- Feb 1, 2013
I did some malware testing (VM) in a rush using a malicious document, some stealers and a precracked software (office 2010) with malware inside the installer. I tested (all defaults) Eset, Kaspersky, Norton, Avast, McAfee, BitDefender, while the malicious installer was tested two times. I have no evidence of the test results for you to see as did not take any video or screenshots, just observed and now I want to share my observations with you, so I posted this here just for gossip, talk and comments, not as a test having a high value.
- Norton really has some problems with Stealers, mainly using IPS for detecting them while it only showed some Data Protector warning & blocked activity while installing the cracked software.Kaspersky IS & Eset IS did not appear very consistent as they could not detect the malware inside the office installer when it was running, they both needed right click & scan. Even then, Eset IS did not always detect the threat (I tested 2 times, the first one ended up with a detection, second ended up with no detection - no idea why). Other threats were detected quickly with no infection apparent.
- McAfee IS is not very effective when right clicking & scanning but when malware is being run it detects it. It also detects most unknown threats, but it leaves files as it detects payloads & spawned files malware create, while it's already running. Also, I liked that in 2nd test with the malicious installed (some hours difference from the first), it stopped the installation and deleted the installer as an unknown threat - the first time it detected some vbs here and there.
- BitDefender IS was very good with it's signatures and BB but I was surprised but it did not detect the malicious installer, neither by scanning or by running it.
- Lastly Avast Free, produced the most clean results, no need to run anything, all detections were pre execution, every single time. well done, i was surprised.
*Samples were not carefully chosen, there was no serious methodology involved, as my free time is limited these days, I just wanted to do some testing and see how it gones with all those vendors.