New Maymoons's Test: Killdisk Malware VS Behavioral Blocker

Discussion in 'other anti-virus software' started by guest, Dec 16, 2008.

Thread Status:
Not open for further replies.
  1. guest

    guest Guest

    1. Test Configuration
    Windows Xp Sp3
    Vmware on Vista Home Premium Sp1

    2. Test Terms

    * i am not professional tester. (i dont know who is a professional tester, is there any AV test school, sertification :thumbd:) But this test dont required professional tester. This is real word simulation.

    *i tested this software(all the latest version)

    -Comodo IS (without Av module)
    -DefenseWall
    -DriveSentry
    -Malware Defender
    -Mamutu
    -Online Armour
    -Prevx
    -PR Safe Connect
    -Sandboxie
    -ThreatFire

    * i tested this malware (all malware is well known, all malware is real from the real word. ther arent leak test. All malware is a living. you can see it in action video)

    -trojan.killdisk.aaa
    -trojan.killdisk.b
    -trojan.killdisk.x
    -win32.killdisk.z

    * all tests are recorded to videos. all tests are transparent. Anybody can not say "you are liar" :mad:

    * i uploaded all videos to rapidshare. i dont want to see any mirror. i want to see how many download. Because i wont do new test with all software. i will do popularity analys, i will do new test with only 3-4 popular product. there is a download calculator on rapidshare. you can ask me why rapidshare (you can see here)

    * i spent 10 hours for the test. i want to regard. if you dont like conclusion, if yours favourite software failed, if ... Please dont attack me. i like criticism, but i dont like disrespect.



    3. Introduction
    You can see all malware on action.

    http://rapidshare.com/files/173750670/01.Killdisk_vs_BM-introduction.rar

    3. Conclusion

    Test1 : Comodo (default settings)
    http://rapidshare.com/files/173752581/02.Killdisk_vs_BM-comodo-default_settings-part_1.rar
    http://rapidshare.com/files/173753225/03.Killdisk_vs_BM-comodo-default_settings-part_2.rar

    Test 2: Comodo with maximum settings
    http://rapidshare.com/files/173719075/04.Killdisk_vs_BM-comodo-maximum_settings.rar

    Test 3: Defensewall
    http://rapidshare.com/files/173719851/05.Killdisk_vs_BM-defensewall.rar


    Test 4: Drivesentry (without signature database)
    http://rapidshare.com/files/173731396/07.Killdisk_vs_BM-drive_sentry-without_signature_database.rar

    Test 5: Drivesentry (with signature database)
    http://rapidshare.com/files/173727705/06.Killdisk_vs_BM-drive_sentry-with_signature_database.rar

    Test 6: Malware Defender
    http://rapidshare.com/files/173732759/08.Killdisk_vs_BM-malware_defender.rar

    Test 7: Mamutu
    http://rapidshare.com/files/173736409/09.Killdisk_vs_BM-mamutu.rar

    Test 8: Online Armour
    http://rapidshare.com/files/173739455/10.Killdisk_vs_BM-online_armour.rar

    Test 9: Prevx (without internet connection only herulistic dedection)
    http://rapidshare.com/files/173740051/11.Killdisk_vs_BM-prevx_-without_internet_connection-part1.rar
    http://rapidshare.com/files/173744315/13.Killdisk_vs_BM-prevx-without_internet_connection-part2.rar

    Test 10: Prevx (with internet connection)
    http://rapidshare.com/files/1737411...th_internet_connection_and_herulistic_max.rar

    Test 11: PR Safe Connect
    http://rapidshare.com/files/173746851/14.Killdisk_vs_BM-privaty_response_safe_connect.rar

    Test 12:Sandboxie
    http://rapidshare.com/files/173748138/15.Killdisk_vs_BM-sandboxie.rar

    Test 13:Threatfire (without signature database)
    http://rapidshare.com/files/173749620/16.Killdisk_vs_BM-threatfire-without_signature_database.rar
     

    Attached Files:

    Last edited by a moderator: Dec 16, 2008
  2. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Interesting test idea :thumb: , but i would have prefered a link with all the results grouped too, since rapidshare doesn't allow you to download as free user more than 1 file per time. You need to wait before downloading the next time.
     
  3. s4u

    s4u Registered Member

    Joined:
    Oct 24, 2007
    Posts:
    441
    Yep. A result list would be nice indeed. Thanks
     
  4. guest

    guest Guest

    Sory. i want to count download, per by software.
    i will do new test. i want to test all software. i am needing software popularity rate.

    i have no too much time :)

    i know RS limitations. you can use CryptLoad 1.1.5. it is RS automation software.
     

    Attached Files:

  5. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    What do I need to open this file with o_O
     
  6. Pseudo

    Pseudo Registered Member

    Joined:
    May 4, 2008
    Posts:
    193
    The RAR file?
     
  7. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Yes, that one.
     
  8. Pseudo

    Pseudo Registered Member

    Joined:
    May 4, 2008
    Posts:
    193
    A lot of archiving software can unpack it (WinRAR, WinZIP, and 7-Zip to name a few).
     
  9. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Thank you :thumb:
     
  10. Pseudo

    Pseudo Registered Member

    Joined:
    May 4, 2008
    Posts:
    193
    Go with 7-Zip if you want no real limitations, it's open-source and opens a lot of archive files. ;)
     
  11. Criss

    Criss Registered Member

    Joined:
    Oct 3, 2008
    Posts:
    186
    Erm i wan to ask did prevx clean-up the last malware which it miss with medium heuristics??
     
    Last edited: Dec 16, 2008
  12. Pseudo

    Pseudo Registered Member

    Joined:
    May 4, 2008
    Posts:
    193
    It'll take a long time to download all of these files... :doubt:
    Please post the final results.
     
  13. Criss

    Criss Registered Member

    Joined:
    Oct 3, 2008
    Posts:
    186
    i watched some of the video.

    Sandboxie - all the malware is prevented

    Prevx edge(with internet connection) - Able to detect all in high heuristics but wif middle heuristics only able to detect 3 of them.

    Drivesentry - Not even one is detected.
     
    Last edited: Dec 16, 2008
  14. guest

    guest Guest

    this is wrong. Watch it carefully.
    i sent 2 videos,

    1. tested it only herulistic (this test is important)
    2. tested it with herulistic and malware database (this is not important)


    my goal;
    behavioral protection.
    Not malware database dedection.

    Already, all antiviruses can dedect samples. This is not key point.
    (look at introduction file.)


    Keypoint is a behavioral technology vs Malware.



    Hey guy, i give to 10 hours for the test, you can give 1-2 hours for downloading.

    there are many important point in the tests. you must watch them.

    i posted videos because some members say "your test is not good, your test is not real word, ..."

    This is real word. Real malware. Real videos. i say this members; give it them. and see test is good/bad.

    i dont want

    prevx y/4
    threatfire x/4

    like message.
     
  15. Criss

    Criss Registered Member

    Joined:
    Oct 3, 2008
    Posts:
    186
    o sry. i only watched the the Prevx with internet connection video. i should go edit my post.
     
  16. guest

    guest Guest

    please...
    Look at virus total report's attachment.
    Viruses are already known.i have many unknown killdisk viruses but i select this 4 samples. Because All Av can dedected them.

    Prevx Edge with internet collection catch them easily.
    This is not success.

    Success is a blocking without malware database.

    Prevx Edge (with internet collection) for only information. Real test isnt that.
     

    Attached Files:

  17. BrendanK.

    BrendanK. Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    520
    Location:
    Australia
    So in other words this test was based on the core behavioral guard, not the signatures that come with it.
     
  18. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Guest,

    Upload them om you tube, give matt some competition. I did teh test on DefenseWall some time ago, Malware Defender lately. But I won't spoil your party. After 10 hours testing and uploading.

    :blink: :thumb:
     
  19. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Hi Guest,

    I watched only one of your videos (guess which one!) - I'll take your comments on board about learning mode. Probably, we need to make it stand out a bit more so the users get it.

    The first reboot learning mode, as you saw, cannot be manually halted.


    Mike
     
  20. guest

    guest Guest

    Thank you.

    Youtube is blocked in my country.

    i dont want competition.
    This is my hobby.
    ı dont want money, advertisement, ...

    i tested more product than Matt.

    i prefer this video for only wilderssecurity.

    i learned many things in here
    this is my "thank you"
     

    Attached Files:

  21. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Sorry guest,

    Hope you noticed the thumbs up :thumb: for the thread you started. I do not understand the context of your thank you.

    Regards Kees
     
  22. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    This thread is great. I hope you keep it going.

    BUT I can't open the video after I download it with Free Download Manager.
    I double click on it and get no reaction at all.
    I dcn't know why. I'll have to wait.
    Thanks for sharing your results.
    Hugger
     
  23. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,040
    Hey Guest

    You are doing something that probably is quite valuable, but you comment I spent 10 hours doing it so you can spend 1-2 hours downloading doesn't wash.

    I am curious, but not curious enought to spend the time downloading. Sorry.
     
  24. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I agree. A simple link to reviews would be nice with just the results posted here. Great job you have done, but some simplfication for members here would help.
     
  25. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,588
    Location:
    Mumbai
    Yeah I agree with pete2150
    many here might be using dialup:oops:
    anyways u have done good job have dl one rar file:thumb: :thumb: :thumb:
     
Loading...
Thread Status:
Not open for further replies.