Breaking AV Software

Petrovic · Apr 4, 2014

https://twitter.com/matalaz/status/451934665830436864

Deleted member 178 · Apr 4, 2014

very interesting, even if it sounds like an April Fools, anyway i want to see what a naked system's user will do against a ransomware? reformat?

as an old sage said "rather resist the storm with a small hole in my raincoat than goes naked"

P.S: now you know why UAC is crucial

Petrovic · Apr 4, 2014

Umbra Polaris said:
P.S: now you know why UAC is crucial

Deleted member 178 · Apr 4, 2014

in fact, i can easily run my system without any 3rd party AVs, just using a guest account, Windows8 built-in security; but WHERE IS THE FUN !!!!

XhenEd · Apr 4, 2014

Wow... thanks!
I want to know the vulnerability of Kaspersky products.

Edit: I already found in the pdf that Kaspersky has exploitable items too.

XhenEd · Apr 4, 2014

Vulnerability search should be performed on a regular basis.
They must test their av engines againsts exploits just like what Google is doing for chrome.

Ink · Apr 4, 2014

Increased surface area of attack, if security products install Toolbars and Browser extensions. Agree or Disagree?

Moose · Apr 4, 2014

Your answer: http://www.insanitybit.com/tag/security/page/2/

Agree! Maybe Shadow Defender and SandBoxie are the way to
go! With a Anti virus! Seem like there is no way around it. When
you are finish, just reboot!

Nikos751 · Apr 4, 2014

It would be interesting to know which av products were found to have less holes andbugs.

XhenEd · Apr 4, 2014

Sandboxie too has been found to be vulnerable. The report was published by Bromium (which has a security product).

I read about that on wilders...

Dubseven · Apr 4, 2014

Tiranium has no vulnerability

:likeaboss:

The most secure is comodo with the HIPS alerts every 2 minutes

XhenEd · Apr 4, 2014

Dubseven said:
Tiranium has no vulnerability :likeaboss:

The most secure is comodo with the HIPS alerts every 2 minutes

But even Comodo was among the tested products that have been found to be vulnerable.

Deleted member 178 · Apr 4, 2014

Umbra Total Security 2015 (Sauron Edition)

One solution to rulz them all

Venustus · Apr 4, 2014

Umbra Polaris said:
Umbra Total Security 2015 (Sauron Edition)

One solution to rulz them all

Of course I agree!!

Of the Av vendors listed in the OP, F-Secure wins hands down!!

Nikos751 · Apr 4, 2014

From what I understand, an AV that installs deeply in the system reduces security of youe system. Most products have bugs, holes etc, so it's good not to gain "deep" priviledges to provide protection.
So, which products are less intrusive?

Petrovic · Apr 4, 2014

Nikos751 said:
From what I understand, an AV that installs deeply in the system reduces security of youe system. Most products have bugs, holes etc, so it's good not to gain "deep" priviledges to provide protection.
So, which products are less intrusive?

Windows Defender+UAC+SmartScreen+Windows Firewall

(win 8&8.1)

Venustus · Apr 4, 2014

Nikos751 said:
From what I understand, an AV that installs deeply in the system reduces security of youe system. Most products have bugs, holes etc, so it's good not to gain "deep" priviledges to provide protection.
So, which products are less intrusive?

The best paid protection:
Kaspersky ,F-secure,Eset

PS:Windoows defender is crap!!
If you want free go Avast!

Nikos751 · Apr 4, 2014

venustus said:
The best paid protection:
Kaspersky ,F-secure,Eset

PS:Windoows defender is crap!!
If you want free go Avast!

Kaspersky is said to be a "legit rootkit" and it installs deeply in the system as I know.
And from what I read in the pdf " If your application runs with the highest privileges, installs kernel drivers, a packet filter and tries to handle anything your computer may do...  Your attack surface dramatically increased.",
Kaspersky does not seem a very good solution.
Fsecure uses BitDefender engine which seems vulnerable.

What made you come to this conclusion? I may be wrong, that's why I 'm asking you

A year ago I was probably infected by some kind of malware as I was testing keys (just for fun-I don't use AV's illegally) for ESS7 found on a serials site. (it was distributing malware for some time as reported in URL scanning sites) ESS6 suddenly dissapeared from system tray and it could not run. I had Webroot secureanywhere running too. WR did not shut down, and although it did not detect the malware either, it was up and running.
Many system tools like regedit, services etc, were also disabled, and I enabled them via WR GUI.
That may be a simple incident that shows what reduced attack surface means.

Nikos751 · Apr 4, 2014

Petrovic said:
Windows Defender+UAC+SmartScreen+Windows Firewall (win 8&8.1)

I 've tested malware in VM that can disable such protections. So, I cannot be fully convinced on that xD

Venustus · Apr 4, 2014

Nikos751 said:
Kaspersky is said to be a "legit rootkit" and it installs deeply in the system as I know.
And from what I read in the pdf " If your application runs with the highest privileges, installs kernel drivers, a packet filter and tries to handle anything your computer may do...  Your attack surface dramatically increased.",
Kaspersky does not seem a very good solution.
Fsecure uses BitDefender engine which seems vulnerable.

What made you come to this conclusion? I may be wrong, that's why I 'm asking you

Just my personal experience in testing these products for a very long time

F-Secure uses the BD engine but it is a multi-engined av solution with it's own in-house modules included!
PS:It's very late here in Sydney and I am too tired to elaborate further!
Maybe tommorrow

Thanks!

Search

Breaking AV Software

Petrovic

Level 64

Deleted member 178

Petrovic

Level 64

Deleted member 178

XhenEd

Level 28

XhenEd

Level 28

Ink

Administrator

Moose

Level 22

Nikos751

Level 20

XhenEd

Level 28

Dubseven

Level 14

XhenEd

Level 28

Deleted member 178

Venustus

Level 59

Nikos751

Level 20

Petrovic

Level 64

Venustus

Level 59

Nikos751

Level 20

Nikos751

Level 20

Venustus

Level 59

Similar threads