App Review Kaspersky vs Avast: THE SHOCKING Truth Revealed! Don't Buy Antivirus Until You See This!

[Parkinsond]

Content source

https://www.youtube.com/watch?v=HhEc8469d9Q

Good job Avast

 

[Bot]

Thanks for your input! Avast indeed has some robust features that many users appreciate.

 

[Andy Ful]

I am unsure why the author of the video thinks that the result is unexpected on 100 samples, at least 6 days old.
Such a result is expected for Avast, Kaspersky, and all popular AVs.
The only shocking thing is the title of the video.

 

[Parkinsond]

I am unsure why the author of the video thinks that the result is unexpected on 100 samples, at least 6 days old.
Such a result is expected for Avast, Kaspersky, and all popular AVs.
The only shocking thing is the title of the video.

The last 10'000+ samples test results of unbeatable K and Avast reminded me posting this video.

 

[Andy Ful]

I noticed that at least one malware was able to bypass Avast Hardened Mode CyberCapture Sandbox and get high privileges. Next, it was probably remediated and removed by Avast.

 

[Parkinsond]

I noticed that at least one malware was able to bypass Avast Hardened Mode Sandbox and get high privileges. Next, it was probably remediated and removed by Avast.

View attachment 290682

I could not notice if the video shows the section of settings concerned with "Hardened mode"; I am not sure if it was enabled or not.

And it is the first time to know Avast free has added a new module "Scam Guardian".

 

[rashmi]

Comodo effortlessly outshone Kaspersky and Avast together—no surprises here!

 

[Andy Ful]

I could not notice if the video shows the section of settings concerned with "Hardened mode"; I am not sure if it was enabled or not.

Sorry, I had in mind Avast CyberCapture Sandbox. I corrected my post.

 

[Andy Ful]

There is also a problem with the interpretation of results. There are more established connections before and after the test (both for Kaspersky and Avast).
We cannot exclude the possibility that some malware injected a malicious DLL into Svchost (or another system process) and established a connection to the C2 server.
The tools used in the video may be insufficient to detect such malware.

 

[Trident]

I noticed that at least one malware was able to bypass Avast Hardened Mode CyberCapture Sandbox and get high privileges. Next, it was probably remediated and removed by Avast.

View attachment 290682

DeepScreen and CyberCapture don’t seem to be resistant to virtualisation detection, so the malware probably evaded the analysis, did not deliver the true behaviour. Later on it dropped/downloaded a few executables which triggered Avast. Both Avast and Kaspersky have very deep remediation, but the possibility for injection remains. Avast was good at detecting injections, it had a specific detection name for them.

One of the files is weirdly reported as low risk, the rest is reported as high risk/high confidence.
Weird.

 

[ForgottenSeer 114717]

Weird.

"The Devil and the Truth are in the Details."

Even experienced researchers have to test, re-test, and test again to figure stuff out.

On forums, we're all victims, spectators, or innocent bystanders when it comes to such testing - depending on what one's perspective is.

 

[Zero Knowledge]

I thought we had moved beyond AV/AM testing and debating it's usefulness as a modern security product? Obviously not

AV/AM is only a fraction of the security solutions you should use and consider as part of your arsenal. Things have moved on!

I'd be more concerned these days with identity management and authentication and how many YubiKeys you own these days.

 

[ForgottenSeer 114717]

I thought we had moved beyond AV/AM testing and debating it's usefulness as a modern security product? Obviously not

AV/AM is only a fraction of the security solutions you should use and consider as part of your arsenal. Things have moved on!

I'd be more concerned these days with identity management and authentication and how many YubiKeys you own these days.

My expectation of the typical security solution on the market is that it helps me avoid getting hit and taken out by a bus.

Otherwise, it be like...

 

[Zero Knowledge]

But if you don't play you can't win? You can't lose sure... But if you don't play you go nowhere. There is a saying 'If I hear the music, I'm going to dance'

I think a more reliable test would be running the top 100 released torrent games/software/plugins of the day and testing against that. Sure to find undetected malware there.

 

[Khushal]

I am unsure why the author of the video thinks that the result is unexpected on 100 samples, at least 6 days old.
Such a result is expected for Avast, Kaspersky, and all popular AVs.
The only shocking thing is the title of the video.

You're right to call out the misleading tone of the video. When a domain like capclap[.]online has been circulating for over 26 days, it's expected that top-tier AVs like Avast and Kaspersky would catch it. The real surprise isn’t the detection—it’s the title trying to make routine results sound dramatic.

In fact, as of the latest scan, VirusTotal shows only two detections for the domain. That’s hardly a widespread consensus across engines, and it reinforces your point: this is standard behavior for popular AVs, not some shocking revelation.

You can verify it yourself:

• VirusTotal domain relations for capclap.online
• Kaspersky OpenTip lookup for capclap.online

Malware sample detected only by Avast and/or Kaspersky:

• VirusTotal relations for file 94183f072dd9d79e8c7504e168f3c149b622f1786b9ca62d7f3f93b0efaf1817
• VirusTotal relations for file 2dcebcdbc4f6619b72ebd0633db4f588839bdc358765a802264ef3dde0a98795

 

[simmerskool]

I thought we had moved beyond AV/AM testing and debating it's usefulness as a modern security product? Obviously not

AV/AM is only a fraction of the security solutions you should use and consider as part of your arsenal. Things have moved on!

I'd be more concerned these days with identity management and authentication and how many YubiKeys you own these days.

2

 

[Parkinsond]

We cannot exclude the possibility that some malware injected a malicious DLL into Svchost (or another system process) and established a connection to the C2 server

Does allowing outbound connection to svchost exe only per service can overcome malicious dll injection and connection to c2 servers?

 

[Parkinsond]

The real surprise isn’t the detection—it’s the title trying to make routine results sound dramatic

I think the title because a free AV performed equal to a paid one.

 

[Parkinsond]

You're right to call out the misleading tone of the video. When a domain like capclap[.]online has been circulating for over 26 days, it's expected that top-tier AVs like Avast and Kaspersky would catch it. The real surprise isn’t the detection—it’s the title trying to make routine results sound dramatic.

In fact, as of the latest scan, VirusTotal shows only two detections for the domain. That’s hardly a widespread consensus across engines, and it reinforces your point: this is standard behavior for popular AVs, not some shocking revelation.

You can verify it yourself:

• VirusTotal domain relations for capclap.online
• Kaspersky OpenTip lookup for capclap.online

Malware sample detected only by Avast and/or Kaspersky:

• VirusTotal relations for file 94183f072dd9d79e8c7504e168f3c149b622f1786b9ca62d7f3f93b0efaf1817
• VirusTotal relations for file 2dcebcdbc4f6619b72ebd0633db4f588839bdc358765a802264ef3dde0a98795

Even NextDNS is blocking it; layered security measures is more efficient than any AV regardless of its name and reputation.

 

[Sorrento]

The title would certainly prevent any further investigation as its ridiculous.