Malware Experiment – Test Structure

Why do I want to do this test?

I get asked which antivirus product is better.  I make recommendations.  I know that antivirus and antimalware software are not perfect, but I DO know that there are some that are better than others.

I know which A/V products I see come in on machines that are infected and I know which A/V A/M products I use to clean up after those inferior A/V products.  So, this is something for me to do in order to SEE the A/V products in action.

Using Virtual Box (latest version December 2009)

Using a legit activated and WGA approved copy of XP Pro.  Service Pack 3.  All the updates.  IE-6.  Not using IE7 or IE8 or firefox because I want to test the security software, not the browser.

Make multiple clones of the clean and updated VM.

The antivirus products we will be testing first –

Avira

Avast

MSSE

Norton 2009

Norton 2010

One with Nothing

These are the products I want to test because they are the ones I am most curious about right now.  All antivirus products will be installed and updated.

Then, we go to the internet and attempt to infect each virtual machine with the same viruses.  We will basically see what happens and then document the results.

The idea is to have all test criteria the same except for the security product.

Like I said above, this is a test to see which security product I can honestly tell people is “better”.

And, with the power of these VM’s I can possibly continue to do this test again and again and see how the landscape is evolving.

Advertisements

Leave a comment

No comments yet.

Comments RSS TrackBack Identifier URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s