Results 1 to 5 of 5

Thread: Testing AV

  1. #1
    Senior Member
    Join Date
    Feb 2002
    Posts
    500

    Testing AV

    We use Symantec Endpoint protection at work. We are always getting those stupid fake alert programs running on machines, and symantec never stops them or removes them.

    So, we are testing a new AV (Kaspersky) which so far, is doing a great job.

    I would like to test against these fake alert malware programs though, and since the trial is time limited, was wondering if anyone knew a site I could go to to test this.

    Obviously this is an odd request, but as the fake alert doesn't 'spread' I figured it'd be ok to send a test machine to a problem site, and click on the malware to see what happens.

    Thanks in advance!
    Ron Paul: Hope for America
    http://www.ronpaul2008.com/

  2. #2
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Drop me a PM with a mail addy that will allow password protected rar files.

    I work for Panda so its easy for me to gather some samples for you. At your own risk though XD.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  3. #3
    HYBR|D
    Guest
    I'll send you a PM shortly.

    Also i can vouch for Cider, he's the Inside man with access to the good stuff.

  4. #4
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187
    If you have malicious files, you can upload them to virustotal.com ... It will run them against [currently] 41 different AV products, and display the results. These results may not reflect actual detection rates... I have heard that they run them against the CLI version of these programs, but you can still get a pretty good idea. You can also check out hash values.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    We are always getting those stupid fake alert programs running on machines, and symantec never stops them or removes them.
    I guess that unless they are well known, not much will stop scareware, as it doesn't seem to actually do anything malicious?

    I would respectfully suggest that you take a look at your user account policies; as they shouldn't really be able to install anything executable?

    Have you considered sandboxing your internet connections with something like sandboxie or fortres grand?

Similar Threads

  1. New Book Coming Out on Penetration Testing: Thoughts?
    By genXer in forum Product / Book / Training / Conference Reviews
    Replies: 1
    Last Post: December 9th, 2005, 06:51 PM
  2. Application Level Security Testing
    By Spiritus in forum Newbie Security Questions
    Replies: 5
    Last Post: January 13th, 2005, 09:08 AM
  3. Forum for pentration testing
    By mmkhan in forum Site Feedback/Questions/Suggestions
    Replies: 3
    Last Post: January 2nd, 2005, 02:08 AM
  4. Vulnerability Testing (from inside the network)
    By Aspman in forum Newbie Security Questions
    Replies: 9
    Last Post: December 21st, 2004, 01:15 PM
  5. Demystifying Penetration Testing
    By mmkhan in forum Miscellaneous Security Discussions
    Replies: 0
    Last Post: October 28th, 2004, 03:47 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •