Testing AntiVirus and AntiMalware programs?

[DavidE]

How can I test AntiVirus and AntiMalware programs?
Are there any sites with safe TEST files like EICAR, but with more test files (malware types)?
I'm testing different AV realtime programs right now and would like to see what happens when a malware/virus file tries to infect the PC.
- Does the program detect the malicious file?
- If it is detected, what happens?

A couple of MBAM threads I found with a similar question:
https://forums.malwarebytes.org/index.php?showtopic=18097
https://forums.malwarebytes.org/index.php?showtopic=16006

 

[UsernameIssues]

I don't know of any safe websites that offer test infections... but I will comment on your post in this other thread where you mention Avira.

One of the couples that I support had Conduit and about a dozen other bits of malware. (This computer was "protected" by MSE.) I had not made up my mind yet between Avira, Bitdefender, Panda or some other free AV. So I installed Avira into a virtual machine and then tried to install Conduit. Avira happily allowed the install :-(

Panda killed the Conduit installer as soon as the download completed

I've played around (inside an isolated VM) with real infected files - testing them against various AV tools, but there is no clear winner. Panda allowed several things that it should have stopped.

There is a setup aspect of Panda that I'm not too thrilled about. It boasts about preventing the ransom-ware stuff by white listing apps for certain file extensions for certain folders. I'm just not sure that I want to add all of the extensions that are missing by default. Also, I have no idea if there will be a performance hit if the list of extensions becomes massive and the root of the system drive is listed instead of select folders.

 

[DavidE]

Thanks for the info.
Yea, there is no clear winner, that's why there is so many opinions and choices ...

 

[Callender]

Spyshelter

I can recommend running the keylogger test and other tests available from:

SpyShelter Stop-Logger - World's Best Anti-Keylogging Software. Detect And Remove All Kinds Of Keyloggers.

Test security of your PC

Check if your security software really protects you against unknown keyloggers and spyware.



It does a decent job of testing your defences without doing any harm. Download link is near the bottom of the page or directly download from the link below.

Download



Also see the following tests:

http://www.pcflank.com/

A few more: (Ignore the Eicar tests but try the others).

http://www.amtso.org/feature-settings-check.html

Also it's worth noting that no matter how good the security that you have in place is - if your security software fails to scan an email attachment for any reason you will still be able to open the attachment and thus potentially introduce a virus or worm. Windows can be set to block attachments from opening if the security software didn't scan the attachment but this is not enabled by default in Windows 7. The feature needs to be enabled by the user.

 

[Callender]

Blocking toolbar installation

I block unwanted toolbars and the like that sometimes don't get detected by my security software (especially those toolbar installers that come bundled with free software with no chance to opt out of the install) by adding the executable file names to Image Hijacker. If I ever get caught out - I'll remove the toolbar then add it to the block list. Using this method it's possible to clean install software that comes bundled with toolbars.

When a program tries to run you can use Image Hijacker to run a safe program in it's place instead. In this case it displays a user defined message.

Image Hijacker Free Download

It makes use of Image File Execution Options that is normally used to launch the debugger but instead it creates registry entries to launch a safe program in place of the nasty file that attempted to launch.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\currentversion\image file execution options.

In this example - if babylon.exe tries to run then fm.exe will be launched in it's place. fm.exe is the program that simply displays the user defined message - in this case "Babylon Toolbar Installation Blocked".

 

[arvin0807]

@Callender nice. tutorials its so great i didnt want to make delete from Registry edit. some case is so sensitive. ehehe i want to try so the virus cant expand there ehehe i try malwarebytes too its nice.

 

[Layback Bear]

Remember folks that things we don't want like Conduit, browser add on's, PUP's are not viruses.
That is why many anti virus don't block them.
The anti virus program doesn't know whether you want them or not but presumes that you do or you wouldn't of accepted them. Their are security programs that will hunt them out if you care to use them.

 

[crowruin]

How can I test AntiVirus and AntiMalware programs?
Are there any sites with safe TEST files like EICAR, but with more test files (malware types)?
I'm testing different AV realtime programs right now and would like to see what happens when a malware/virus file tries to infect the PC.
- Does the program detect the malicious file?
- If it is detected, what happens?

A couple of MBAM threads I found with a similar question:
https://forums.malwarebytes.org/index.php?showtopic=18097
https://forums.malwarebytes.org/index.php?showtopic=16006

you can pop open a VM and run some crazy malware I know of some good malware domain sites pm me if you are interested

 

[DavidE]

Thanks for the offer, but I'm not able to test real malware "safely"...
I tried using VMs a while ago, but my test box is an old AMD dual core and the performance hit alone made it "too unusable" for me.
The box works fine for what it is and how I use it ... so I will keep using it "as-is" until ...

 

[crowruin]

Oh alright your welcome

 

[Slartybart]

I wanted the same thing David when I was testing Mbam beta.

I cam across http://www.testmypcsecurity.com/securitytests/spycar_suite.html which seems similar to what CallEnder posted.

I had some difficulty downloading for a number of reasons. The download link itself might be broken or intermittent... and then there's the issue with downloading malware tests. Avast and or Defender or SmartFilter blocked the download - haha - that itself was a good test.

I had the suite on my system for a while but never executed the tests inside the zip. Again, my protection blocked me from opening the zip and I said - screw it. Note that while the zip existing only a few scanners (sorry, I forget which ones) flagged it or the flagged the files inside (I scan archives with every scanner being used/tested)

Good luck, post what you find as useful (and safe to use)

Bill
.

 

[aushack]

There is a website called WICAR.org | Malicious Website for Testing Internet Filters, Anti-malware, Proxies etc. to test browser anti malware detection.