App Review 360 Total Security Essential prevention and detection Test

[safe1st]

Hope you all enjoyed the video
Thanks for watching

Merry Christmas everyone!!
Happy holidays

 

[Sundaram999]

Thanks for the work you've done!!!

 

[TheMalwareMaster]

Just remember: to enable avira and BD on realtime protection you should click on "protection on" and then put it on "security" or "custom" and enable them

 

[MalwareBlockerYT]

Hope you all enjoyed the video
Thanks for watching

Merry Christmas everyone!!
Happy holidays

Good video but how the heck do you have time to upload like 5 videos a week? I can only upload 2 normally because of everything going on around me!

 

[safe1st]

Just remember: to enable avira and BD on realtime protection you should click on "protection on" and then put it on "security" or "custom" and enable them

What do you mean? I enable them...

Good video but how the heck do you have time to upload like 5 videos a week? I can only upload 2 normally because of everything going on around me!

5 videos? No. Its 3 videos a week

Thanks everyone!

 

[TheMalwareMaster]

If you enable Avira and BD in the scan section, they will be used just for on-demand scans. If you click on protection on, and then switch it to security or in custom, you can enable them for realtime protection. In the 1st case, they will be used just when you run a custom scan. In the second, they will be used realtime also when you download/execute malicious files

 

[509322]

The URLs used in the test are at least 10 days old at Malc0de, MalwareURL, Nictasoft, MalShare, and others.

The files themselves are re-used over-and-over by the malc0ders.

In using Malc0de, one has to be aware that they will keep re-posting new URLs with the same re-used files.

What I am saying is that using published URLs to test softs can make it seem that the soft is doing great - providing 1st rate protection - but in reality it is not because the URLs and files are already old.

In a test of Qihoo you have to eliminate all files that are already detected by Bitdefender, Avira and Qihoo. Only then is the test result a validation of the product's protection potential.

All the AVs subscribe to essentially the same, identical malicious URL\ file lists.

Undetected samples from the Malware Hub and malware packs available at various sites are better for testing. But, admittedly, it is not a simple task to harvest enough undetected samples sometimes.

* * * * *

1243123.exe is Cerber.

PCMedik is a PUP. PCMedik and pcmedik aren't the same file; compare the SHA1 hashes.

You can't go by the machine learning\artificial intelligence file verdicts below from Malc0de files.

For example, FlashPlayerPro.exe is an Install Monster, but the ML\AI states "No threat found."

Another example, Couponscom.exe is a browser hijacker, but ML\AI states "No threat found."

These files and their URLs had been up on Malc0de for at least the week prior to 12/26 - when I submitted them for ML\AI analysis.

 

[MalwareBlockerYT]

The URLs used in the test are at least 10 days old at Malc0de, MalwareURL, Nictasoft, MalShare, and others.

The files themselves are re-used over-and-over by the malc0ders.

In using Malc0de, one has to be aware that they will keep re-posting new URLs with the same re-used files.

What I am saying is that using published URLs to test softs can make it seem that the soft is doing great - providing 1st rate protection - but in reality it is not because the URLs and files are already old.

In a test of Qihoo you have to eliminate all files that are already detected by Bitdefender, Avira and Qihoo. Only then is the test result a validation of the product's protection potential.

All the AVs subscribe to essentially the same, identical malicious URL\ file lists.

Undetected samples from the Malware Hub and malware packs available at various sites are better for testing. But, admittedly, it is not a simple task to harvest enough undetected samples sometimes.

* * * * *

1243123.exe is Cerber.

PCMedik is a PUP. PCMedik and pcmedik aren't the same file; compare the SHA1 hashes.

You can't go by the machine learning\artificial intelligence file verdicts below from Malc0de files.

For example, FlashPlayerPro.exe is an Install Monster, but the ML\AI states "No threat found."

Another example, Couponscom.exe is a browser hijacker, but ML\AI states "No threat found."

These files and their URLs had been up on Malc0de for at least the week prior to 12/26 - when I submitted them for ML\AI analysis.

View attachment 129001

- I get my samples from about 8 sources now.
- I get URLs from 4 sources.
- Ransomware from 3 sources.

I try to keep my samples a maximum of 4 days old - most of the ones I use are less than 2 days old in new tests I perform

Yes Malc0de just posts the same files over & over which means that the URLs will most likely be detected. VXVault posts different URLs but most of them are broken.

 

[509322]

- I get my samples from about 8 sources now.
- I get URLs from 4 sources.
- Ransomware from 3 sources.

I try to keep my samples a maximum of 4 days old - most of the ones I use are less than 2 days old in new tests I perform

Yes Malc0de just posts the same files over & over which means that the URLs will most likely be detected. VXVault posts different URLs but most of them are broken.

I am not bashing your test, but instead just point out some issues. I didn't even mention false positives and "dead fish."

It seems you are already aware that testing AV is problematic.

The publicly available VXVault URLs are always ages old; it is pointless to use one unless its post date is within 24 hours of testing.

Sometimes you get lucky and hit an occasional jackpot of majorly undetected stuff on a subscription list.

The best testing is done with fully undetected samples. Everybody knows that the available files will very likely be detected by the scan engines of all the major AVs within days - if not hours. Some have faster "through-put" and generate signatures at a quicker rate, but it isn't really meaningful to the typical user that downloads only a few files per week. Prolific downloaders, it might make a difference.

Web-protections... just take a close look at the published malicious URLs and ask yourself "What is the likelihood that I will navigate to a single one of these URLs ?" Lot's are taken down within 24 hours - especially the phishing pages.

If a major site, such as PCMag got infected, the reports of malicious activity would precede the adding of the URL for blocking.

Web protections are imperfect, but it is what is possible with the current state of IT security.

 

[MalwareBlockerYT]

I am not bashing your test, but instead just point out some issues. I didn't even mention false positives and "dead fish."

It seems you are already aware that testing AV is problematic.

The publicly available VXVault URLs are always ages old; it is pointless to use one unless its post date is within 24 hours of testing.

Sometimes you get lucky and hit an occasional jackpot of majorly undetected stuff on a subscription list.

The best testing is done with fully undetected samples. Everybody knows that the available files will very likely be detected by the scan engines of all the major AVs within days - if not hours. Some have faster "through-put" and generate signatures at a quicker rate, but it isn't really meaningful to the typical user that downloads only a few files per week. Prolific downloaders, it might make a difference.

Web-protections... just take a close look at the published malicious URLs and ask yourself "What is the likelihood that I will navigate to a single one of these URLs ?" Lot's are taken down within 24 hours - especially the phishing pages.

If a major site, such as PCMag got infected, the reports of malicious activity would precede the adding of the URL for blocking.

Web protections are imperfect, but it is what is possible with the current state of IT security.

Yeah no I understand you are not bashing mine but I just thought I would mention it Yeah there are lots of problems when it comes to accurate testing.