listed as one of the targetted. All the others fail to either of the two methods used to kill them.

    I'm not quite sure why, since there is no reason I can think of why SSM should be immune to the generic attacks used by DFK.

    One possibility is that the guy messed up, or maybe he was working with an older version.
     
  6. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Actually DFK doesn't kill SSM at all, that is why you keep seeing the repeated popups. Against most other HIPS it takes about 3 prompts (though I think in theory it can be cut down to fewer prompts if he rolled all the functionality into 1 file) to kill the HIPS after which you don't see anymore.

    I saw your posting on this forum yesterday, I went to test it, basically i got the same thing as you did, cyberhawk let pretty much everything go, before sensing something wrong and asking me to send the file to them for analysis.
     
  7. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Did u tried its rootkit scan?
     
Thread Status:
Not open for further replies.