Which AV can handle simultaneous attacks?

Can your AV handle concurrent attacks?

  • Yes

  • No

  • Other

Results are only viewable after voting.
DeepWeb

DeepWeb

Level 25
Thread author
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
Here is an interesting paper published by the International Journal of Information Security from August 2015. Yes, almost two years ago but the subject is still relevant?

Can modern antiviruses, antimalware handle concurrent attacks?

In this paper, we want to check how the AV behaves under pressure. We make the AV extremely busy in order to bypass its detection. We test several commercial AVs against three scenarios: when data flow from the hard drive (HD) into the main memory (reading), when data flow from the main memory into the HD (writing), and when data flow through the network (sending and receiving). This paper shows that when the AV is overloaded, some malwares can evade detection (in the reading scenario) and enjoy the existence for much more time on the HD (in the writing scenario). Finally, we show that the AVs (or at least the ones we tested in this paper) do not check network data as long as they are not written to or read from the HD.
This paper is bringing something up that has a big influence on what antivirus I choose. And to test the solution I use, I just run a simple test of flooding my computer with harmless test files from here:
Feature Settings Check for Desktop Solutions » AMTSO

The key is to download as many samples as you simultaneously. Usually, an antivirus will detect and stop single files. But, if your computer is being flooded by multiple malware files, it might skip over some of them. I think handling concurrent attacks is a serious issue in a new age where we have persistent threats and ransomware attacking a host from multiple angles which is why layered security (anti-exe, sandbox, firewall, HIPS) is so important. But still...

Can your antivirus handle concurrent attacks? If yes, What are you using? If not, are other programs kicking in gear when your AV skips files? :)
 
  • Like
Reactions: Andytay70, ravi prakash saini, ElectricSheep and 3 others
AtlBo

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Answered idk.

Based on experience I have had I can see how this could be possible. Maybe something light but responsive and reliable like NVT ERP with an a-v is a good idea? I have ERP with Comodo mostly because I worry Comodo might skip a beat reading a file, so I guess that's the same thing or similar. Anyway, probably many are familiar with the quirks of Comodo (very mild but present)...
 
  • Like
Reactions: ravi prakash saini, Rengar, Sunshine-boy and 2 others
RoboMan

RoboMan

Level 34
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
Kaspersky Internet Security 2017 blocked all links you mentioned. Yay!

Regarding to your question, i think, if well configured, the antivirus should stop them all, even if busy. That's why by default most of them bring a "deny-by-default" configuration, meaning that whatever the case, if user promp is not responded or cannot show up, the item should be automatically blocked. How well AV handle this option? That depends on the software i must imagine.
 
  • Like
Reactions: ispx, harlan4096, ravi prakash saini and 5 others
DeepWeb

DeepWeb

Level 25
Thread author
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
kamla5abi said:
ok...so how do you run your test exactly?
you said you "run a simple test of flooding my computer with harmless test files from here: Feature Settings Check for Desktop Solutions » AMTSO The key is to download as many samples as you simultaneously."

but surely you dont mean clicking each link one after the other as fast as you can...??o_O:eek::p
Click to expand...
Actually yes. I could have used an autoscript. But I thought that might be a little overkill. Manually by middle mouse clicking all of them in a short period of time prompting the download.

Windows Defender for example will handle them one by one in the order they were received.
Kaspersky Free Antivirus (note! the free version, the paid version can handle concurrent attacks) only deletes the first two and after that it just sits there. But, running a manual scan will get them deleted.
F-Secure refuses to resolve the link.

This is just a simple test and the design obviously has flaws. What would really be interesting is to see what an AV does when it receives different types of attacks, e.g. one ransomware, one virus, one exploit attempt, one from the network at the same time. I would think that most solutions have multiple engines and they can handle it. And hopefully some solutions create instances of their engines to deal with concurrent attacks. In most AV reviews, we only see infection one-by-one which is generally the case and the research does show that most are not designed. Then again the research is from two years ago. Maybe some vendors have seen it and taken the critique by heart and adjusted by now. :)
 
  • Like
Reactions: ravi prakash saini
Atlas147

Atlas147

Level 30
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 28, 2014
1,990
Avast just shows 1 pop up, telling me that the webpage has been blocked, then simultaneously clicking on the same webpage would render it useless, the webpage won't even load because avast has blocked it, but the avast pop up doesn't even show because it has showed it the first time before. So I guess yes? My AV can handle simultaneous attacks
 
  • Like
Reactions: DeepWeb and ravi prakash saini
F

ForgottenSeer 58943

5 out of 6 of those were blocked at my Gateway and Transparent before they could even hit the network. The phishing one was blocked by Kaspersky Free. For a score of 100%, almost all of which was captured at the gateway.

Fortinet E series stopped 1 and 2. Untangle (Transparent Bridge Scanner, behind Fortinet) blocked 3, 4, 6 (and every link on 3). Kaspersky Free blocked 5. I like to stop things at the gateway before they breach my network, which often is too late. My layered approach at the gateway has proven to be exceptionally effective.

blocks.png
 
  • Like
Reactions: ravi prakash saini and mlnevese
You must log in or register to reply here.

Similar threads

Bot
    • +Reputation
    • Like
Security News Ransomware hits The Big Issue. Qilin group leaks confidential data
Replies
0
Views
926
Security News
Bot
Bot
oldschool
    • Like
    • Hundred Points
    • Applause
Hot Take Chrome Extensions: eyeo's journey to testing service worker suspension
Replies
1
Views
277
Web Extensions
oldschool
oldschool
Gandalf_The_Grey
    • Like
AV-Comparatives Advanced Threat Protection Test 2023 – Consumer
Replies
0
Views
444
Security Statistics and Reports
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top