How easy(or difficult)are the top AVs to disable by malware

Any recent tests on later versions of AVs or suites to show resistance to malware shutting them down?

 

https://www.wilderssecurity.com/showthread.php?t=230798

 

thanks,I've read that one but it seems to use quite a few older versions rather than current builds,I can't find anything more up to date

 

I don't think I ever experienced my AV being disabled; however I think it may have once (I couldn't run a scan on the user account I installed AV09 on). I can't confirm.

 

One thing I can say for sure is that the upcoming Avira 9 has maybe the strongest protection for processes\files\registry.
They can't be modified\disabled.

 

That's a welcome development,a criticism of Avira has often been it's weak self-protection.

 

yes that sounds very good! cant wait till the beta is finalized, then again, i dont mind it being in Beta since i get to use a free beta key and never had a prob with the beta

 

Seems a bold statement,it seems no matter how strong the AV vendors make protection against disabling of their software,the malware writers do always seem to find a way of doing it,some are far too easy to stop though

 

Has anyone actually experienced their AV being disabled? I even ran a killav sample and my av stayed ok ... as far as I know. Maybe it was more stuble, such as the inability to detect certain strains of malware ...

 

Yes, my Mom's PC has Norton 360 + Antibot and it was disabled last night by a virus. When I went to run a scan with Norton 360 it would skip thru the scan and act like it was finished. I was very disappointed with Norton, and it allowed the PC to become even more infected. Only Antibot was doing it's job and caught some nasties. But the infection overwhelmed it.

 

that is simply because Norton AntiBot is junk, much better things out there...

 

I don't believe so. I can't expect a behavioral shield to block a full on malware attack. Just like you wouldn't expect your antivirus to do that. The problem is that one part of her security failed and only left Antibot to do the heavy lifting. It had caught at quarantined 18 malicous files, but it just couldn't keep up. I'm not going to fault Antibot for that, it was simply doing it's job.

Back on topic, I am however very disappointed with Norton 360 for failing to protect itself. This isn't the first time that Norton has been disabled by viruses from personal experience, and from I read it's not only me. Maybe it's because virus writers are aware that Norton carries the largest market share and will write their viruses to be the most effective against those types of machines.

I'm only speculating though.

 

Very True

Please stay away from Anti-Bot, it is nothing more then a advertisement inducement from my own experience with it.

It let my samples run right thru it without so much as a whimper. I would demand my money back for such a disgustingly false product as it.

EASTER

 

You can test with Diamond CS Process Termination. It has 18 killing\crashing methods for active processes.

http://tds.diamondcs.com.au/advancedseries/apt.php

 

The speculation your doing are known facts yet not very populair ones but pretty dang old and im all for evading such an occurence however have seen this often happend with populair products on 3d party machines

 

downloaded and tried this:-it doesn't list KIS as running(it is!)strange??

 

NAB never claimed the ability to remove all threats; just holds threats under control until a traditional AV with updated sigs can step in.

On the other hand; does anyone know what's in Killav's playbook?

Correction: "kill 7", which uses the endtask method, killed Norton for some reason. Does APT use process elevation? I ran it on an guest/restricted account.

 

actually, i disagree, it is supposedly a behavior Blocker, and wouldnt a virus use malicious behavior since it is a virus after all and thats what viruses do? unless its a fake AV (cuz these usually dont actually do anything malicious at first), then a GOOD BB should block MOST of the intrusions, this is where antibot fails, products that i wont mention here as i dont want it to be an AvB thread can do much MUCH better...

im just giving u a little advice, take it or leave it.

 

Fair point there,that behaviour certainly qualified as malicious in nature and should have been flagged up.