App Review Real World, Evasive Malware and Performance Test by Trident

[ForgottenSeer 98186]

wscript

F-Secure does not do well against scripts. A user needs to disable wscript globally. They also have to know that fact in the first place.

An F-Secure user should disable the usual suspects - either the interpreters\sponsors or their associated file types.

If you performed a prolific downloader test with F-Secure, then you would end up with an infected machine. A person can bank on that result every single time.

java malware was a miss

AV have not been focusing on java malware for years because fewer and fewer users install it. I know malware can download and install it, but that is just how the AV industry works. Much of what directs AV industry efforts are the incidence of threats. java malware, statistically, is no longer considered a significant threat.

 

[Shadowra]

I am going out and by the time I come back this pack will already be old. I collected everything yesterday between 2 and 3 PM. Maybe @Shadowra can test Emsi and we’ll see the scoring.
C:/Program Files
C:/Program Files (x86)
C:/Program Files/Common Files
C:/ProgramData
Need to be examined to determine the size on disk.
They usually write in the Users directory as well, but not that much information.

The RAM usage can be seen in task manager as well.

If it’s an online installer, does it install the latest version of the software or does it download program update?

Does it bombard with notifications?

It uses Bitdefender engine, so I would imagine everything will be detected.

Emsisoft Anti-Malware

Real World Protection Test -0 (pass)
Evasive Malware Test -0 (pass)
Performance (Abnormal Size on Disk -10, Abnormal Memory Usage -10)
User Experience (Installer is online but download the latest version of the software / does not bombard alerts, it groups them 0)

 

[Trident]

Overall Score on this occasion: 80

 

[zkSnark]

Emsisoft Anti-Malware

Real World Protection Test -0 (pass)
Evasive Malware Test -0 (pass)
Performance (Abnormal Size on Disk -10, Abnormal Memory Usage -10)
User Experience (Installer is online but download the latest version of the software / does not bombard alerts, it groups them 0)

View attachment 274089View attachment 274090View attachment 274091

Good to see Emsisoft passed Real world and Malware protection tests. I just don't like the too much FPs it warns about.
So the battle now between Bitdefender and Emsisoft. Who wins?

 

[Shadowra]

Good to see Emsisoft passed Real world and Malware protection tests. I just don't like the too much FPs it warns about.
So the battle now between Bitdefender and Emsisoft. Who wins?

Identical in protection. Emsisoft is just a little lighter on the disk and does not bombard with alerts.

 

[Shadowra]

WiseVector StopX

Real World Protection Test -20 (2 malwares missed / 1 trojan connected)
Evasive Malware Test -40 Rat/Infostealer / Ransomware, no exfiltration and product offers backup -10
Performance pass -0
User Experience Bombarding with notifications -5 / Product offers only minimal configuration -2
Total : 48

Spoiler: WiseVector

 

[Trident]

Total is 0 actually, failure on Real World Protection is -100 because I’ve picked malware and links that must be detected. But this is a special case here (no updates) so let it be 48.

Edit:
I calculated 33 (bonus 10 cuz it’s free) 🫣

 

[artek]

Any chance we could run HitmanPro.Alert through the gauntlet? We almost never see it tested against anything other than ransomware. It'd be interesting to see how it'd do against the infostealers.

 

[Trident]

Any chance we could run HitmanPro.Alert through the gauntlet? We almost never see it tested against anything other than ransomware. It'd be interesting to see how it'd do against the infostealers.

We should test Sophos Home, it already includes HMP. See what Sophos has to offer us.

 

[ForgottenSeer 97327]

Great video thanks, never mind the mouse movements.

I was an early Mac user and liked the early document centered Mac user interface. Nowadays Mac laptops seem ancient to me with the program centered interface with no touchscreen. But with a Mac you get Apple WDAC and Store limitations and no Apple user is complaining
Try to enforce that on Windows and the whole world starts complaining. Same with Android where 99% of the users have no root access. Try that on WIndows (no admin)

 

[likeastar20]

@Shadowra G-Data!

 

[Shadowra]

@Shadowra G-Data!

I think me and @Trident will make some again soon (why not make some on video at my channel sometime)

 

[Trident]

I think me and @Trident will make some again soon (why not make some on video at my channel sometime)

Definitely

 

[Trident]

If you performed a prolific downloader test with F-Secure

Yeah it can be done if I have to test one product, I could’ve created custom loaders (I can use quantum for shortcuts, powershell encryptor and others) but there is no shortage of real malware to go there. On a longer and more detailed test it may perform differently.

 

[a090]

It blocked a lot on my test as well. It blocked everything (including on the desktop there was one script which I downloaded from a link in the real world protection test on purpose). But the java malware was a miss and wscript was running.

DeepGuard unfortunately doesn’t delete, it just blocks.

F-Secure impressed me as well. Watched the whole test from beginning to end (I was the first Like on the video!) That being said, the product definitely needs improvement in the Java malware sector. Also in malware remediation. But so far, I don’t regret my purchase one bit.

Btw, will hit you up in a few days via PM. I game from time to time and may need Java. Will get your opinion on some stuff so I can catch anything fishy ASAP if I do. There must be a way to harden Java so it’s only available to the game and can’t be used or seen by other programs.

Or I could go all out and just run the damn thing in a VM. We’ll see… Installing Java on my PC makes me cringe a bit which is why I haven’t yet.

 

[Trident]

F-Secure impressed me as well. Watched the whole test from beginning to end (I was the first Like on the video!) That being said, the product definitely needs improvement in the Java malware sector. Also in malware remediation. But so far, I don’t regret my purchase one bit.

Btw, will hit you up in a few days via PM. I game from time to time and may need Java. Will get your opinion on some stuff so I can catch anything fishy ASAP if I do. There must be a way to harden Java so it’s only available to the game and can’t be used or seen by other programs.

Or I could go all out and just run the damn thing in a VM. We’ll see… Installing Java on my PC makes me cringe a bit which is why I haven’t yet.

If for some reason Java environment must be used (games and Android development are the two reasons I can think of) then hardening is not an option. You might be able to restrict it via Windows Firewall so it can’t connect to the network (with some games it may be a problem) but Windows Firewall rules are easily manipulated by malware usually. The sample that contains “Unilever” in the name destroyed Microsoft Defender. It didn’t deliver Magnum and Dove .

You can upload everything on VT to check it beforehand, but this Java RAT had a detection of 5 there so that’s not an option as well.

If you download any java-based content from trusted sources only, then it should be fine. This specific RAT is from a SPAM campaign but it may as well be presented as a modded/cracked game or something.

The Java malware miss was expected, this vector is usually poorly covered. It may be worth saying goodbye to Java content or running in a VM.

I will tell you how you can analyse manually Java content in a PM.

Btw, thanks for the like.

 

[a090]

I will tell you how you can analyse manually Java content in a PM.

Btw, thanks for the like.

Sounds perfect, my brother. I’m looking forward to it. No rush, just whenever you have time. I won’t have the time to play those games these days. Busy with work. But will reach out when it’s time.

And no worries about the Like, there is a lot more where that came from. Just finished for the day and about to sit down, get “un-sober” (ha), and binge some more of your videos. If you see a bunch of Likes popping up on your vids, that’s me.

 

[Decopi]

Great stuff!

 

[I3rYcE]

Could you test the K7? I am currently using K7 Total Security.

 

[harlan4096]

Kaspersky Standard User Experience (Credit Card Required to download )

False

Probably You tried via the download subscription link in official site, but did not find or was not able to find the direct link