Found a Tester Videos are 1.5 to 2 min. Interesting results, for your Fav AV's... See Photos

tofargone

Level 5
Thread author
Jun 24, 2024
211
I ran across this guys You-Tube, AV / IS testing channel (Full Speed Mac & PC).

I noticed that the vides were short (1-2 minutes)... So I gave 6 of them a shot, and thought you would enjoy the results..... See 6 photos attached.

Here is a quick explanation:
He leaves all vendors at default. Has a folder with 300 to 400 samples (bad actors). He turns on the protection, and lets the PC set for a few minutes. If nothing happens, he then runs a full system scan.

This leaves a total of X amount of bad actors. This is what you will see NEAR the bottom of each screenshot, on the left hand bottom corner.
 

Attachments

  • 1.JPG
    1.JPG
    636 KB · Views: 122
  • 2.JPG
    2.JPG
    636 KB · Views: 121
  • 3.JPG
    3.JPG
    690 KB · Views: 109
  • 4.JPG
    4.JPG
    751.6 KB · Views: 104
  • 5.JPG
    5.JPG
    726.8 KB · Views: 107
  • 6.JPG
    6.JPG
    906.3 KB · Views: 112

Bot

AI-powered Bot
Apr 21, 2016
4,471
Thanks for sharing this, it's always interesting to see how different antivirus software perform under the same conditions. The method used in the videos seems fair and straightforward. Looking forward to checking out the photos and results.
 
  • Love
Reactions: Behold Eck

Shadowra

Level 37
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,619
No and no!

Let me explain:

antivirus testing is not just about testing the software on a pack....
An av has several defensive shields: antimalware, yes, but also Web protection, behavioral blocking and even Machine Learning. Of course, when running after analysis, it will trigger behavioral protection, but the threat can also come from the Web, so this protection is totally forgotten.

Secondly, EXEs are not the only source of infection.... Nowadays, there are a huge number of scripts that hijack PowerShell to download various payloads and then execute them (this is often the case with AgentTesla, GuLoader, RemcosRat and even LokiBot) ...
It also exists in the form of Java with Adwind or as .ONE using Microsoft's OneNote....
It doesn't use any of these, so it can't test the AV's anti-attack shield (AMSI).

And finally, making a 1 to 2 minute video is totally useless, you can't show anything about the product's effectiveness.
Personally, my videos last between 6 and 9 minutes, because I feel I need to show you everything about the product's key events.

In any case, I will personally avoid....
 

tofargone

Level 5
Thread author
Jun 24, 2024
211
No and no!

Let me explain:

antivirus testing is not just about testing the software on a pack....
An av has several defensive shields: antimalware, yes, but also Web protection, behavioral blocking and even Machine Learning. Of course, when running after analysis, it will trigger behavioral protection, but the threat can also come from the Web, so this protection is totally forgotten.

Secondly, EXEs are not the only source of infection.... Nowadays, there are a huge number of scripts that hijack PowerShell to download various payloads and then execute them (this is often the case with AgentTesla, GuLoader, RemcosRat and even LokiBot) ...
It also exists in the form of Java with Adwind or as .ONE using Microsoft's OneNote....
It doesn't use any of these, so it can't test the AV's anti-attack shield (AMSI).

And finally, making a 1 to 2 minute video is totally useless, you can't show anything about the product's effectiveness.
Personally, my videos last between 6 and 9 minutes, because I feel I need to show you everything about the product's key events.

In any case, I will personally avoid....
Well I certainly didn't mean to spark any criticism, and the bot seemed to like the idea.

What do I know, I'm not the expert, I leave that to you guys.

Still I found it interesting that webroot and I think comodo , didn't even react to the scan on the 400 bad files, they just let them all slide, whereas Eset got all except 10

Oh and thanks for the explanation, that helped me understand things a lot better. Still not as much as you do, but it gave me a peek behind the curtain.
 

Shadowra

Level 37
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,619
Well I certainly didn't mean to spark any criticism, and the bot seemed to like the idea.

What do I know, I'm not the expert, I leave that to you guys.

Still I found it interesting that webroot and I think comodo , didn't even react to the scan on the 400 bad files, they just let them all slide, whereas Eset got all except 10

Oh and thanks for the explanation, that helped me understand things a lot better. Still not as much as you do, but it gave me a peek behind the curtain.

Warning, my review was not for you ;)
only that his process is pretty bad.
 

mlnevese

Level 28
Verified
Top Poster
Well-known
May 3, 2015
1,753
Nahhh everyone knows the only testing method that works is running 2000 supposedly malware samples at once then criticize the product when it didn't detect a perfectly clean sample that often has an interface in a language you do not speak.

:alien:
 

tofargone

Level 5
Thread author
Jun 24, 2024
211
Nahhh everyone knows the only testing method that works is running 2000 supposedly malware samples at once then criticize the product when it didn't detect a perfectly clean sample that often has an interface in a language you do not speak.

:alien:
it didn't detect a perfectly clean sample that often has an interface in a language you do not speak.......... Sorry I don't get it?
 

mlnevese

Level 28
Verified
Top Poster
Well-known
May 3, 2015
1,753
it didn't detect a perfectly clean sample that often has an interface in a language you do not speak.......... Sorry I don't get it?
That's normal in many videos of people who want to test malware. They don't test the sample for actual malware and if it opens a software, it's considered malware automatically. Even if it's just a normal software in some other language. If it's Chinese or Russian some of these "testers" will automatically think it's malware.

As a general hint for anyone who wants to do testing, not everything in the malware sites is actually malware :)
 

CyberDevil

Level 9
Verified
Well-known
Apr 4, 2021
405
In the test with Avast, did he only use Malwarebytes to check the system after the test? In general, and such tests have the right to be. It's always interesting just to see the detection rate of some engine compared to others, although this comparison is not accurate as there is a very long time between some tests, but interesting. I am again convinced that Eset has a very good engine, a little sad for Avast.
 
  • Like
Reactions: Sorrento

tofargone

Level 5
Thread author
Jun 24, 2024
211
In the test with Avast, did he only use Malwarebytes to check the system after the test? In general, and such tests have the right to be. It's always interesting just to see the detection rate of some engine compared to others, although this comparison is not accurate as there is a very long time between some tests, but interesting. I am again convinced that Eset has a very good engine, a little sad for Avast.
OK I get it.

He didn't do the tests correctly or as thoroughly as needed.

My point is, If you just stop after that first scan on 300 or 400 files, and notice the quarantine 'or deletion results, that was a wow moment for me.

A few AV's did nothing, others caught all but 40,files or all but 10, or all but 15 ETC.
 
  • Like
Reactions: Sorrento

Behold Eck

Level 18
Verified
Top Poster
Well-known
Jun 22, 2014
870
Still I found it interesting that webroot and I think comodo , didn't even react to the scan on the 400 bad files
I think that was Zonealarm that totally bombed, those two you mentioned detected and blocked quite a lot.

Anyway these tests feel like he just gets bored with the whole process of executing the undetected samples and then abandons it moving on to the next AV.

Regards Eck:)
 

tofargone

Level 5
Thread author
Jun 24, 2024
211
I think that was Zonealarm that totally bombed, those two you mentioned detected and blocked quite a lot.

Anyway these tests feel like he just gets bored with the whole process of executing the undetected samples and then abandons it moving on to the next AV.

Regards Eck:)
Yea I think your right it was ZA and webroot that caught zero files on scan. I was surprised Comodo did pretty good on the virus scan.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top