A lie called protection (false sense of security)

[Kate_L]

Hello my friends,

I know that some people don't like me and I am ok with that, after today more people will not like me What I will do today is to show some things I notice. I don't want you to believe me, I want you to try to find your own answers and test (multiple links and malware samples), don't believe all the things you see companies spend a lot of money to lie (ads and so on).

It all started after a talk with @Malware1 about Anti viruses and he showed me this link and I did some research about this. I already knew that some companies offer fake services (I will not give names).

The first test I did was with Anti-Spam. The test was done on my two e-mails that I use for spam, Install the security product open Thunder Bird and Outlook. The surprise was only a few products found about 10 %, some products didn't do anything. The Anti-Spam test was done in 3 days.

The second test was with Anti-Virus and removal. The test was done like this:

Scan the Malware Database that I have and random samples are executed. After that the PC was rebooted and PC was scanned 2 times a day (test was done for 4 days), the PC was online in all this time.

From all the products I tested only 2 protected the PC with no user interaction, 4 with user interaction. The other products fail to protect and clean the PC, we had 2 BSOD and the PC was unavailable to load the OS

The last test was with Web Shield, here was a fun thing that I found. only a few AV detected the samples when the files where scanned with AV engine. The Web Shield of a lot of products offer fake detection, they detect only the "link" they don't detect the sample with the AV engine and the detection in the Web Shield is a lie. Also. a lot of Fake Scan Pages are not detected (the JavaScript) only the link.

Now how AV use MDL, Malcode to quick detect malware and to show a fake sense of security, I don't use the samples from there and all the samples I used where from Blackhat forums (a lot of FUD), we don't scan samples with VirusTotal or any Online Scanner. The test was done on the OpenSecLab test PC's (I will sell them in the next week).

This is the last big test I do, the future test will be "smaller" and I will continue to research.


Once again, this is a research I did, please do your own research and don't trust what other people say (AV tests or AV companies).

 

[Dubseven]

Nice research and tests OpenSecLabs

<< The day that all companies will unit them forces to work and develope better things, will be probably the day that the money will no longer exist. >>

Lie for marketing, lie for money.

About that, a little video link there about "Marketing Secrets" , a lot of methods are used to hide the true and sell more.

 

[Petrovic]

Your recommendations for a list of real AV?
I did not see the inference in your research)
Any tests are too relative

 

[Kate_L]

Yes! test and see I don't wanna tell you. You can use Free products

 

[marg]

I like you.! I agree that no AV has the market cornered. They all have +/- points. Keep up posting. Do not let detractors keep you down.

 

[Deleted member 21043]

I don't think anyone will hate you for posting this. Everyone is entitled to their opinion and thoughts on the truth.

 

[Prorootect]

I think all AV are pure joke .. if malware jump into your computer, they are all overwhelmed .. because the database of AV is a step back.

Use setting possibilities of PCHunter ..

 

[yigido]

That explanation of real-av list post was posted in 2010!!
What do you think about it ? This list is up-to-date? or do you have another real-av list in your mind

 

[Kate_L]

I think all AV are pure joke .. if malware jump into your computer, they are all overwhelmed .. because the database of AV is a step back.

Yes, this is true. A lot of time the PC is infected and the AV will not be able to clean (the AV is just not that good not to say useless). I also notice that a lot of AV do not use the technology they say they use. The PC is infected and you don't even know about that.

 

[Kate_L]

That explanation of real-av list post was posted in 2010!!
What do you think about it ? This list is up-to-date? or do you have another real-av list in your mind

There is not "Real AV List" it is just AV that does the job.

The same thing is with Firewalls, if you do a little research and see how they work, you will notice some interesting things.

What I wanted to say with this post is that people should not listen to AV companies or "suspicious" tests, if you read the EULA you will notice some things about the AV that you will not like (they are don't care if the product didn't work and so on.).

People will say why they don't go bankrupt ... well there is something called Marketing and Aggressive advertising. Just look how many new AV companies are each year, they use other engines and all are "the best".

 

[yigido]

There is not "Real AV List" it is just AV that does the job.

Simple rule regarding VT, trust only real AV from that 50+ list

The Real AV list:

Avast
Dr.Web
ESET
Kaspersky
Microsoft
Symantec

This post from Russian guy (his choice are of course Dr.Web and Kaspersky.)
I have no word for ESET.
Miscrosoft is leaky.
Symantec & Kaspersky is a spy (Chinese goverment said this)

Last choice is Avast that you use

Yes! test and see I don't wanna tell you. You can use Free products

you showed a target and said you can test free products
I think there is no problem to say these products which you tested.

 

[Chromatinfish 123]

Signature only antivirus is a joke... the database will always be a step back and malware will always have a large chance of attacking the system while the signature is not updated (approx 1-24 hours; that's a lot of time for malware to spread).
Okay, I like comparing complex sentences like this one to ones in real life scenario so it's easier to understand... Let's see...

So: There's an infection traveling rapidly across the globe. A vaccine/medicine has not been created yet. So, there's a large chance that you'll be infected, right?

Hopefully this helps

 

[Venustus]

Signature only antivirus is a joke... the database will always be a step back and malware will always have a large chance of attacking the system while the signature is not updated (approx 1-24 hours; that's a lot of time for malware to spread).
Okay, I like comparing complex sentences like this one to ones in real life scenario so it's easier to understand... Let's see...

So: There's an infection traveling rapidly across the globe. A vaccine/medicine has not been created yet. So, there's a large chance that you'll be infected, right?

Hopefully this helps

You make some very valid points!

 

[FreddyFreeloader]

On my machine, I'm the real AV. If it looks funky, and it's name ain't James Brown, I ain't gonna click, download, install, or run the bloomin' thing. On the net since 1996 w/no infections, no stolen ID, no stolen financials (just pattin' myself on the back.)

 

[cruelsister]

OSL- Totally true, but for the retail consumer there are few alternatives, and those that do exist are not fully understood and therefore shunned.

In the Enterprise space the futility of traditional approaches to security is recognized and these are being replaced by appliances from companies like Palo Alto, Checkpoint, Fortinet, and FireEye. The commonality among these is a strong and effective auto-sandbox with some sort of Proactive module (more properly termed Threat Intelligence); the company closest to my heart also has real time Forensics platform to assist in response.

Sadly these products are way out of the financial range of the individual, so they are left with consumer products. And in choosing the most appropriate product from the plethora of products available it is important to understand that the essential goal of any anti-malware defense is to keep malware from infecting the system and not what has the highest URL blocking ability or the best percentage of detections in whatever test.

As we can infer from Dear Freddie's post above, the best defense is experience and common sense; but just in case you are using the computer while a tad drunk (not that I would know), having something like Comodo's auto-sandbox to catch you if you fall is quite nice.

 

[FreddyFreeloader]

Excellent cruelsister! I've gone to using my Chromebook for financials and never keep anything of importance on my surfing machine. I also re-set my modem and router before switching computers. And yes, I have in the past committed SUI (surfing under the influence.)

 

[Kate_L]

See, people already start asking questions and talking, this is good. I really love that