Test one – (testing three systems at a time – need a bigger box to handle more VM’s!)
downloading a software crack – I’m focusing on software cracks because the other typical method of infection, Porn, I choose not to spend my time looking at even for such a good cause as this.
MSSE – did not complain about the file
Norton 2010 – blocked the file – “downloader”
Avast – did not complain about the file
Fake Antivirus – Install file captured in wild
Attempt to copy onto desktop of VM –
MSSE – Detected and blocked copy
Avast – Allowed copy no problem
Avast – Since it allowed the copy I ran it. The fake A/V program downloaded the payload and installed the typical fake A/V. AVAST = OWNED.
Avast – Restore snapshot, start again.
Norton – after a long time pausing the copy it eventually stopped the copy and popped up a security alert
Next – Install LimeWire, the number one virus installation tool in the world.
Download a software crack. Both MSSE and Norton hit on the trojan, but it seems that more of the trojan got stopped on the norton system than the MSSE system, even though on the MSSE system the executable did not manifest even though it was running. The avast system (after catching up to the others) hit on the download immediately and prompted to delete or quarantine. Avast – redeeming itself.
I’ll be honest here, I *am* biased towards avast in this test, I’ve been a fan of it for a time now. I like to root for the “little guy” and see a lesser known A/V tool do well against the “big guys”. But, in the end, it is just a tool and if the “bug guys” make a better tool – I’ll use it and recommend it.
It seems that Avast might be very adept and cleaning systems but it MAY be falling behind MSSE and Norton ’10 in the fresh stuff.
More updates later.
Leave a comment
No comments yet.