AV Testing

[QUOTE=thathagat;598632
hey dinesh it would be nice to know which engine detects the files in hitman pro[/QUOTE]
Avira, G Data and Prevx.

Today I installed XP in VM and then infected it badly, very badly. Then scanned it with Hitman Pro.
Here are the results.

TheIgster said:

Jaxryley said:

If they were really zero day then no AV would be detecting the samples at the time of finding them.

Well, perhaps our idea of zero day is different then. By that I mean they were listed links on various malware web sites found THAT day. These are not old links from weeks ago or anything. These were posted on that day on those sites as active threats that day.

Sorry guys, I don't have any screen shots. The testing was done and no video or screen shots were taken. Screens most likely would have been a good idea though. If I perform a test again, I will try to grab some. Problem is, it is easy to make a product look bad if you really want to, even with a screen shot.

While 15 links is not a huge sample, it is just that, a random sample of links that someone may or may not come across while surfing the Internet.

Listen, I'm not a professional by any means. This test was performed on my main system using Shadow Defender to simply start over again, uninstall the current AV and then install a new AV. After all the testing was done, I had imaged my system using the built-in Windows 7 image backup, so I simply put that image back on to be sure nothing was left behind.

I will add that in some more testing, Avast has not remained perfect (using other links found), but what Avast missed, my Malwarebytes Pro caught, so a layered approach is best in my opinion.

Would tend to disagree running multiple antivirus is suicide to your computer. What your avast missed would have been caught after the virus started becoming more prominent on your computer. How would you know whether those antivirus/antimalware are conflicting your computer?

Pichu said:

Would tend to disagree running multiple antivirus is suicide to your computer. What your avast missed would have been caught after the virus started becoming more prominent on your computer. How would you know whether those antivirus/antimalware are conflicting your computer?

I think you misunderstood. Layered approach in something that CAN run alongside an AV product such as MBAM, Prevx, etc. I am not saying people should run two AV products that are not meant to run alongside each other.

More testing done the other night with some of the same AV's to see if they keep performing along at the same pace, as well as some new ones that I had requests for. I used 15 brand new malware links. Most were links to .exe files including fake AV's, other rogues, and other various types of malware. All AV's were installed, allowed to update and set to the default settings. The only AV that anything was changed on was A-Squared, as it appeared by default, a couple of the shields were off for some reason, so they were turned on.

After each test, Malwarebytes was ran and updated and a fast scan was done. The results for each fast scan after each test are listed along with the tested AV. In some cases, files that were 'infected' were simply left behind files in the temporary folder. This doesn't seem like a big deal to me, but it may be to some. I personally use CC Cleaner all the time to clean temp folders out, so those files would be gone. Not sure why some of the AV's didn't simply delete those files, but they seem pretty harmless sitting in a temp folder and not running in memory or anything.

One of the surprises for me again was Avast. Caught everything and the only thing left behind was a registry key. Also, the new Trend Micro Titanium Beta. It stopped everything in it's tracks. I will say though the beta seems a little heavy to me. About 45MB of RAM and I did notice a bit of system slowdown, but it works very, very well for a beta, so maybe the drag on the system is worth it or maybe it's just because it's a beta. Kaspersky still did very well in reporting every single link, but three items were left behind in the temp folder. Again, not a big deal to me personally, as they would be deleted soon anyway and were not running in memory. It was the same with Vipre, which performed VERY well and only left behind three files in the temp folder.

I don't mean to offend anyone but BluePoint Security is not good. It did nothing. Their sell line is Revolutionizing Computer Security. If by that they mean, allowing every system to get completely infected, well, they have achieved their goal. Not sure what has happened to Nod32 as well. It didn't perform very well at all. Now, onto the results:

A-Squared Beta 5

Links Missed: 2/15
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 19

Avast

Links Missed: 1/15
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

BluePoint Security

Links Missed: 15/15
Memory Processes Infected: 4
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 7
Registry Data Items Infected: 5
Folders Infected: 5
Files Infected: 29

Dr. Web

Links Missed: 2/15
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 5
Files Infected: 18

F-PROT

Links Missed: 7/15
Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 4
Registry Data Items Infected: 5
Folders Infected: 3
Files Infected: 19

Kaspersky

Links Missed: 0/15
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Microsoft Security Essentials

Links Missed: 2/15
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 3
Files Infected: 15

ESET Nod32

Links Missed: 8/15
Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 4
Registry Data Items Infected: 5
Folders Infected: 5
Files Infected: 25

Trend Micro Titanium Beta

Links Missed: 0/15
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Vipre

Links Missed: 1/15
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Please keep in mind, I'm no pro and these are just small tests. All AV's could perform badly when only given some 15 links. These tests are just simple tests to see how each AV performs under these conditions.

I understand then. However, I wouldn't ever recommend to a user that they run two antiviruses together in any situation. Users don't need such security.

Nice security test by the way, I'm curious as to how you got your viruses to test with lol.

Also, for your security setup, I personally, think you should not run kaspersky with malwarebyte, with pc tools firewall, with shadow defender. What, are you paranoid or something? Just MSE is enough. Why don't you delete everything and only keep shadow defender? I'm curious. Why run four security software that obviously could possibly conflict with each other?

Pichu said:

I understand then. However, I wouldn't ever recommend to a user that they run two antiviruses together in any situation. Users don't need such security.

Nice security test by the way, I'm curious as to how you got your viruses to test with lol.

Also, for your security setup, I personally, think you should not run kaspersky with malwarebyte, with pc tools firewall, with shadow defender. What, are you paranoid or something? Just MSE is enough. Why don't you delete everything and only keep shadow defender? I'm curious. Why run four security software that obviously could possibly conflict with each other?

Well, as I've stated and it's been pretty much proven by the testing that I have done, running something like MBAM as well as Kaspersky allows me to ensure I'm pretty darn safe actually. If Kaspersky misses something (and it has), MBAM catches it. As for PC Tools Firewall Plus, well, it's a firewall, not an AV product. Shadow Defender is there, but not used all the time. I only enter Shadow Mode when I am going somewhere that I know may have some serious threats or I use it for testing. Having it on the entire time can cause issues when wanting to download and save things and especially when wanting to install something.

Edit: I would like to add as well, in the testing I have done, sorry, but MSE is not good enough. It has failed in many respects.

In my informal and completely possibly flawed test, I found that microsoft security essentials blocked a rogue antivirus that shadow defender missed, but of course, that is nowhere as professional as yours =).

I just wanted to suggest to you, that keeping such a layered protection can have negative consequences for your computer. :) This is simply my opinion but I do not want four different programs to scan every file on my computer even if they can work harmoniously together. It misses the point of less is more in windows 7. Yes, it is definitely possible that a virus that gets through one layer is blocked by another layer, so two layer approach is feasible but four layers of protection??!?! lol, im probably just overreacting, but you are being paranoid !!! I don't even think a fanatic like Dinesh, keeps so much to protect his computer??!! I can only imagine how much your cpu has to work and your disk has to thrash...

Note: I'm not criticizing, just suggesting.

Pichu said:

In my informal and completely possibly flawed test, I found that microsoft security essentials blocked a rogue antivirus that shadow defender missed, but of course, that is nowhere as professional as yours =).

What? Shadow Defender doesn't "miss" anything or "block" anything. It's not an AV product.

What is Shadow Defender ?

Shadow Defender is an easy-to-use security solution (for Windows operating systems) that protects your PC/laptop real environment against malicious activity and unwanted changes.

Shadow Defender can run your system in a virtual environment called 'Shadow Mode'. 'Shadow Mode' redirects each system change to a virtual environment with no change to your real environment. If you experience malicious activity and/or unwanted changes, perform a reboot to restore your system back to its original state, as if nothing happened.

I've stated numerous times that I am not a "professional" and I simply do this for fun. Take from the tests what you will. I've stated how they are done and what happens exactly.

I have no slow down issues at all on my system running the security setup I have, but each to his own.