Review based on Shadowra tests
- Thread starter Parkinsond
- Start date
I don't know who this Reddit member is, but I hate being slandered. I'm always open to discussion, especially since my videos aren't meant to influence people by saying “This AV is great, get it” or anything like that, but rather to guide them.
No antivirus is perfect. Whether it's Eset, Kaspersky, Emsisoft, Bitdefender, or any other.
And yes, I know the comparison is outdated because, as I said, it's a comparison made only at the end of the year.
No antivirus is perfect. Whether it's Eset, Kaspersky, Emsisoft, Bitdefender, or any other.
And yes, I know the comparison is outdated because, as I said, it's a comparison made only at the end of the year.
I’ve got a few questions for people reading the above
In regards to Kaspersky’s “reactive approach” does Kaspersky offer full default-deny (which includes scripts) or does it not? Does it also offer layers and layers besides that (from web protection to unticking adware in installers).
How come it’s only Emsisoft that did a good job. Or maybe the gentleman is a reverse engineer and malware analyst @Emsisoft?
When talking about “modern evasion techniques” at any given time, there are hundreds of them that work.
I only saw one being tested.
One evasion technique is not enough to conclude.
An AV may be super amazing blocking that and then may fail on something else, way more trivial.
In regards to Kaspersky’s “reactive approach” does Kaspersky offer full default-deny (which includes scripts) or does it not? Does it also offer layers and layers besides that (from web protection to unticking adware in installers).
How come it’s only Emsisoft that did a good job. Or maybe the gentleman is a reverse engineer and malware analyst @Emsisoft?
When talking about “modern evasion techniques” at any given time, there are hundreds of them that work.
I only saw one being tested.
One evasion technique is not enough to conclude.
An AV may be super amazing blocking that and then may fail on something else, way more trivial.
I consider your tests still valid and crucial for deciding which AV to use.
Focusing on "time to remediation" similar to AVLab tests.
Thank you
I don't take his comment badly because I accept all criticism (constructive criticism, that is) and I've already said that Emsisoft will be retested. I'm just avoiding giving dates right now because I'm pretty busy IRL
Still, if this Reddit member ever wants to discuss it with me, the door is open
First off, thank you for all the work you do here. I think you upset someone! Furthermore, this subreddit sucks. If you're not using Defender or Bitdefender (apparently Emsisoft as well now), you're wrong. McAfee and Norton are malware, etc., etc.
'Keyboard warriors'- Shame: @Shadowra I also value your tests, your posts & the honest way you go about it, your last review of Emsisoft was IMO fair & about the same as my feelings, you are a credit to this site & as a fair & diligent tester - Absolute!
I understand but I see several problems in this post:
-It starts with “I am…”. This sounds like over-justification and the post overall structure is of a marketing piece focused on scareware tactics (Install Emsisoft if you don’t wanna be pwned). Emsisoft is a paid product, so purchase is recommended indirectly.
-The shellcode is harmless. The author mentions Eset LiveGuard. He possibly downloaded the compiled executable and had it emulated by LiveGuard. But LiveGuard looks for real malicious behaviour. Just launching calc.exe via code injection, whilst suspicious is not malicious enough for LiveGuard to take action.
-Statements X,Y are reactive, Z is proactive based on a single PoC: that’s the biggest issue.
-The author is looking for remediation. There is nothing to “remediate” here per se. There are no files or registry entries written/modified/deleted. In this case, “remediation is simply terminating the process. There is nothing else that can be done.
This is one of the cases where one unrealistic scenario is extrapolated to provide “friendly expert recommendation like do not use this, but rather use this”. One single data point is not enough to issue such statements.
Last but not least, home AVs (even those that are a spin off of a business products) are not designed to block “advanced threats” and this is a common knowledge. Testing home products against those is a waste of time.
This is also one of the many tests exclusively focused on malware, malware detection/prevention, for home users there are other dangers as well, which Emsisoft doesn’t cover very well (specially Phishing and SCAM).
Recommending home users to install solutions that cover malware detection (even if they do it better than X and Y) and do not cover the rest is anecdotal and no real expert does that. For such bold recommendations, a much more holistic analysis is needed.
-It starts with “I am…”. This sounds like over-justification and the post overall structure is of a marketing piece focused on scareware tactics (Install Emsisoft if you don’t wanna be pwned). Emsisoft is a paid product, so purchase is recommended indirectly.
-The shellcode is harmless. The author mentions Eset LiveGuard. He possibly downloaded the compiled executable and had it emulated by LiveGuard. But LiveGuard looks for real malicious behaviour. Just launching calc.exe via code injection, whilst suspicious is not malicious enough for LiveGuard to take action.
-Statements X,Y are reactive, Z is proactive based on a single PoC: that’s the biggest issue.
-The author is looking for remediation. There is nothing to “remediate” here per se. There are no files or registry entries written/modified/deleted. In this case, “remediation is simply terminating the process. There is nothing else that can be done.
This is one of the cases where one unrealistic scenario is extrapolated to provide “friendly expert recommendation like do not use this, but rather use this”. One single data point is not enough to issue such statements.
Last but not least, home AVs (even those that are a spin off of a business products) are not designed to block “advanced threats” and this is a common knowledge. Testing home products against those is a waste of time.
This is also one of the many tests exclusively focused on malware, malware detection/prevention, for home users there are other dangers as well, which Emsisoft doesn’t cover very well (specially Phishing and SCAM).
Recommending home users to install solutions that cover malware detection (even if they do it better than X and Y) and do not cover the rest is anecdotal and no real expert does that. For such bold recommendations, a much more holistic analysis is needed.
Last edited:
"MD is all that you need"
There does appear to be scareware in the post, along with these are the only solutions I would recommend, reminiscent of some advertising I see, all all nothing, black & white approach, life is generally rarely like that.
That’s a very accurate heuristic analysis.
Introduction as an expert + one simple PoC + extrapolated views (very much scareware-like) + final recommendation (immediately start using this to stay safe).
Nothing more to add.
Let's sort all this out, if you don't mind.
It is important to note that Kaspersky, like any good antivirus program, monitors network connections in real time. I have seen Kaspersky block C&C servers when malware was not recognized (especially on LummaC2). If the connection is blocked, the malware cannot connect.
Another mistake: Discord infostealers. Most of them are fake games using the Minerva Trojan. Kaspersky with System Watcher can detect this because this Trojan will inject code into the application's JavaScript to retrieve the token. I have already tested it solo on VM.
As for cookies, they are placed in an encrypted browser folder. Antivirus programs such as Avast! can block this action via their IDS.
It is illogical to say that only one antivirus program does this while dismissing most others.
Let's continue.
Everyone knows that ESET is mediocre at detecting unknown programs because, by default, its HIPS only protects its own files (it improves a little when you set it to Intelligent, but still not enough). ESET is also one of the few that lets GDI malware through that will destroy the MBR (I spend my life reporting it to them...), but it is one of the only ones that CORRECTLY detects injectors/botnets or other infostealers much faster than the others.
Like any AV, it has its strengths and weaknesses.
I will not respond to the rest of his thread.
To me, this is clearly hidden advertising to push users towards Emsisoft or BitDefender.
All testers must remain impartial in their choices. We can have preferences (I do), but we must not influence users' choices.
My job is to guide people in choosing their protection solution (if you like Kaspersky, go for it, same for Norton, Avast, etc.). I don't have to push one or the other to install an AV that I prefer and bash the competition (even if some abuse it, hello Panda Dome ^^).
Thank you for reading.
Shadowra.
In my opinion, this is completely false.
It is important to note that Kaspersky, like any good antivirus program, monitors network connections in real time. I have seen Kaspersky block C&C servers when malware was not recognized (especially on LummaC2). If the connection is blocked, the malware cannot connect.
Another mistake: Discord infostealers. Most of them are fake games using the Minerva Trojan. Kaspersky with System Watcher can detect this because this Trojan will inject code into the application's JavaScript to retrieve the token. I have already tested it solo on VM.
As for cookies, they are placed in an encrypted browser folder. Antivirus programs such as Avast! can block this action via their IDS.
It is illogical to say that only one antivirus program does this while dismissing most others.
Let's continue.
Everyone knows that ESET is mediocre at detecting unknown programs because, by default, its HIPS only protects its own files (it improves a little when you set it to Intelligent, but still not enough). ESET is also one of the few that lets GDI malware through that will destroy the MBR (I spend my life reporting it to them...), but it is one of the only ones that CORRECTLY detects injectors/botnets or other infostealers much faster than the others.
Like any AV, it has its strengths and weaknesses.
I will not respond to the rest of his thread.
To me, this is clearly hidden advertising to push users towards Emsisoft or BitDefender.
All testers must remain impartial in their choices. We can have preferences (I do), but we must not influence users' choices.
My job is to guide people in choosing their protection solution (if you like Kaspersky, go for it, same for Norton, Avast, etc.). I don't have to push one or the other to install an AV that I prefer and bash the competition (even if some abuse it, hello Panda Dome ^^).
Thank you for reading.
Shadowra.
I just read the thread, and I have to say I don’t fully agree with that person.
I also do malware reverse engineering and have written my own payloads for pentesting, so I can tell you that Kaspersky has its strengths as well as its weaknesses.
Kaspersky is excellent at detecting malicious scripts such as Batch or PowerShell files.
ESET, on the other hand, is great at detecting in-memory malware and RunPE techniques thanks to its Memory Scan feature. Yes, it’s still somewhat weak on behavioral detection, but it makes up for it with its strong virus database and DNA/HeuR signatures — it can detect multiple malware families with a single signature.
Bitdefender is also excellent, though in my opinion a bit too heavy and sometimes overly aggressive.
Microsoft Defender performs impressively when it comes to catching 0-day threats quickly, thanks to its cloud-based detection and massive telemetry network — though I’ve seen a few false positives here and there.
No antivirus is perfect, and “zero risk” simply doesn’t exist and never will.
Each solution has its pros and cons — but ultimately, it’s up to us humans to stay vigilant, since we’re often the weakest link in the chain!
I also do malware reverse engineering and have written my own payloads for pentesting, so I can tell you that Kaspersky has its strengths as well as its weaknesses.
Kaspersky is excellent at detecting malicious scripts such as Batch or PowerShell files.
ESET, on the other hand, is great at detecting in-memory malware and RunPE techniques thanks to its Memory Scan feature. Yes, it’s still somewhat weak on behavioral detection, but it makes up for it with its strong virus database and DNA/HeuR signatures — it can detect multiple malware families with a single signature.
Bitdefender is also excellent, though in my opinion a bit too heavy and sometimes overly aggressive.
Microsoft Defender performs impressively when it comes to catching 0-day threats quickly, thanks to its cloud-based detection and massive telemetry network — though I’ve seen a few false positives here and there.
No antivirus is perfect, and “zero risk” simply doesn’t exist and never will.
Each solution has its pros and cons — but ultimately, it’s up to us humans to stay vigilant, since we’re often the weakest link in the chain!
I’ll reserve my personal recommendation until I see thorough and credible testing of a security product from any of tester.
Right now what’s being shown isn’t the true infection path, it’s direct execution on the desktop that bypasses multiple protection layers and therefore won’t trigger realistic detection.
You can’t call a product “terrible” based on that.
Right now what’s being shown isn’t the true infection path, it’s direct execution on the desktop that bypasses multiple protection layers and therefore won’t trigger realistic detection.
You can’t call a product “terrible” based on that.
What I thought while reading it, is this a unsolicited promotion post for Emsisoft, are they hurting and in need revenue?
I think (because LiveGuard was mentioned) that the PoC may have been uploaded and downloaded so LiveGuard can capture it.
But you can’t expect a fine tuned engine to flag code injection and launch of calc.exe without any other IoCs as malicious.
The lack of detection is not an indication that LiveGuard (or System Watcher) are inefficient, it is merely an indicator that they are refined to ignore noise and focused on real indicators of malicious intent.
I hope not!!! Otherwise that’s desperation at its finest.
My post was a blanket statement intended to cover all forms. The reference to thorough and credible testing includes any instance of incorrect or flawed testing.
The OP is not slandering you, or anyone else. They just made statements of fact.
I read the post multiple times and there is no criticism of you or your testing. Only that the referenced testing was performed before some product feature additions and improvements to Emsisoft, and that people considering the product based upon that testing should be aware of the product improvements. Nothing stated was a personal criticism directed at you.
Reddit is mostly echo chambers with borg-like hive mindedness. Dissent from the group think, and the subreddit mob will downvote the deviant dissenter into oblivion.
There is not one subreddit that anybody should take seriously, but unfortunately all the crackpots that hang out there take all of it very seriously. The worst is all the leftist drivel.
Emsisoft don't need money. Emsisoft wants money. To keep the lights on. As all AVs do. However Emsisoft leadership are not the types to directly or indirectly use Reddit. Especially for any Emsisoft "promotion."
Appears to be someone who had something to say and they said it. Along with those that disagree with what was said because of how they interpret it.
Perhaps the OP is a final year undergraduate student and that post was their "Capstone" project?
Hey, maybe it is Leo trolling MT via Reddit?
Anyways, only the person who created that post knows their intent. The interpretations and derivations of the OP's "intent" went off the rails quickly here - as per usual on any social media.
You may also like...
-
ESET vs. Bitdefender vs. Kaspersky — Which Is the Best for Home Users in 2025?- Started by Bot
- Replies: 20
-
Real-World Protection Test February-May 2025- Started by Gandalf_The_Grey
- Replies: 40
-
Mac Security Test & Review 2025
- Started by Gandalf_The_Grey
- Replies: 1
-
Announcing the New EDR-Detection-Validation Test
- Started by Gandalf_The_Grey
- Replies: 0