Serious Discussion Are antiviruses unimportant?

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,591
But for people like me, Antiviruses is only needed to fight against zero-day exploits.

You can conclude nothing in general from the test with one sample. If you did, then your conclusion would be irrational even if true. When thinking rationally, such a video can only be an example of something confirmed in another way.
Currently, most AVs use behavior-based detections. So, the AV vendors consider such detections important. The main purpose of using behavior-based detections are morphed samples. It means that the malware used in the video will not become prevalent by using 1000 morphed copies. Most of them will be detected, even if a few initial samples could bypass AVs. This is also a clear difference compared to old-fashioned AVs.

If you need protection against 0-day exploits, then you should install an AV with a good anti-exploit module and minimize the attack surface (Standard User Account, fresh updates, system/software hardening, applications running in AppContainer, etc.). The standard behavior modules are not so efficient and often focus on the post-exploitation phase. If you do not like 3rd party AVs, you can apply Windows built-in anti-exploit and application control features.
 
Last edited:

lokamoka820

Level 24
Mar 1, 2024
1,321
But that is very simple ransomware, even behavioral analyse cant block this, how can it block a real zero day attack? Change my mind. If behavioral analyse cant even block that simple virus, What is difference between 2000's antiviruses and todays?
The difference between 2000's antiviruses and today is the bloat, today antiviruses are just a bloated software that in most cases doesn't protect you more than MS Defender, but for sure affects your performance and privacy more than what MS Defender do, to me antivirus software is for people that feel boring and have some extra time in their life.
 

mlnevese

Level 28
Verified
Top Poster
Well-known
May 3, 2015
1,760
People like me :ROFLMAO: But, I have found the new Norton to be very light so far.
I installed the new Norton just to take a look (got a very cheap license as well) and ended up actually liking it. It's clearly a beta but it shows promise. In my computers it is lighter than Kaspersky or Eset. Responsive software, fast page opening, the occasional netsys BSOD as well :)
 

Divine_Barakah

Level 33
Verified
Top Poster
Well-known
May 10, 2019
2,289
The difference between 2000's antiviruses and today is the bloat, today antiviruses are just a bloated software that in most cases doesn't protect you more than MS Defender, but for sure affects your performance and privacy more than what MS Defender do, to me antivirus software is for people that feel boring and have some extra time in their life.
I agree about the bloat thing. This is why I am using Emsisoft which comes bundled with nothing. No system optimiser, no VPN, no witchcraft CPU optimisation or game enhancer. It is just pure security with excellent support.
 

Divine_Barakah

Level 33
Verified
Top Poster
Well-known
May 10, 2019
2,289
I installed the new Norton just to take a look (got a very cheap license as well) and ended up actually liking it. It's clearly a beta but it shows promise. In my computers it is lighter than Kaspersky or Eset. Responsive software, fast page opening, the occasional netsys BSOD as well :)
Was the BSOD caused by Norton?
 

Game Of Thrones

Level 6
Verified
Well-known
Jun 5, 2014
292
the modules in current antiviruses are mostly connected, there is no such thing as behavior block testing because the real-time shield in most antiviruses feeds some data to behavior blockers. this is why you see no more behavioral blocking tests these days because it's not real-world and scientific, there were times when antiviruses were weak and could be bypassed even by a low-level hacker but today it's not like that, with the addition of new programming and technologies especially the CLOUD to the arsenal of security companies they can now see any new file and its behavior in their end and with machine learning and human analysis they can stop a newly created malware. before these new techs, malware writers could test their malware easily on different suits and tune their malware, but now it's much harder, the apps send metadata and nearly all the info about the sample to the cloud making malware detected easily even with heavy modification some companies can detect that malware again. of course I'm not talking about some incidents or ways that these programs can be bypassed, but in general in recent years they protect a normal user even if the user is somehow a happy clicker.

so that's why you see no professional IT people test a security program by disabling its protection layers, they test with samples called zero days which are harder to detect but if you find some zero days you see that security apps can detect and defend the users, sometimes easily and sometimes with their last line of defense (cloud, behavior blocker), the 99 percent detection was a lie but with today's technology it can be a reality. the cloud(machine learning) was like finding what fire is and how to create it for mankind but for security companies.
 

Dr. Wells

Level 1
Thread author
Aug 27, 2024
38



What do you think about this video? i obfuscate the ransomware and kaspersky just drink tea while files encrypting. Norton and Bitdefender still detects HEURISTIC. i also finally tested Norton's behavioral and it also drink tea.
 
  • Like
Reactions: Khushal

Game Of Thrones

Level 6
Verified
Well-known
Jun 5, 2014
292
What do you think about this video? i obfuscate the ransomware and kaspersky just drink tea while files encrypting. Norton and Bitdefender still detects HEURISTIC. i also finally tested Norton's behavioral and it also drink tea.

when we wanted to choose security software for some businesses one of them was testing with similar samples(mostly zerodays) and Kaspersky was alright best balance between protection, stability, and performance.

all security software can be bypassed there is nothing invincible out there but I have to say something is strange in Kaspesky's behavior maybe you should give @Shadowra your sample so he test it more.

@harlan4096 I think there is something wrong with this, it's the test, or its Kaspersky.
 

Dr. Wells

Level 1
Thread author
Aug 27, 2024
38
when we wanted to choose security software for some businesses one of them was testing with similar samples(mostly zerodays) and Kaspersky was alright best balance between protection, stability, and performance.

all security software can be bypassed there is nothing invincible out there but I have to say something is strange in Kaspesky's behavior maybe you should give @Shadowra your sample so he test it more.

@harlan4096 I think there is something wrong with this, it's the test, or its Kaspersky.
Why not? We can work together.
 

Dr. Wells

Level 1
Thread author
Aug 27, 2024
38
you can test eset for fun, we have a dedicated video review here with some rules and some good videos, maybe you should be active there
i tested eset but i didnot record it, eset fully cant detected it. i was also hopeful for eset because of HIPS. But it drink tea
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top