App Review Shadowra's Big Comparative - Episode 1 : Free Antivirus

[Shadowra]

very nice video dude. congrats.

it would be good to see your testings with kasper free, bit free and nort... ops.. avast free (avast and norton are the same).

windows defender relies on signatures only (almost). i dont see it having what it needs to be the top, but anyway. good test. maybe with newly released samples it would be a better aproach as these are the real problems these days.

All samples are same-day.

 

[vitao]

All samples are same-day.

so we have a Christmas miracle good one for microsoft then

 

[Vitali Ortzi]

so we have a Christmas miracle good one for microsoft then

Its not only signatures it uses behavior components too

Behavior monitoring in Microsoft Defender Antivirus - Microsoft Defender for Endpoint

Learn about Behavior monitoring in Microsoft Defender Antivirus and Defender for Endpoint.

learn.microsoft.com

 

[RansomwareRemediation]

All samples are same-day.

WD depends exclusively on the cloud, disable it, see if it really protects. That's why I don't like it.

 

[Jonny Quest]

WD depends exclusively on the cloud, disable it, see if it really protects. That's why I don't like it.

And whatever some may think of AV-Comparatives, I still think some of their testing is valid, or at least to give pause for consideration. From the Sept test:

Malware Protection Test September 2024

The Malware Protection Test September 2024 assesses program’s ability to protect a system against malicious files before, during or after execution.

www.av-comparatives.org

 

[nickstar1]

hmmmm..... why is Microsoft defender on my system not blocking "known" malicious files when being downloaded but only blocks them on my system when executed? This is not the case on shadows system what's wrong with defender on my system? it appears Microsoft defender is only blocking files on execution on my system only.

 

[Khushal]

In this video, we compare 8 free antivirus programs.
The aim is to see how effective they are, and rank them from worst to best.

Please note:

- the antiviruses are already ranked in the video, I've taken into account Web blocking, the reaction to an attack, my malware pack and how the antivirus will defend itself.
- Please be courteous and respect my ranking. Filming took over 9 hours and 2 hours of preparation.
- the winning antivirus goes straight to the final, episode 3.
- all antivirus are default, I've only activated IF NECESSARY some options that the editor hasn't activated (heuristics, PUP detection etc.)
- the protocol is the same.

Spoiler: Panda Free

Panda is a relatively lightweight free antivirus.
It has no Web filtering, and the Web protection rating is based on blocking downloads.

Web: Panda blocks all malicious downloads, 9/9.

Crack: Panda intercepts malicious executions. 1/1

Pack: Panda leaves 30 malwares out of 111 after a fairly long scan.
Upon execution, Panda will try to defend itself as best it can, but will return a completely infected system.
KVRT will even report malware that has injected a system process.
It will be 8th, last.

Spoiler: Nano Antivirus

Nano is a totally unknown Russian antivirus.
Surprisingly, on the 1st installation, it failed...
I had to restart the installation using the snapshot, which worked.
Nano features Web filtering.

Web: Nano blocks half the links, one of which is dead. 5/9

Crack: Nano blocks installations. 1/1

Pack: Remains 26 out of 111. A rather disappointing result, joining its competitor Panda.
It will be 7th, even if it's a bad result, but it put up a slightly better fight than Panda AV.

Spoiler: Qihoo-360

360 is a popular Chinese antivirus.
It offers many free solutions but tends to install bloatware, which I refuse (like Opera).
Some functions, such as the firewall, are not free, so you'll have to make do with the free version.
I install the KuPeng engine and also activate it for protection.

Web: 7/9 . Qihoo is missing 2 URLs, including a stealer that will close Edge.

Crack: Cold shower... Qihoo doesn't block anything!

Pack: Remains 8 out of 111, even 5 out of 111, which is an excellent score!
But it loses points for not detecting the false crack, the stealer that passed without reacting, the insistence on Bloatwares and a big false positive on a VirtualBox process, unforgivable as a false positive!
He came 6th.

Spoiler: Huorong

Huorong is also a Chinese antivirus, a competitor to Qihoo.
It's an antivirus I had to configure: the heuristics and its Machine Learning were deactivated. I don't understand this choice, so I decided to activate them.

Web: 5.5/9: Huorong lets infections through, especially stealers. Surprisingly enough, Huorong blocks the URL but lets me download and even execute it!
It gets half a point despite the error, as the HIPS tried to catch up.

Crack: Huorong blocks installations. 1/1

Pack: Remains 7 out of 111, excellent score. Huorong defends himself with his HIPS, blocking several attacks. Remnants of infection are present.
In 5th place, an improvement on Infostealer scripts and Trojans is recommended, as it still suffers from shortcomings!

Spoiler: Comodo

Comodo is an antivirus that should not have been tested.
Since I've added an extra spot in the paid list, Comodo has inherited its place.
The program behaves like a free security suite.

Web: 9/9 including 3 anti-malware reactions. Comodo will use its Sandbox to protect the system.

Crack: 1/1, reaction from its anti-malware engine.

Pack: 77 out of 111, the worst score ever!
One thing's for sure: Comodo's anti-malware engine is very bad!
At runtime, Comodo will mainly use its Sandbox. Some VirusScope detections, but rather weak. I had to restart the VM twice because the Unicorn worm was saturating my RAM...
During analysis, a few traces are present despite the Sandbox, but nothing alarming.
It's 4th because its Web protection is non-existent, its anti-malware engine is clearly lagging behind and it relies entirely on the Sandbox, which I certainly find a good protection, but I'd have liked to see something else…

Spoiler: Avira

Avira is a well-known German antivirus company, acquired by Norton in 2021 to form Gen Digital, but still owns its engine.
In the configuration, I've enabled detection of dangerous tools.
I installed its 2 extensions, one of which (Safe Shopping) does Web filtering.

Web: 10/10. Nothing to say, Avira blocks at source.

Crack: After a fairly long execution time due to analysis on the Cloud, Avira blocks the launch (TIME/APC).

Pack: Remains 18 out of 111. Avira blocks several executions thanks to its Cloud, leaving us with a healthy machine. 2 small traces are visible with KVRT.
It's 3rd.

Spoiler: Avast!

Avast is the famous free antivirus, widely known to the general public.
In this test, we opt for its complete suite, One.

Web: Avast blocks all URLs, 10/10

Crack: CyberCapture authorizes launch, but execution .bat is blocked. 1/1

Pack: Remains 11 out of 111. Avast makes a clean machine, infection attempts blocked by Web filtering and IDS.
It is 2nd

Spoiler: Microsoft Defender

The antivirus built into Windows!
For years, Microsoft has been improving its security solution against malware.
I did not activate SAC for this test.

Web: 9/9, MS Defender blocks all downloads. One file is dead

Crack: MS Defender blocks all installations. 1/1

Pack: Remains 4 out of 111, even 3 out of 111, the best score!
The other files don't work, I'm very surprised by his score!
Congratulations Microsoft, he's 1st and will take part in the final!

Winner : Microsoft Defender !

Fantastic test and results on expected lines. Only the top 4 are recommendable.

 

[lokamoka820]

Thank you, @Shadowra, fantastic work .

 

[Gangelo]

hmmmm..... why is Microsoft defender on my system not blocking "known" malicious files when being downloaded but only blocks them on my system when executed? This is not the case on shadows system what's wrong with defender on my system? it appears Microsoft defender is only blocking files on execution on my system only.

You are probably not using Edge, or any Chromium browser with the Defender extension.
@Shadowra is testing with Edge which has Smartscreen and integrates with Defender by design.

 

[Digmor Crusher]

The AV free/paid showdown is a brilliant concept, how about a 3rd test comparison? A secondary protection program showdown, a test to be done with the AV uninstalled or deactivated.
Cyberlock vs. HitmanPro Alert vs. Spyshelter vs. WindowsSimpleHardeningLight vs. Malwarebytes vs. OSArmour

(I would have included Appguard but I know it would have blocked everything.)

Free vs, paid vs. secondary for champion of all . I might put my money on Cyberlock.


Just a thought my friend, if you don't want to do this then no problem.

 

[Shadowra]

The AV free/paid showdown is a brilliant concept, how about a 3rd test comparison? A secondary protection program showdown, a test to be done with the AV uninstalled or deactivated.
Cyberlock vs. HitmanPro Alert vs. Spyshelter vs. WindowsSimpleHardeningLight vs. Malwarebytes vs. OSArmour

(I would have included Appguard but I know it would have blocked everything.)

Free vs, paid vs. secondary for champion of all that is good . I might put my money on Cyberlock.


Just a thought my friend, if you don't want to do this then no problem.

Planned for a later date

It'll be a special issue, probably in February

 

[BulletKnowledge]

Thank you for this interesting test.
Great results for Defender

 

[anirbandutta01]

The AV free/paid showdown is a brilliant concept, how about a 3rd test comparison? A secondary protection program showdown, a test to be done with the AV uninstalled or deactivated.
Cyberlock vs. HitmanPro Alert vs. Spyshelter vs. WindowsSimpleHardeningLight vs. Malwarebytes vs. OSArmour

(I would have included Appguard but I know it would have blocked everything.)

Free vs, paid vs. secondary for champion of all that is good . I might put my money on Cyberlock.


Just a thought my friend, if you don't want to do this then no problem.

Great idea

 

[Onsangon]

Thank you so much for this test. I was waiting for this. It was like a Christmas gift for me.

 

[Vitali Ortzi]

Planned for a later date

It'll be a special issue, probably in February

Hitmanpro.alert isn't great at detecting malware it only has a basic hash check in sophos intelix for the anti malware
As the main purpose is adding tactics that are less covered by anti virus software at least not in the consumer space as well as extra like exploit mitigations (some are technically already covered by exploit guard, asr if configured ) as well as other nice features like adding certain processes , artifacts of a sandbox as it causes some malware to self destruct and a anti keylogger that worked well in cruelsister tests as well as their anti ransomware cryptoguard wich although stops majority of Ransomware (more then even Intel threat detection technology ) it still fails in cruel sister tests

Personally I find it valuable for myself but it's niche and wouldn't do well in tests
Anyway they are working on improving it so only time will tell if it's something I could recommend others to use

 

[Pat MacKnife]

You are probably not using Edge, or any Chromium browser with the Defender extension.
@Shadowra is testing with Edge which has Smartscreen and integrates with Defender by design.

I think @Shadowra disabled smartscreen because there would be a red page with a blocking , now its Defender himself that blocks the download.

 

[cartaphilus]

Macafee seemed to have been improved since it was back then acquired by Intel and I'm interested what improvements it will have now under trellix
From what I have seen so far it's an average av so far with more false positives then the top ones


the test will be very interesting as it has products that aren't getting tested enough and soon in q1 2025 I'm pretty sure most av labs will have tests too Wich will be very useful for everyone to find their picks

US DoD STIG image includes Trellix Suite as their get to default solution. Take whatever conclusions and assumptions you want from it.

 

[cartaphilus]

ESET is lighter on every lab test and from personal experience then Kaspersky
About protection we will have eto wait for the test but usually Kaspersky was the top and nowadays it isn't always although it still has some of the best behavioral detection (system watcher ) and does really good against threats av have a hard time dealing with and that was shown for example with cruel sister worm testing , ransomware tests
Reason I don't really use Kaspersky is political but everyone can agree it's an amazing product
But personally I have bias towards ESET as its the alternative I use for Kaspersky and being lighter and competitive with Kaspersky is very rare

I am with you on that. Also for my personal setup Kaspersky had a noticeable system impact whereupon ESET does not. That's all and nothing less

 

[cartaphilus]

Hitmanpro.alert isn't great at detecting malware it only has a basic hash check in sophos intelix for the anti malware
As the main purpose is adding tactics that are less covered by anti virus software at least not in the consumer space as well as extra like exploit mitigations (some are technically already covered by exploit guard, asr if configured ) as well as other nice features like adding certain processes , artifacts of a sandbox as it causes some malware to self destruct and a anti keylogger that worked well in cruelsister tests as well as their anti ransomware cryptoguard wich although stops majority of Ransomware (more then even Intel threat detection technology ) it still fails in cruel sister tests

Personally I find it valuable for myself but it's niche and wouldn't do well in tests
Anyway they are working on improving it so only time will tell if it's something I could recommend others to use

I have it (bought a key off a user here) and had been using it since at least 2017. Mainly for their keystroke encryptions. Once ESET got a keystroke obfuscation I didn't feel a need for HMPA but I am still keeping it around.... virtually no resource usage and it adds that feel good placebo feeling.

 

[annaegorov]

Caution…

The paid comparison video will be released on January 1. Sorry about that :/

Dang it. I had popcorn ready and everything, now I have to wait. Oh well, at least we have someone we can count on to do honest reviews.