I'm testing AV products against zeroday malware

www.youtube.com/bradtechonline

Done ESET, Avast, AVG, Avira, Kaspersky 2010, Panda Cloud, Vipre, and about to do Bit Defender 2010 .. Any other products you guys would like to be tested? This is a preventative test in a VMware box..

 

did u try the avast beta or the stable release?

 

It appears to be the old 4.8 release, not the beta.

Seems like a lot of testers use Malwarebytes to see what the AV programs missed. So it begs the question why not just use Malwarebytes Pro. You can get a lifetime license for like $20, and it has realtime scanning.

 

Are you going to do Microsoft Security Essentials? thanks

 

F-Secure Please.

 

Can you throw Twister in the lot? Thanks.

 

Thanks guys for the information on what you want tested.. I am uploading a review of BitDefender 2010.. PrevX, and F-Secure "F-Prot" will be the next.. Only reason I use MBAM is just to see what stuff has got by.. It is not fool proof to be honest, but just something that seems to catch a lot of junk.. I'm sure if I used the active real time agent for MBAM, and took it against some zero days that another tool would go in behind it, and probably find some stuff..

If you notice in my reviews I let the program I am testing run a scan to see if it kept itself clean. I notice some times that AV programs will let stuff install, and yet be able to go in and detect it once it is installed, and then remove it.. Most of the threats I deal with are going to be Zero day, or a couple days old at the most.. I ran into a variant tonight that destroyed the VM I was testing in.. It was a modified svchost.exe file that got past Webroot Antivirus..

 

btw F-Secure and F-Prot are 2 completely different AV's. and id like to see how one of the new cloud AV's do, Immunet to be specific

 

Hi Brad,

if I may ask, how was the vm destroyed? Thanks!

 

Also some more information on my background, and why I am doing this.. I am a Systems Admin, and manage an environment of around 2,000 clients and servers. We use ESET on all the clients, and servers, Symantec on the Mail Server, and Kaspersky on the mail firewalls.. I have always been interesting in anti virus solutions, security solutions in general..

 

I couldn't execute anything other than the virus itself.. I think it overwrote some legitimate windows services.. Even in safe mode I was unable to open any anti virus product.. I was doing a review of Webroot Antivirus 2010 with spysweeper which was letting everything get by.. So I just reverted back to my clean xp image..

 

I tested Panda Cloud Beta.. I'll add Immunet to the list

 

Interesting! So did it actually overwrite windows services on the host system or the VM guest system (you mention reverting to a clean XP image)? Also, are you running the host system's user account or administrator account when testing? Thanks kindly!

 

Running as Local Administrator on the Vmware guest, and a local user account on the Host system with UAC on.. The services overwritten were on the guest vm..

 

Very nice reviews. Would like to see ZoneAlarm antivirus tested although it has the firewall packaged with it. Your reviews are also entertaining which is cool..."what the hell?"

 

Nicely done! I run Virtualbox XP on a host, SRP-enabled Vista account. BTW, nice work you're doing with the testing

 

One thing I noticed on the Avast test part 2- The Malwarebytes scan results #1 and #2 have some of the same entries. In the MBAM first scan 10 items were found and removed. Then in scan two nine items were detected by MBAM but some were the same (or similar) to what was found in scan one. Could it be that MBAM was not able to completely remove what it found in scan one and detected them again in scan two?

 

Why not test your favourite NOD32 , this time out of the box

 

He said he did Eset.

 

NOD32 is pretty much out of the box . Just enabling detection for Pot.UnSafe Applications is not much because what he tests is not classified by ESET as an unsafe application but trojans .

Enabling AH for the on-access scan doesn't give any extra protection in this case (the way he tests the things) .

So ...

 

ESET NOD32 , I was lazy whilst typing

 

I just watched all of his reviews, it looked like NOD32 was the only AV tested where the settings were all set to their max.
I felt in this case it wasn't fair to compare it to the other AV's tested.
I personally have never used NOD32 you may well be correct. The reviewer however was very familiar with the product and was very keen to enable these settings

 

any chance you could test the most recent Avast v5 beta?

 

I'd also like to see Immunet.

 

A couple of comments:

1. You do realize that REGISTRY KEYS without malicious files are not really malware? I haven't seen any "dangerous" registry keys that malwarebytes detected that Vipre left behind.

2. Making a conclusion with "i give it 3.5 Stars and if i would be in a better mood maybe 4" doesn't add any credibility to those tests.

3. Don't expect that things that are named similar within several products do exactly the same. For example a quick scan means different scanning "procedures" in several products. Some do scan the registry, some only scan directly affected file types (such as *.exe file and they IGNORE on purpose renamed files etc)