Redditor runs his own tests to find that almost all top Anti-virus software fail miserably
We install antivirus software on our PCs and laptops based on its reputation. For reputation, we normally trust the reviews and ratings given for that particular antivirus software.
Redditor, man_on_the_train went a little further and devised his own tests to find out how the Antivirus softwares fare. He tested the most popular security software using Matousec’s SSTS, CLT and his own keylogger software.
Man_on_the_train found that almost all top names in antivirus softwares failed in his test save SpyShelter Firewall 10.0 which passed all his tests with a score of 99%. Incidentally, SpyShelter is not a full blown antivirus. Its more of a Firewall which doubles up as AV. Man_on_the_train found that only SpyShelter passed Matousec’s SSTS, CLT and his own keylogger software tests.
“SpyShelter does excellent job in protecting itself from being killed off by malware. It does detect attempts of executing malicious code through Task Scheduler.” Man_on_the_train adds, “BITStest has proven that advanced malware be unable to do anything if user decides to block the action.”
As you can see from the image above almost all of the top Antivirus softwares failed man_on_the_train’s self devised tests. Out of the top AV software, Avira Free Antivirus, McAfee LiveSafe Internet Security and Avast Premier failed to score any grades in Man_on_the_train’s books.
Comodo Internet Security Pro managed to pass the Kill5 Test, get a CLT score of 340/340 and pass Zero-day malware test. Man_on_the_train gave it highest score of 60 % after SpyShelter.
ESET Smart Security, Kaspersky Total Security 16, Zone Alarm Extreme Security managed to eke out 20 % score on man_on_the_train’s benchmarks. While BitDefender Total Security 2015 managed a 4% score and Norton Security managed a paltry 2%. ESET and Kaspersky managed to pass the Kill5 Test and Zone Alarm managed to pass the Zero-Day malware test.
Here are the conclusions given by Man_on_the_train for each Antivirus software.
- Comodo Internet Security :Â Comodo Internet Security Pro will get easily killed off by malware if you do not turn on your HIPS manually. I tested it initially with HIPS on, and it passed kill5 test. Then I turned off HIPS module (default setting) and it got killed off easily. It does not protect against executing malicious code through Task Scheduler. On top of that, BITStest has proven that advanced malware will update itself without any issues with Comodo installed.
- ESET Smart Security :Â ESET Smart Security has passed kill5 test. This is one of the most sophisticated kill methods, and ESET defends itself well. On the other hand, it does not protect against executing malicious code through Task Scheduler. On top of that, BITStest has proven that advanced malware will update itself without any issues with ESET installed.
- Kaspersky Total Security :Â Kaspersky Total Security does protect itself well against sophisticated process killing methods, however it does not protect against executing malicious code through Task Scheduler. On top of that, BITStest has proven that advanced malware will update itself without any issues with Kaspersky Total Security installed.
- Zone Alarm Extreme Security :Â ZoneAlarm has failed all SSTS64 tests. It will get easily killed off by malware. It has failed kill5 test so it can be easily killed. It does not protect against executing malicious code through Task Scheduler. On top of that, BITStest has proven that advanced malware will update itself without any issues with ZoneAlarm Extreme installed.
- BitDefender Total Security 2015:Â Bitdefender Total Security has failed all SSTS64 tests. It will get easily killed off by malware. It has failed kill5 test so it can be easily killed off by malware. It does not protect against executing malicious code through Task Scheduler. On top of that, BITStest has proven that advanced malware will update itself without any issues with Bitdefender installed.
- Norton Security:Â Norton Security has failed kill5 test. This allows any sort of virus to effectively shut down Norton Security. It does not protect against executing malicious code through Task Scheduler. On top of that, BITStest has proven that advanced malware will update itself without any issues with Norton Security installed.
- Avira Free Antivirus:Â First of all, Avira processes can be easily killed by malware. This allows any sort of virus to effectively shut down Avira. Avira does not protect against executing malicious code through Task Scheduler. On top of that, BITStest has proven that advanced malware will update itself without any issues with Avira Free Antivirus installed.
- McAfee LiveSafe Internet Security :Â McAfee Security Center has failed kill5 test. This allows any sort of virus to effectively shut down McAfee LifeSafe Internet Security.It does not protect against executing malicious code through Task Scheduler. On top of that, BITStest has proven that advanced malware will update itself without any issues with McAfee installed.
- Avast Premier:Â Premier has failed kill5 test. This allows any sort of virus to effectively shut down Avast! Premier. It does not protect against executing malicious code through Task Scheduler. On top of that, BITStest has proven that advanced malware will update itself without any issues with Avast! installed.
Man_on_the_train has also posted elaborate videos of his tests which can be accessed here.
Next time you need to buy an anti-virus solution for your PC or Laptop, you know which one to purchase. Kindly upvote man_on_the_train for his efforts on Reddit here.
#Update : Man_in_the_train confirmed that Avast Kill5 tests were wrong(kindly see the comments). He will be conducting fresh tests, results of which we will bring you at a later date.
I haven’t checked the others, but the avast! test is badly flawed, especially the process killing part.
I haven’t checked the actual tests, but if they don’t actually carry a malicious payload (something that carries out actual malicious actions on the system), then DeepScreen will just pass it through basically every single time. If pass/fail solely depends on execution of the EXE then it means absolutely nothing.
As for the task killing, in your test, you killed avastUI.exe. A GUI component that doesn’t even have any kill protection (afaik) since it’s just interface. You haven’t actually killed the scan service of the real-time module…
All his tests are badly flawed. Yet another AV tester wannabe without a clue, sigh…
You are right, Avast passes kill5 test even though it kills its process.
I just went back to the Avast Premier test after reading your comment. I actually missed the fact that Avast’s services bring the Avast application up. It’s services can’t be killed using kill5 test, so I updated the results.
I guess you’re trying to sell SpyShelter? lol
Why should we try to sell SpyShelter? The tests are there for all to see. Man_in_th_train will be conducting further tests and we will also bring that to you.
We dont promote or demote anything, just want you and other readers to make a informed choice.
Regards
Vijay
I guess all the AV testing labs who spend thousands of dollars perfecting their tests don’t know what they are doing, and this unknown tester has it all figured out. Right!
The purpose of endpoint anti-virus is to be a single component in the defense in depth strategy not THE solution to stop attackers.
Comodo internet security is smarter than kaspersky 2016. I think comodo internet security component is advanced and very intelligent antivirus component. But pcmag editors says comodo firewall not block exploit attack.
Where is quickheal?…….
@Mohan – You didn’t read the article heading, it says “Top Antivirus” not all antivirus.
what is the best antivirus software in basic and free version……………… what can i do the software…………
MAN_ON_THE_TRAIN have the amibilidad to testing with antivirus 360safe interner Segurity
You don’t know what you are doing. Comodo recognizes your test files as trusted hence these results. Read the forums for more details. Retesting from your side would be much appreciated
https://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-vulnerabilities-exposed-t112634.0.html.
what about Quick heal Antivirus ? i want to see Quick heak Test… because i use this and really it is nice but still i want to check.
Anyone with information about McAfee against EndPoint protection Microsft??
Switch to linux all anti viruses are just a gimmick wch stores users info.
Creo que los virus , troyanos y otros son una manera de ganarse la vida , para los que desarrollan programas , me refiero a grandes empresas , De algún modo el que siempre sale perjudicado en esto , es el usuario común y corriente , el que usa su computador para estudiar o saber mas sobre un determinado tema , o mantener simplemente una comunicación con amigos en redes sociales , una manera de para pasar el tiempo tranquilo en su hogar . Pero este se encuentra aceptando contratos , muy frecuentemente de un sinfÃn de software , que normalmente es de pago y no esta a su alcance el poder utilizarlos , porque a duras penas puede pagar su mensualidad en red , asà que tiene que utilizarlos de manera ilegal , y por lo tanto aquà es donde los productores de sofware tratan de tomar el control de la situación , enviándoles código malicioso a los computadores de manera de dejarles inutilizables sus equipos y tenerlos bajo control constantemente ,mediante servidores basados en troyanos , que les retorna información , y todo esto a manera de represalia . Y aquà entran los que fabrican los antivirus y les ofrecen sus soluciones informáticas , en fin un negocio redondo .