Malware VM test results

Test one – (testing three systems at a time – need a bigger box to handle more VM’s!)

downloading a software crack – I’m focusing on software cracks because the other typical method of infection, Porn, I choose not to spend my time looking at even for such a good cause as this.

MSSE – did not complain about the file

Norton 2010 – blocked the file – “downloader”

Avast – did not complain about the file


Fake Antivirus – Install file captured in wild

Attempt to copy onto desktop of VM –

MSSE – Detected and blocked copy

Avast – Allowed copy no problem

Avast – Since it allowed the copy I ran it.  The fake A/V program downloaded the payload and installed the typical fake A/V.  AVAST = OWNED.

Avast – Restore snapshot, start again.

Norton – after a long time pausing the copy it eventually stopped the copy and popped up a security alert

Next – Install LimeWire, the number one virus installation tool in the world.

Download a software crack.  Both MSSE and Norton hit on the trojan, but it seems that more of the trojan got stopped on the norton system than the MSSE system, even though on the MSSE system the executable did not manifest even though it was running.  The avast system (after catching up to the others) hit on the download immediately and prompted to delete or quarantine.  Avast – redeeming itself.

I’ll be honest here, I *am* biased towards avast in this test, I’ve been a fan of it for a time now.  I like to root for the “little guy” and see a lesser known A/V tool do well against the “big guys”.  But, in the end, it is just a tool and if the “bug guys” make a better tool – I’ll use it and recommend it.

It seems that Avast might be very adept and cleaning systems but it MAY be falling behind MSSE and Norton ’10 in the fresh stuff.

More updates later.


Leave a comment

No comments yet.

Comments RSS TrackBack Identifier URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s