Testing AntiVirus and AntiMalware programs?

Page 1 of 2 12 LastLast

  1. Posts : 6,330
    Multi-Boot W7_Pro_x64 W8.1_Pro_x64 W10_Pro_x64 +Linux_VMs +Chromium_VM
       #1

    Testing AntiVirus and AntiMalware programs?


    How can I test AntiVirus and AntiMalware programs?
    Are there any sites with safe TEST files like EICAR, but with more test files (malware types)?
    I'm testing different AV realtime programs right now and would like to see what happens when a malware/virus file tries to infect the PC.
    - Does the program detect the malicious file?
    - If it is detected, what happens?

    A couple of MBAM threads I found with a similar question:
    https://forums.malwarebytes.org/inde...howtopic=18097
    https://forums.malwarebytes.org/inde...howtopic=16006
      My Computer


  2. Posts : 10,485
    W7 Pro SP1 64bit
       #2

    I don't know of any safe websites that offer test infections... but I will comment on your post in this other thread where you mention Avira.

    One of the couples that I support had Conduit and about a dozen other bits of malware. (This computer was "protected" by MSE.) I had not made up my mind yet between Avira, Bitdefender, Panda or some other free AV. So I installed Avira into a virtual machine and then tried to install Conduit. Avira happily allowed the install :-(

    Panda killed the Conduit installer as soon as the download completed

    I've played around (inside an isolated VM) with real infected files - testing them against various AV tools, but there is no clear winner. Panda allowed several things that it should have stopped.

    There is a setup aspect of Panda that I'm not too thrilled about. It boasts about preventing the ransom-ware stuff by white listing apps for certain file extensions for certain folders. I'm just not sure that I want to add all of the extensions that are missing by default. Also, I have no idea if there will be a performance hit if the list of extensions becomes massive and the root of the system drive is listed instead of select folders.
      My Computer


  3. Posts : 6,330
    Multi-Boot W7_Pro_x64 W8.1_Pro_x64 W10_Pro_x64 +Linux_VMs +Chromium_VM
    Thread Starter
       #3

    Thanks for the info.
    Yea, there is no clear winner, that's why there is so many opinions and choices ...
      My Computer


  4. Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       #4

    Spyshelter


    I can recommend running the keylogger test and other tests available from:

    SpyShelter Stop-Logger - World's Best Anti-Keylogging Software. Detect And Remove All Kinds Of Keyloggers.

    Test security of your PC

    Check if your security software really protects you against unknown keyloggers and spyware.



    It does a decent job of testing your defences without doing any harm. Download link is near the bottom of the page or directly download from the link below.

    Download

    Testing AntiVirus and AntiMalware programs?-spyshelter.com-security-testtool-1.jpg

    Also see the following tests:

    http://www.pcflank.com/

    A few more: (Ignore the Eicar tests but try the others).

    http://www.amtso.org/feature-settings-check.html

    Also it's worth noting that no matter how good the security that you have in place is - if your security software fails to scan an email attachment for any reason you will still be able to open the attachment and thus potentially introduce a virus or worm. Windows can be set to block attachments from opening if the security software didn't scan the attachment but this is not enabled by default in Windows 7. The feature needs to be enabled by the user.
    Last edited by Callender; 28 Jan 2014 at 18:07. Reason: Add info
      My Computer


  5. Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       #5

    Blocking toolbar installation


    I block unwanted toolbars and the like that sometimes don't get detected by my security software (especially those toolbar installers that come bundled with free software with no chance to opt out of the install) by adding the executable file names to Image Hijacker. If I ever get caught out - I'll remove the toolbar then add it to the block list. Using this method it's possible to clean install software that comes bundled with toolbars.

    When a program tries to run you can use Image Hijacker to run a safe program in it's place instead. In this case it displays a user defined message.

    Image Hijacker Free Download

    It makes use of Image File Execution Options that is normally used to launch the debugger but instead it creates registry entries to launch a safe program in place of the nasty file that attempted to launch.

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\currentversion\image file execution options.

    In this example - if babylon.exe tries to run then fm.exe will be launched in it's place. fm.exe is the program that simply displays the user defined message - in this case "Babylon Toolbar Installation Blocked".
    Attached Thumbnails Attached Thumbnails Testing AntiVirus and AntiMalware programs?-debugger.jpg  
      My Computer


  6. Posts : 23
    windows 7 64bit, windows 7 ultimate 64bit
       #6

    @Callender nice. tutorials its so great i didnt want to make delete from Registry edit. some case is so sensitive. ehehe i want to try so the virus cant expand there ehehe i try malwarebytes too its nice.
      My Computer


  7. Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       #7

    Remember folks that things we don't want like Conduit, browser add on's, PUP's are not viruses.
    That is why many anti virus don't block them.
    The anti virus program doesn't know whether you want them or not but presumes that you do or you wouldn't of accepted them. Their are security programs that will hunt them out if you care to use them.
      My Computer


  8. Posts : 9
    Windows 7 Home Premium 64 bit
       #8

    DavidW7ncus said:
    How can I test AntiVirus and AntiMalware programs?
    Are there any sites with safe TEST files like EICAR, but with more test files (malware types)?
    I'm testing different AV realtime programs right now and would like to see what happens when a malware/virus file tries to infect the PC.
    - Does the program detect the malicious file?
    - If it is detected, what happens?

    A couple of MBAM threads I found with a similar question:
    https://forums.malwarebytes.org/inde...howtopic=18097
    https://forums.malwarebytes.org/inde...howtopic=16006
    you can pop open a VM and run some crazy malware I know of some good malware domain sites pm me if you are interested :)
      My Computer


  9. Posts : 6,330
    Multi-Boot W7_Pro_x64 W8.1_Pro_x64 W10_Pro_x64 +Linux_VMs +Chromium_VM
    Thread Starter
       #9

    Thanks for the offer, but I'm not able to test real malware "safely"...
    I tried using VMs a while ago, but my test box is an old AMD dual core and the performance hit alone made it "too unusable" for me.
    The box works fine for what it is and how I use it ... so I will keep using it "as-is" until ...
      My Computer


  10. Posts : 9
    Windows 7 Home Premium 64 bit
       #10

    Oh alright your welcome
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 06:31.
Find Us