AV testing!

[omidomi]

I find a tool in Github whom Test your AV Vulnerability here:
BreakingMalware/AVulnerabilityChecker · GitHub
i want all member test it with their AVs to see which program is vulnerable and which one is no vulnerable, I test EIS its safe.
stay for your test
*These avs pass the test successfully:
Windows Defender
Avira AV Pro + Firefox = not vulnerable
Norton
Emsisoft
Kaspersky
Watchdog anti malware
Eset
Qihoo
Sophos
AVG
Bitdefender
Firefox + Webroot = Passed
Firefox + Avira Pro = Passed
Agnitium
Secure Alive
McAfee
Avira AV Pro + HitmanPro.Alert + Firefox
Avira AV Pro + HitmanPro.Alert + Chrome
*These avs failed in the test :
Chrome + Webroot = Failed
Avira AV Pro + Chrome
Chrome + Avira Pro
Baidu
Bitdefender Internet Security 2016
Trend Micro
Avast
Bullgaurd

 

[kev216]

I'll definitely check it out this weekend

 

[Piteko21]

I can run this tool, safely and normaly, on my personal laptop without any virtualization software?

 

[omidomi]

I can run this tool, safely and normaly, on my personal laptop without any virtualization software?

its better use virtualization software(may be 0.0000000001% damage your system) but i test it without any virtualization software and do't have any problem

 

[Piteko21]

its better use virtualization software(may be 0.0000000001% damage your system) but i test it without

thanks bro, it's better use virtual machine to test

 

[omidomi]

thanks bro, it's better use virtual machine to test

sandboxie for sure

 

[OokamiCreed]

I can run this tool, safely and normaly, on my personal laptop without any virtualization software?

Personally I've always run tools like this in a VM (which I already did). Mostly due to paranoia and I like to test tools like this with multiple AV and a VM is the best way to do that. I haven't seen this tool do anything negative to the system but then again, I didn't check the system beyond memory via task manager. Run it on your host at your own risk. I personally don't recommend it. VM is a nice controlled/sterile environment to run these test so nothing else gets in the way and alters tests.

 

[tonibalas]

me too and Norton is ok no problem

its better use virtualization software(may be 0.0000000001% damage your system) but i test it without any virtualization software and do't have any problem

Me too didn't have any problem and Norton is ok

 

[Rishi]

It marks me as safe,and I ran it normally. I am not really sure if it's a good idea to run it in VMs(it checks for repetitive memory allocation addresses).But you can for safety. See GoogleProjectZeroBlog.Eset used to have a packer vulnerability, fixed earlier in July 2015 according to this,fixed within 2 days .

Pale Moon is not detected by the exploit scanner(awesome), must use the big three. I had used IE 11.

 

[OokamiCreed]

It's safe for me, and you can run it normally, I am not convinced it's a good idea to run it in VMs(it checks for repetitive memory allocation addresses. See GoogleProjectZeroBlog.Eset used to have a packer vulnerability, fixed earlier in July 2015 according to this,within 2 days .

Pale Moon is not detected by the exploit scanner(awesome), must use the big three. I had used IE 11.

The test works fine in a VM. I used an AV that was vulnerable (Webroot), and one that wasn't (Windows Defender). Ran the test multiple times to make sure I got the same result using both IE 11 and Google Chrome.

 

[Rishi]

The test works fine in a VM. I used an AV that was vulnerable (Webroot), and one that wasn't (Windows Defender). Ran the test multiple times to make sure I got the same result using both IE 11 and Google Chrome.

Could you try Kaspersky and SOPHOS as mentioned in that blog? Or any generous forum member blessed with a powerful VM and some spare time.

 

[jamescv7]

Tested on VM with outdated IE 8 which turn out to be not vulnerable to exploitable constant RWX address, guess seems it should depends on the programs that can be alongside for that as mentioned where some AV's contains security risks.

 

[harlan4096]

Could you try Kaspersky and SOPHOS as mentioned in that blog? Or any generous forum member blessed with a powerful VM and some spare time.

Taken from: Kaspersky Vulnerability Report 22th September:

Description

Kaspersky Lab has fixed vulnerability in Kaspersky Anti-Virus which allowed for allocation of RWX memory regions at predictable addresses. This vulnerability could have been exploited only if a 3rd party application contained vulnerability such as stack based buffer-overflow. CVSS score of this vulnerability is 1.9 (AV:L/AC:M/Au:N/C: p /I:N/A:N)
List of affected products
Kaspersky Anti-Virus 2015 MR2
Kaspersky Internet Security 2015 MR2
Fixed Versions
The fixes are included in the autoupdated patch for latest products versions that was released on 22 Sep. Please update latest products versions.
Acknowledgments
We would like to extend our thanks to enSilo company for reporting this vulnerability to Kaspersky Lab.

 

[OokamiCreed]

Could you try Kaspersky and SOPHOS as mentioned in that blog? Or any generous forum member blessed with a powerful VM and some spare time.

Was about to get off the computer but sure I can do that before I go. I assume Sophos Free AV?

 

[Rishi]

Sophos it is. Yes, thanks a lot.

 

[Der.Reisende]

Thank you for linking us to the test @omidomi
Qihoo 360 TS result (v8.0.0.1072) seems just fine

 

[OokamiCreed]

Sophos it is. Yes, thanks a lot.

Sophos Free AV is not vulnerable (I assume Kaspersky isn't so I didn't test - I assume it was tested since it's on the list in the first post).

 

[Rishi]

Sophos Free AV is not vulnerable.

It seems the problem has been fixed with the ones tested by project zero, we will only come to know if Webroot is an exception or there are more as members open up about their findings. Thank you again @OokamiCreed for the efforts.

 

[Hangtooth]

Avira Free passed (followed instructions testing twice to be sure) with out of the box settings (just installed it last night). I made sure to turn Malwarebytes AntiExploit Free off as it is the only other real-time protection I am using atm.

Edit: Summary of my testing: AV testing! Message #44

 

[Sr. Normal]

AVG Antivirus is not vulnerable. Thanks @omidomi