How easy(or difficult)are the top AVs to disable by malware

Discussion in 'other anti-virus software' started by steve1955, Feb 17, 2009.

Thread Status:
Not open for further replies.
  1. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    Any recent tests on later versions of AVs or suites to show resistance to malware shutting them down?
     
  2. Malcontent

    Malcontent Registered Member

    Joined:
    Dec 30, 2005
    Posts:
    451
    Location:
    Cleveland, Ohio USA
  3. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    thanks,I've read that one but it seems to use quite a few older versions rather than current builds,I can't find anything more up to date
     
  4. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
    I don't think I ever experienced my AV being disabled; however I think it may have once (I couldn't run a scan on the user account I installed AV09 on). I can't confirm.
     
  5. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    One thing I can say for sure is that the upcoming Avira 9 has maybe the strongest protection for processes\files\registry.
    They can't be modified\disabled. :)
     
  6. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    That's a welcome development,a criticism of Avira has often been it's weak self-protection.:thumb:
     
  7. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    yes that sounds very good! cant wait till the beta is finalized, then again, i dont mind it being in Beta since i get to use a free beta key and never had a prob with the beta :D
     
  8. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    Seems a bold statement,it seems no matter how strong the AV vendors make protection against disabling of their software,the malware writers do always seem to find a way of doing it,some are far too easy to stop though
     
  9. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
    Has anyone actually experienced their AV being disabled? I even ran a killav sample and my av stayed ok ... as far as I know. Maybe it was more stuble, such as the inability to detect certain strains of malware ...
     
  10. drkoopz

    drkoopz Registered Member

    Joined:
    Mar 4, 2006
    Posts:
    74
    Yes, my Mom's PC has Norton 360 + Antibot and it was disabled last night by a virus. When I went to run a scan with Norton 360 it would skip thru the scan and act like it was finished. I was very disappointed with Norton, and it allowed the PC to become even more infected. Only Antibot was doing it's job and caught some nasties. But the infection overwhelmed it.
     
  11. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    that is simply because Norton AntiBot is junk, much better things out there...
     
  12. drkoopz

    drkoopz Registered Member

    Joined:
    Mar 4, 2006
    Posts:
    74
    I don't believe so. I can't expect a behavioral shield to block a full on malware attack. Just like you wouldn't expect your antivirus to do that. The problem is that one part of her security failed and only left Antibot to do the heavy lifting. It had caught at quarantined 18 malicous files, but it just couldn't keep up. I'm not going to fault Antibot for that, it was simply doing it's job.

    Back on topic, I am however very disappointed with Norton 360 for failing to protect itself. This isn't the first time that Norton has been disabled by viruses from personal experience, and from I read it's not only me. Maybe it's because virus writers are aware that Norton carries the largest market share and will write their viruses to be the most effective against those types of machines.

    I'm only speculating though.
     
  13. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Very True

    Please stay away from Anti-Bot, it is nothing more then a advertisement inducement from my own experience with it.

    It let my samples run right thru it without so much as a whimper. I would demand my money back for such a disgustingly false product as it.

    EASTER
     
  14. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    You can test with Diamond CS Process Termination. It has 18 killing\crashing methods for active processes. ;)

    http://tds.diamondcs.com.au/advancedseries/apt.php
     
  15. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    The speculation your doing are known facts yet not very populair ones but pretty dang old and im all for evading such an occurence however have seen this often happend with populair products on 3d party machines
     
  16. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    downloaded and tried this:-it doesn't list KIS as running(it is!)strange??
     
  17. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
    NAB never claimed the ability to remove all threats; just holds threats under control until a traditional AV with updated sigs can step in.

    On the other hand; does anyone know what's in Killav's playbook?

    Correction: "kill 7", which uses the endtask method, killed Norton for some reason. Does APT use process elevation? I ran it on an guest/restricted account.
     
    Last edited: Feb 19, 2009
  18. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    actually, i disagree, it is supposedly a behavior Blocker, and wouldnt a virus use malicious behavior since it is a virus after all and thats what viruses do? unless its a fake AV (cuz these usually dont actually do anything malicious at first), then a GOOD BB should block MOST of the intrusions, this is where antibot fails, products that i wont mention here as i dont want it to be an AvB thread can do much MUCH better...

    im just giving u a little advice, take it or leave it.
     
  19. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Fair point there,that behaviour certainly qualified as malicious in nature and should have been flagged up.
     
Loading...
Thread Status:
Not open for further replies.