question about antivirus

Discussion in 'other anti-virus software' started by ashishtx, May 31, 2006.

Thread Status:
Not open for further replies.
  1. ashishtx

    ashishtx Registered Member

    Joined:
    Oct 7, 2005
    Posts:
    389
    Location:
    Houston,Texas
    I have tried several antivirus to see detection,stablity and impact on the pc. My question is if one can kill the process of antivirus software through taskmanager, it is not stable? or in other words easily disabled by malware?
     
  2. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    No, ability to terminate it's processes has nothing to do with stability.
    You can terminate any other program through task manager, yet they are perfectly stable in normal operation conditions. Though yes, self-protection is a good thing to have, though not priority for all. Some less known AVs aren't as vulnerable as well known ones. So they often don't need self-protection at all. Yet.
     
  3. ashishtx

    ashishtx Registered Member

    Joined:
    Oct 7, 2005
    Posts:
    389
    Location:
    Houston,Texas
    So antivirus program which cannot be terminated through taskmanager are better than those which can be terminated?
     
  4. .....

    ..... Registered Member

    Joined:
    Jan 14, 2005
    Posts:
    312
    It can be called extra protection. Its only really a factor if the malware is unknown to the AV vendor when it's executed on your system (if its known the AV will block access to the file). The malware can close down the virus scanner and the user will never notice, unless of course you check on stuff like this. Like BlackCat said its not always a problem with lesser known scanners as malware won't target them.

    You can use tools like ProcessGuard, AppDefend and Safe N Sec to protect your anti-virus scanner from termination.
     
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I think many AVs( and other antimalwares) now add some sort of builtin self protection- I have seen it in Norton and Ewido beta 4( though Ewido is not AV).
    I want to know how many other AVs have this protection?
    Some of them might be working even though the GUI is disabled by malware etc I think. But I can,t tell by names.
     
  6. .....

    ..... Registered Member

    Joined:
    Jan 14, 2005
    Posts:
    312
    NOD32 and KAV have good self protection.
    Online Armor AV+ has some basic protection against termination.
     
  7. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Actually i haven't seen BlackCat in this thread...:D :cool:
     
  8. .....

    ..... Registered Member

    Joined:
    Jan 14, 2005
    Posts:
    312
    Sorry RejZoR... my bad :D
     
  9. ashishtx

    ashishtx Registered Member

    Joined:
    Oct 7, 2005
    Posts:
    389
    Location:
    Houston,Texas
    I tried some of the antivirus programs and tried to kill its process through taskmanager, here are my results:
    1) Norton(including corporate version) - None of its process can be killed by taskmanager.
    2)Trend micro- process can be terminated but it cuts all the network connections and system becomes unstable.
    3)f secure- easily killed by taskmanager and able to access internet.
    4)Kaspersky 6- Rock solid(cannot be killed by taskmanager).
    5)Nod32-Its gui can be disabled but when i tried to execute eicar file, it blocked the connection without any warning.
     
  10. TeknO

    TeknO Registered Member

    Joined:
    Feb 18, 2005
    Posts:
    147
    Location:
    Istanbul, TURKEY
    Could you test mcafee (mcshield) and bitdefender?
     
  11. ashishtx

    ashishtx Registered Member

    Joined:
    Oct 7, 2005
    Posts:
    389
    Location:
    Houston,Texas
    i will certainly try it and post them as soon as i test it.
     
  12. ashishtx

    ashishtx Registered Member

    Joined:
    Oct 7, 2005
    Posts:
    389
    Location:
    Houston,Texas
    Mcafee can be easily disabled through task manager and it allows everything. I was able to execute eicar test file.
     
  13. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    How did you get that in 6 minutes flat? o_O :eek:
     
  14. ashishtx

    ashishtx Registered Member

    Joined:
    Oct 7, 2005
    Posts:
    389
    Location:
    Houston,Texas
    I am writing this reply from the same computer which has mcafee total protection suite. I was able to disable it easily and still surf the net. I use first defense isr to test different av. I have different av on each snapshot.
     
  15. ashishtx

    ashishtx Registered Member

    Joined:
    Oct 7, 2005
    Posts:
    389
    Location:
    Houston,Texas
    I tested microsoft onecare, the result i could kill its process but it got back to work after few moments. The process, msmpsvc.exe(onecare antivirus) comes back to life after 20-30 seconds.
     
  16. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Interesting tests, ashishtx. Thanks.
     
  17. ashishtx

    ashishtx Registered Member

    Joined:
    Oct 7, 2005
    Posts:
    389
    Location:
    Houston,Texas
    Avg antivirus can also be easily disabled by taskmanager and system is stable to execute any process or program. This does not look safe therotically. Self protection is one of the important weapon for antivirus against any malware.
     
  18. dah145

    dah145 Registered Member

    Joined:
    Jul 3, 2006
    Posts:
    262
    Location:
    n/a
  19. ashishtx

    ashishtx Registered Member

    Joined:
    Oct 7, 2005
    Posts:
    389
    Location:
    Houston,Texas
    Can you explain how to use it? I mean how do i execute it using command line? thanks. Please bear with me as i am not experienced computer user. :oops:
     
  20. dah145

    dah145 Registered Member

    Joined:
    Jul 3, 2006
    Posts:
    262
    Location:
    n/a
    Go to Start, Run and type CMD, the command console will appear, just grab SPT.exe and throw it inside the console, press enter. You will get something like this:

    http://img296.imageshack.us/img296/9148/dibujozu0.jpg

    Now to begin testing you have to write the route of SPT.exe, or press the up arrow to get the last command faster, then the process ID, and then the number of the termination method that will be used (from 1 to 16).

    For example I want to kill Kaspersky AV, first I look for its process ID (PID) at the task manager.

    http://img208.imageshack.us/img208/5337/dibujo2bf0.jpg

    And then put in the console like this C:\spt.exe 1824 7, that way I will try to kill avp.exe with termination method number seven.

    Hope you understood me.
     
  21. ashishtx

    ashishtx Registered Member

    Joined:
    Oct 7, 2005
    Posts:
    389
    Location:
    Houston,Texas
    That was great dah145. Thanks. I appreciate your prompt response. :thumb:
     
  22. theshadow247

    theshadow247 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    323
    Location:
    ontario.canada
    have or could you test antivir free or premium...
     
  23. dah145

    dah145 Registered Member

    Joined:
    Jul 3, 2006
    Posts:
    262
    Location:
    n/a
    No problem :cool:
     
  24. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    This is an interesting thread.
    I knew that some av's have self-protection,but what's most interesting is the programs that do or don't have the feature.
    MicroSoft's One Care is a surprise to me.

    This whole topic validates the idea of layered protection.
     
  25. ashishtx

    ashishtx Registered Member

    Joined:
    Oct 7, 2005
    Posts:
    389
    Location:
    Houston,Texas
    I tested nod32 antivirus and it failed to pass the system safety monitor hips test. It collapsed and both of its process got terminated. There was no system crash or it did not prevented me to access internet after it died. It failed -test 15 in the process exit simulation test.
     
Loading...
Thread Status:
Not open for further replies.