I'm testing AV products against zeroday malware

Discussion in 'other anti-virus software' started by bradtech, Oct 12, 2009.

Thread Status:
Not open for further replies.
  1. bradtech

    bradtech Guest

    www.youtube.com/bradtechonline

    Done ESET, Avast, AVG, Avira, Kaspersky 2010, Panda Cloud, Vipre, and about to do Bit Defender 2010 :).. Any other products you guys would like to be tested? This is a preventative test in a VMware box..
     
  2. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    did u try the avast beta or the stable release?
     
  3. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,559
    It appears to be the old 4.8 release, not the beta.

    Seems like a lot of testers use Malwarebytes to see what the AV programs missed. So it begs the question why not just use Malwarebytes Pro. You can get a lifetime license for like $20, and it has realtime scanning.
     
  4. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,559

    Are you going to do Microsoft Security Essentials? thanks
     
  5. deanmartin

    deanmartin Registered Member

    Joined:
    Sep 6, 2007
    Posts:
    231
    Location:
    USA/KY
    F-Secure Please.
     
  6. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Can you throw Twister in the lot? Thanks.
     
  7. bradtech

    bradtech Guest

    Thanks guys for the information on what you want tested.. I am uploading a review of BitDefender 2010.. PrevX, and F-Secure "F-Prot" will be the next.. Only reason I use MBAM is just to see what stuff has got by.. It is not fool proof to be honest, but just something that seems to catch a lot of junk.. I'm sure if I used the active real time agent for MBAM, and took it against some zero days that another tool would go in behind it, and probably find some stuff..

    If you notice in my reviews I let the program I am testing run a scan to see if it kept itself clean. I notice some times that AV programs will let stuff install, and yet be able to go in and detect it once it is installed, and then remove it.. Most of the threats I deal with are going to be Zero day, or a couple days old at the most.. I ran into a variant tonight that destroyed the VM I was testing in.. It was a modified svchost.exe file that got past Webroot Antivirus..
     
  8. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    btw F-Secure and F-Prot are 2 completely different AV's. and id like to see how one of the new cloud AV's do, Immunet to be specific
     
  9. wat0114

    wat0114 Guest

    Hi Brad,

    if I may ask, how was the vm destroyed? Thanks!
     
  10. bradtech

    bradtech Guest

    Also some more information on my background, and why I am doing this.. I am a Systems Admin, and manage an environment of around 2,000 clients and servers. We use ESET on all the clients, and servers, Symantec on the Mail Server, and Kaspersky on the mail firewalls.. I have always been interesting in anti virus solutions, security solutions in general..
     
  11. bradtech

    bradtech Guest

    I couldn't execute anything other than the virus itself.. I think it overwrote some legitimate windows services.. Even in safe mode I was unable to open any anti virus product.. I was doing a review of Webroot Antivirus 2010 with spysweeper which was letting everything get by.. So I just reverted back to my clean xp image..
     
  12. bradtech

    bradtech Guest

    I tested Panda Cloud Beta.. I'll add Immunet to the list
     
  13. wat0114

    wat0114 Guest

    Interesting! So did it actually overwrite windows services on the host system or the VM guest system (you mention reverting to a clean XP image)? Also, are you running the host system's user account or administrator account when testing? Thanks kindly!
     
  14. bradtech

    bradtech Guest

    Running as Local Administrator on the Vmware guest, and a local user account on the Host system with UAC on.. The services overwritten were on the guest vm..
     
  15. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Very nice reviews. Would like to see ZoneAlarm antivirus tested although it has the firewall packaged with it. Your reviews are also entertaining which is cool..."what the hell?"
     
  16. wat0114

    wat0114 Guest

    Nicely done! I run Virtualbox XP on a host, SRP-enabled Vista account. BTW, nice work you're doing with the testing :thumb:
     
  17. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    One thing I noticed on the Avast test part 2- The Malwarebytes scan results #1 and #2 have some of the same entries. In the MBAM first scan 10 items were found and removed. Then in scan two nine items were detected by MBAM but some were the same (or similar) to what was found in scan one. Could it be that MBAM was not able to completely remove what it found in scan one and detected them again in scan two?
     

    Attached Files:

  18. overangry

    overangry Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    309
    Why not test your favourite NOD32 , this time out of the boxo_O
     
  19. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    He said he did Eset.o_O
     
  20. ASpace

    ASpace Guest

    NOD32 is pretty much out of the box . Just enabling detection for Pot.UnSafe Applications is not much because what he tests is not classified by ESET as an unsafe application but trojans .

    Enabling AH for the on-access scan doesn't give any extra protection in this case (the way he tests the things) .

    So ...
     
  21. overangry

    overangry Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    309
    ESET NOD32 , I was lazy whilst typing:)
     

    Attached Files:

  22. overangry

    overangry Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    309
    I just watched all of his reviews, it looked like NOD32 was the only AV tested where the settings were all set to their max.
    I felt in this case it wasn't fair to compare it to the other AV's tested.
    I personally have never used NOD32 you may well be correct. The reviewer however was very familiar with the product and was very keen to enable these settings:D
     
  23. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    any chance you could test the most recent Avast v5 beta?
     
  24. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,559

    I'd also like to see Immunet.
     
  25. Inspector Clouseau

    Inspector Clouseau AV Expert

    Joined:
    Apr 2, 2006
    Posts:
    1,329
    Location:
    Maidenhead, UK
    A couple of comments:

    1. You do realize that REGISTRY KEYS without malicious files are not really malware? I haven't seen any "dangerous" registry keys that malwarebytes detected that Vipre left behind.

    2. Making a conclusion with "i give it 3.5 Stars and if i would be in a better mood maybe 4" doesn't add any credibility to those tests.

    3. Don't expect that things that are named similar within several products do exactly the same. For example a quick scan means different scanning "procedures" in several products. Some do scan the registry, some only scan directly affected file types (such as *.exe file and they IGNORE on purpose renamed files etc)
     
Loading...
Thread Status:
Not open for further replies.