Welcome to the securityteacher.com research section
In the first of our series of research, we decided to pit against each other three popular security products – Kaspersky Internet Security, Agnitum Outpost Security Suite Pro and Eset Smart Security to find out which demonstrated the best aptitude to counter threats with the help of onboard proactive protection instruments – those that monitor system activity and alert to new or unknown program operations.
The testing methodology was quite straightforward: disabling all signature-related scanners, running the test malware sample and tracking how each product managed to prevent activation of malware after system restarted. All prompts were given the “block action” response, and the tools used for testing were Sysinternals Autoruns and Process Explorer.
Click the corresponding video file to see the products in action.
 |
Video 1 - Product in action:
|
|
|
Video 2 – Product in action:
|
|
|
Video 3 – Product in action:
|
|
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
Posted in Research
July 25th, 2008 at 1:49 am
I find your newsletters interesting and informative.
I prefer text / html to video as not all countries have great connections.
My businesses is “profitable marketing and selling systems” and it would be interesting to test whether video or still sells more in you situation. What I have found so far, is that “text” outsells video / cute etc by far.
It also uses less bandwidth, but it does not entertain as well. Then our purpose is the deciding factor.
Cheers Peter
July 25th, 2008 at 9:54 am
Very interesting Igor!
thank you
July 25th, 2008 at 4:44 pm
If the anti malwares hadn’t been disabled surely Eset and KIS would not have been infected!
So although obviously a sales tool for Agnitum Proactive defense it should not mean the other 2 would not protect a user.
July 26th, 2008 at 9:27 pm
What a useless test. All of the products would have stopped the threat if all of the modules where activated. So who cares how it’s stopped as long as they all would have stopped the threat in real life.
Also unless i’m wrong the tester works for Agnitum….it’s like Microsoft testing Windows vs Linux…..i wonder if Linux could ever win that test.
July 26th, 2008 at 10:28 pm
Neither did outpost detect any threat in this test. A popup that always ask for permission regardless of a threat or not is not detection…..it’s just annoying. A good security program should detect threats and if no one is found never bother you. Even i could create an application that ask for permission whatever you do, but that’s not security….it’s useless.
Also how should anyone distinguish a threat from a clean file with a warning that says “Application is attempting to modify a critical object”? This sounds serious in any case and if i start an application and see this message…how should i know if the file is infected or if this is normal behavior of the application?
A tailor-made test with a single file performed by an Agnitum employee have no credibility what so ever.
July 28th, 2008 at 12:22 am
Thank you for your video. From your video, we found that Outpost can successfully block the malwares’ attack at the very first beginning. How about if Outpost Firewall Pro is installed on a PC which has been infected with those testing malwares, is Outpost able to remove them all ? Can you record another video clip to demonstrate that ?
July 28th, 2008 at 1:39 pm
You people Do Not Understand what he is trying to show us,what he attempts to show us is the capabilities of non signiture based detection,of course it could be stopped by signitures(if there is a signiture for the malware sample) but these days. signitures are not enough to provide enough defense.
August 11th, 2008 at 9:06 am
Good demonstration. Can you test also Bitdefender antivirus/internet security, Norton, Eset antivirus, kaspersky antivirus?
August 15th, 2008 at 6:11 am
Which program do you use to record the video? I really wonder…
Your videos are great! We don’t like ESET NOD32 either.
Greetings from Turkiye
Take Care! ^_~
August 20th, 2008 at 3:14 am
To Kizilsungur: it was ViewLet Builder.