App Review Real World, Evasive Malware and Performance Test by Trident

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.

Trident

Level 29
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
1,817
Shall we do another test at one point.

I would suggest the following for it.

Vulnerable script interpreters will be blocked from accessing the internet, where products have firewall.
Norton’s IPS blockage will be counted as hit and not miss.

On Kaspersky Application Control, all script interpreters will be placed under untrusted group.

Shall we do that?
 

Nikos751

Level 20
Verified
Malware Tester
Feb 1, 2013
970
Shall we do another test at one point.

I would suggest the following for it.

Vulnerable script interpreters will be blocked from accessing the internet, where products have firewall.
Norton’s IPS blockage will be counted as hit and not miss.

On Kaspersky Application Control, all script interpreters will be placed under untrusted group.

Shall we do that?
Also Eset could have some customizations, like hips in smart mode and some extra rules & settings.
 
  • Like
Reactions: Trooper and Trident

Shadowra

Level 34
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,359
Shall we do another test at one point.

I would suggest the following for it.

Vulnerable script interpreters will be blocked from accessing the internet, where products have firewall.
Norton’s IPS blockage will be counted as hit and not miss.

On Kaspersky Application Control, all script interpreters will be placed under untrusted group.

Shall we do that?

Tell me when you do the test and pass me the malware too, I'll make you some AV ;)
 

Trident

Level 29
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
1,817
Will collab definitely cuz it’s a little bit time consuming. On Eset I will see what can be done with HIPS to target script interpreters. At the very least we will block them under firewall.

Including I will prevent the Java executable from executing/connecting to the network.
 

Jonny Quest

Level 17
Verified
Top Poster
Well-known
Mar 2, 2023
815

lol, you have me beat ;)

bd expires.jpg
 

mlnevese

Level 26
Verified
Top Poster
Well-known
May 3, 2015
1,553
Bitdefender has come a long way since the days it was a bug festival. I wouldn't fear to recommend it to anyone who asked, as far as they tested it first.. I have tested it and even the problem it used to have with my wife's work VPN is gone.
 

Trident

Level 29
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
1,817
I will take time to think of a testing procedure that will be feasible for Kaspersky, Norton, Avast, Eset and Bitdefender, and will come back to discuss it here.

I suggest that from a test like this we drop f-secure as it does not provide neither a firewall, nor anything that can harden the system. What do you guys think?
 

Nikos751

Level 20
Verified
Malware Tester
Feb 1, 2013
970
I will take time to think of a testing procedure that will be feasible for Kaspersky, Norton, Avast, Eset and Bitdefender, and will come back to discuss it here.

I suggest that from a test like this we drop f-secure as it does not provide neither a firewall, nor anything that can harden the system. What do you guys think?
Concerning Fsecure, I agree. It can be a test showing the benefits of tweakable products oriented for power users.
I would not touch sensitivity settings though. It’s just inconvenience and non sense FP’s.
 

RansomwareRemediation

Level 4
Verified
Well-known
Jun 22, 2020
167
If Kaspersky Application is tweaked, never in the world will anybody (including Bitdefender) win against them. The test strategy requires products to be tested with default settings. Otherwise various disputes will arise. All products are not tweaked.

Maybe I can do another Kaspersky test with tweaked Application Control.
that Kaspersky configured to the maximum has no rival, I argue with you. I have seen tests where kaspersky is configured to the maximum and does not detect "so much" more malware than a certain one, the more it consumes more resources than detecting much more malware. Correct me if I'm wrong but Application control doesn't block scripts.
Greetings.
 

Trident

Level 29
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
1,817
that Kaspersky configured to the maximum has no rival, I argue with you. I have seen tests where kaspersky is configured to the maximum and does not detect "so much" more malware than a certain one, the more it consumes more resources than detecting much more malware. Correct me if I'm wrong but Application control doesn't block scripts.
Greetings.
Kaspersky Application Control can block anything you want it to block. I have tested it under default configuration, as the purpose is to test the detection and not my ability to block things. This is how most users will leave it. Out of curiosity and for certain audience specifically, other tests can be performed.
 

Decopi

Level 6
Verified
Oct 29, 2017
269
Please, allow me here my ignorant two cents for future new tests. IMHO, the most interesting, intelligent and dreamed test always will be to discover (at present time) the best:

1. Freeware

2. Protection

3. Performance

4. With tweaks, HOWEVER, with the least amount of tweaks (minimum changes needed on default version to be hardened)
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,749
I would like to know why Kaspersky test was performed with a beta version... also which beta build? Kaspersky betas come with debugging system enabled, that means You should disable it and reboot, then also delete 3 keys in Windows registry (previously disabling temporary K. auto-defense) and reboot again, to get a more stable system, still being a beta, You may find some inconsistencies in the system.

In the rest of the video tests for the other products, why don't use KVRT tool? it's known that HMP as SOS it is “suboptimal” using @cruelsister terminology, and NPE is good but not as good as KVRT in most cases.

Finally, some suggestion for the tests, is checking AutoRuns Windows sections, with SysInternals Tools and/or Comodo AutoRuns, also enabling VirusTotal column on them, to show clearly which suspicious/malicious processes remained running after the dynamic tests, and please, product tested should be in English, in this forum, any video test with product in a different language than English will be directly removed.
 
Last edited:

Trident

Level 29
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
1,817
I would like to know why Kaspersky test was performed with a beta version... also which beta build? Kaspersky betas come with debugging system enabled, that means You should disable it and reboot, then also delete 3 keys in Windows registry (previously disabling temporary K. auto-defense) and reboot again, to get a more stable system, still being a beta, You may find some inconsistencies in the system.

In the rest of the video tests for the other products, why don't use KVRT tool? it's known that HMP as SOS it is “suboptimal” using @cruelsister terminology, and NPE is good but not as good as KVRT in most cases.

Finally, some suggestion for the tests, is checking AutoRuns Windows sections, with SysInternals Tools and/or Comodo AutoRuns, also enabling VirusTotal column on them, to show clearly which suspicious/malicious processes remained running after the dynamic tests, and please, product tested should be in English, in this forum, any video test with product in a different language than English will be directly removed.
I’ll try and take this as a positive and constructive criticism.

The version tested was downloaded from comss.ru which was also mentioned clearly in the official post, before it was edited upon disputes that Kaspersky does not require a card to be downloaded. I tried to change the language, but it seems after installation either it can’t be done, or I didn’t find it in the Russian interface.

Autorun inspection wasn’t necessary really, they all missed either the RedLine stealer, which with autorun or without, has exfiltrated the needed data or the Java Rat, which did create autoruns. The system has been compromised which is a fail.

Now that you have told me that “updater” Kaspersky offers is also an installer/uninstaller, I know where to download it.
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,749
Autorun inspection wasn’t necessary really, they all missed either the RedLine stealer, which with autorun or without, has exfiltrated the needed data or the Java Rat, which did create autoruns. The system has been compromised which is a fail.

I posted my suggestion for all tests, not only for K. one.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top