App Review Real World, Evasive Malware and Performance Test by Trident

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
F

ForgottenSeer 98186

F-Secure does not do well against scripts. A user needs to disable wscript globally. They also have to know that fact in the first place.

An F-Secure user should disable the usual suspects - either the interpreters\sponsors or their associated file types.

If you performed a prolific downloader test with F-Secure, then you would end up with an infected machine. A person can bank on that result every single time.

java malware was a miss
AV have not been focusing on java malware for years because fewer and fewer users install it. I know malware can download and install it, but that is just how the AV industry works. Much of what directs AV industry efforts are the incidence of threats. java malware, statistically, is no longer considered a significant threat.
 

Shadowra

Level 37
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,630
I am going out and by the time I come back this pack will already be old. I collected everything yesterday between 2 and 3 PM. Maybe @Shadowra can test Emsi and we’ll see the scoring.
C:/Program Files
C:/Program Files (x86)
C:/Program Files/Common Files
C:/ProgramData
Need to be examined to determine the size on disk.
They usually write in the Users directory as well, but not that much information.

The RAM usage can be seen in task manager as well.

If it’s an online installer, does it install the latest version of the software or does it download program update?

Does it bombard with notifications?

It uses Bitdefender engine, so I would imagine everything will be detected.


Emsisoft Anti-Malware

Real World Protection Test -0 (pass)
Evasive Malware Test -0 (pass)
Performance (Abnormal Size on Disk -10, Abnormal Memory Usage -10)
User Experience (Installer is online but download the latest version of the software / does not bombard alerts, it groups them 0)

Capture d’écran 2023-04-01 183825.pngCapture d’écran 2023-04-01 183853.pngCapture d’écran 2023-04-01 184129.png
 

zkSnark

Level 5
Verified
Well-known
Jan 13, 2019
223
Emsisoft Anti-Malware

Real World Protection Test -0 (pass)
Evasive Malware Test -0 (pass)
Performance (Abnormal Size on Disk -10, Abnormal Memory Usage -10)
User Experience (Installer is online but download the latest version of the software / does not bombard alerts, it groups them 0)

View attachment 274089View attachment 274090View attachment 274091
Good to see Emsisoft passed Real world and Malware protection tests. I just don't like the too much FPs it warns about.
So the battle now between Bitdefender and Emsisoft. Who wins? 🤔
 

Shadowra

Level 37
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,630
WiseVector StopX

Real World Protection Test -20 (2 malwares missed / 1 trojan connected)
Evasive Malware Test -40 Rat/Infostealer / Ransomware, no exfiltration and product offers backup -10
Performance pass -0
User Experience Bombarding with notifications -5 / Product offers only minimal configuration -2
Total : 48

Capture d’écran 2023-04-01 194505.png


Capture d’écran 2023-04-01 194539.png

Capture d’écran 2023-04-01 194821.png

Capture d’écran 2023-04-01 195005.png

Capture d’écran 2023-04-01 195100.png
 

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Total is 0 actually, failure on Real World Protection is -100 because I’ve picked malware and links that must be detected. But this is a special case here (no updates) so let it be 48.

Edit:
I calculated 33 (bonus 10 cuz it’s free) 🫣
 
F

ForgottenSeer 97327

Great video thanks, never mind the mouse movements.

I was an early Mac user and liked the early document centered Mac user interface. Nowadays Mac laptops seem ancient to me with the program centered interface with no touchscreen. But with a Mac you get Apple WDAC and Store limitations and no Apple user is complaining (y)
;) Try to enforce that on Windows and the whole world starts complaining. Same with Android where 99% of the users have no root access. Try that on WIndows (no admin) :p
 

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
If you performed a prolific downloader test with F-Secure
Yeah it can be done if I have to test one product, I could’ve created custom loaders (I can use quantum for shortcuts, powershell encryptor and others) but there is no shortage of real malware to go there. On a longer and more detailed test it may perform differently.
 

a090

Level 2
Mar 26, 2023
67
It blocked a lot on my test as well. It blocked everything (including on the desktop there was one script which I downloaded from a link in the real world protection test on purpose). But the java malware was a miss and wscript was running.

DeepGuard unfortunately doesn’t delete, it just blocks.

F-Secure impressed me as well. Watched the whole test from beginning to end (I was the first Like on the video!) 😄 That being said, the product definitely needs improvement in the Java malware sector. Also in malware remediation. But so far, I don’t regret my purchase one bit.

Btw, will hit you up in a few days via PM. I game from time to time and may need Java. Will get your opinion on some stuff so I can catch anything fishy ASAP if I do. There must be a way to harden Java so it’s only available to the game and can’t be used or seen by other programs.

Or I could go all out and just run the damn thing in a VM. We’ll see… Installing Java on my PC makes me cringe a bit which is why I haven’t yet.
 

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
F-Secure impressed me as well. Watched the whole test from beginning to end (I was the first Like on the video!) 😄 That being said, the product definitely needs improvement in the Java malware sector. Also in malware remediation. But so far, I don’t regret my purchase one bit.

Btw, will hit you up in a few days via PM. I game from time to time and may need Java. Will get your opinion on some stuff so I can catch anything fishy ASAP if I do. There must be a way to harden Java so it’s only available to the game and can’t be used or seen by other programs.

Or I could go all out and just run the damn thing in a VM. We’ll see… Installing Java on my PC makes me cringe a bit which is why I haven’t yet.
If for some reason Java environment must be used (games and Android development are the two reasons I can think of) then hardening is not an option. You might be able to restrict it via Windows Firewall so it can’t connect to the network (with some games it may be a problem) but Windows Firewall rules are easily manipulated by malware usually. The sample that contains “Unilever” in the name destroyed Microsoft Defender. It didn’t deliver Magnum and Dove 🕊️.

You can upload everything on VT to check it beforehand, but this Java RAT had a detection of 5 there so that’s not an option as well.

If you download any java-based content from trusted sources only, then it should be fine. This specific RAT is from a SPAM campaign but it may as well be presented as a modded/cracked game or something.

The Java malware miss was expected, this vector is usually poorly covered. It may be worth saying goodbye to Java content or running in a VM.

I will tell you how you can analyse manually Java content in a PM.

Btw, thanks for the like.
 
Last edited:

a090

Level 2
Mar 26, 2023
67
I will tell you how you can analyse manually Java content in a PM.

Btw, thanks for the like.

Sounds perfect, my brother. I’m looking forward to it. No rush, just whenever you have time. I won’t have the time to play those games these days. Busy with work. But will reach out when it’s time.

And no worries about the Like, there is a lot more where that came from. Just finished for the day and about to sit down, get “un-sober” (ha), and binge some more of your videos. If you see a bunch of Likes popping up on your vids, that’s me.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top