AV Research
Results 1 to 8 of 8

Thread: AV Research

  1. #1
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914

    AV Research

    Hey Hey,

    *This belongs in both AV and Adware/Spyware Discussions... I picked this forum.... but a lot of the processes are Network Aware Adware... remember the below machine was used for no surfing... everything that appeared did so on it's own*

    As many of you may know from my posts, convos on AIM, IRC and MSN, or from PMs.... The network at the college where I work is plagued with viruses... We were curious to see exactly what we were dealing with... so I created fresh machine... After spending a few hours trying to locate a Windows XP CD (everything we had was SP1 Slipstream).. I installed it and immediately turned off Automatic Updates... I also ran Pest Patrol, just to ensure there was nothing listed off the default install..

    Over the course of the next 7 days, the test box was connected to 4 different VLANs... two representing Residence Traffic and two representing traffic from our IT Division (The majority of IT students are in a laptop program and have network access in every class).

    I was really surprised to find that halfway through, after spending time on the Residence VLANs... that there were only two virus connections... Considering we see patched computers with double and triple this number of infections, I was very confused... I rebooted the machine and low and behold.. approx 10 additional processes appeared on boot. The machine spent the rest of it's week on the IT VLANs and picked up a few more viruses...

    I created a ghost image of this infected machine, and started doing my testing.. So far I have ran:
    Sophos Anti Virus
    eTrust Antivirus (Our coporate solution)
    ClamWin
    AVG Professional
    Norton AV 2004
    Trend Micro Housecall
    CA Pest Patrol Online

    I have created an Excel sheet comparing the products and then breaking down what each found... In addition I've detailed which processes were running, and then hunted down the binaries of all non-MS applications that were listed.

    I have plans to include:
    McAfee
    PC-Cillin
    AdAware
    SpyBot
    Panda AV
    HiJack This! Log files
    and anything else anyone suggests.

    I am attaching the Excel sheet and also the 'questionable' binaries... Any passwords you run into will be 'antionline'... The zip contains two files... another zip with the questionable binaries and the Excel sheet..

    Anyways, hopefully this will be useful or at least interesting to some of you.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    The machine spent the rest of it's week on the IT VLANs and picked up a few more viruses...
    Do some of the IT people need a bit of a spanking??????
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by Tiger Shark
    Do some of the IT people need a bit of a spanking??????
    Hey Hey,


    The students in the IT Division definately do... IT doesn't refer to our IT department... but the Student-Based IT Division...with the various computer related courses...

    So many IT Students run without AV, without a firewall, without patches... The problem is our CTY (Computer System Technology program [3 year]) and it's two year partner attract people who know nothing about computers but think programming would be too hard... and our CPA (Computer Programmer Analyst program [3 year]) and it's two year counter part attract gamers, gamers and more gamers because it's almost entirely Win32 programming... lots of DirectX stuff... They all buy the latest games, have weekend LAN parties, turn the homework lab into LAN parties and think that the latest and greatest is the best.... They figure they know everything and couldn't possibly get a virus.

    I don't consider myself overly knowledgeable when it comes to computers... but I'd be hard pressed to find more than 5 Students in the division that know as much as I know and I doubt I'd find any that know more... Half of them are there because they think they'll be the next Bill Gates and be worth a Billion dollars within a year of graduating.. As a result, our network get's raped...

    We've had students that have removed files from quarentine bceause they 'thought they were valid files'...

    We've definately got our work cut out for us around there.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  4. #4
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    I tried to D/L this link:
    Symantec Norton NetSec 2004 informed me there was a virus ...........
    and deleted file..........

    Am I missing something ?
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    not at all foxey he said that it contained the virus binaries. you need to turn off real time protection to download and play with them
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  6. #6
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    If you want the scan results without the virus... here's an attachment with just the Excel Sheet...

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  7. #7
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    and anything else anyone suggests.
    Kaspersky is usually in these sort of tests
    also:

    F-Prot
    F-Secure
    Bit Defender

    I am interested in the AV products' ability to detect trojans and other non-viral malware.

    On that note:

    SwatIt
    The Cleaner (Moosoft)

    Interesting
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  8. #8
    Senior Member
    Join Date
    Nov 2001
    Posts
    742
    Would be interesting to see TDS (trojan scan) and nod32 (antivirus) included in the tests aswell nod32 have a quite good record and have 'won' Virus Bulletin 100% Award a few times. I dont know much about TDS except that they claim to be easy to use and good at what they do.

    I have been to lazy to download the Excel sheet so I dont know yet what information you have provided but detection rate, if they are able to clean the infection and scan times (in heuristic mode) would be really interesting .

    ~micael

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •