Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
The Shadowra's Battlefield Antivirus 2021
Message
<blockquote data-quote="Andy Ful" data-source="post: 968911" data-attributes="member: 32260"><p>I do not think that using a few on-demand scanning tools for scoring the infections is a good idea.</p><ol> <li data-xf-list-type="ol">The anti-phishing test is inconclusive. If the phishing website is not blocked, then it can be caused by the fact that it was not malicious anymore (it is not checked in the test). For example, it could be compromised only for a while and initially undetected by any AV. Next, some AVs could blacklist this URL after real infection and some could skip it after checking that it is already clean (system protected by the AV was never hit). In this case, the test results are wrong. The AVs that were compromised in the wild got good test results, and AVs that were never hit got bad results.</li> <li data-xf-list-type="ol">Kaspersky left 3 samples on the Desktop, a few leftovers in the Registry (probably PUA), one unpacked executable in the TEMP folder, and one in the custom folder. The file leftovers seemed to be blocked by Kaspersky because there were no active processes in the Killswitch.</li> </ol><p>I am not sure if Kaspersky allowed the real infection in the test - this would require deeper inspection. So, we cannot truly say that the last AV in the test is not as good as the first.<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite132" alt=":unsure:" title="Unsure :unsure:" loading="lazy" data-shortname=":unsure:" /></p><p>Generally, modern AVs work in a complex way and it is often not easy to be sure about the infection, especially when the AV fights the malware on the post-execution level.</p><p></p><p>The AV testing labs use a special environment that can monitor and log the suspicious actions, so they can reliably recognize Indicators of Compromise. It is sometimes very hard to find IoCs when not using such an environment.</p><p></p><p>But, congrats for taking a challenge. Some people can probably learn something about tested AVs and testing problems.<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /><img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite130" alt="(y)" title="Thumbs up (y)" loading="lazy" data-shortname="(y)" /></p></blockquote><p></p>
[QUOTE="Andy Ful, post: 968911, member: 32260"] I do not think that using a few on-demand scanning tools for scoring the infections is a good idea. [LIST=1] [*]The anti-phishing test is inconclusive. If the phishing website is not blocked, then it can be caused by the fact that it was not malicious anymore (it is not checked in the test). For example, it could be compromised only for a while and initially undetected by any AV. Next, some AVs could blacklist this URL after real infection and some could skip it after checking that it is already clean (system protected by the AV was never hit). In this case, the test results are wrong. The AVs that were compromised in the wild got good test results, and AVs that were never hit got bad results. [*]Kaspersky left 3 samples on the Desktop, a few leftovers in the Registry (probably PUA), one unpacked executable in the TEMP folder, and one in the custom folder. The file leftovers seemed to be blocked by Kaspersky because there were no active processes in the Killswitch. [/LIST] I am not sure if Kaspersky allowed the real infection in the test - this would require deeper inspection. So, we cannot truly say that the last AV in the test is not as good as the first.:unsure: Generally, modern AVs work in a complex way and it is often not easy to be sure about the infection, especially when the AV fights the malware on the post-execution level. The AV testing labs use a special environment that can monitor and log the suspicious actions, so they can reliably recognize Indicators of Compromise. It is sometimes very hard to find IoCs when not using such an environment. But, congrats for taking a challenge. Some people can probably learn something about tested AVs and testing problems.:)(y) [/QUOTE]
Insert quotes…
Verification
Post reply
Top
