Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- The definitive list ?
Re: The definitive list ?
Well, I've got a different questiion. I'd like to have a list of apps
with the following qualifications:
1. They contain viruses, Trojans, worms, and the like which antivirus
scanners normally detect nowdays.
2. They must have Install or Setup files which can be downloaded.
Doesn't matter whether they're freeware or Trialware.
My purpose is to test the ability of the av scanners to alert on the
Install or Setup files.
Preferably, these apps should _definitely_ contain malware, since
I'd prefer not to have to check viability.
I currently have a number of such files which contain mostly Adware.
Kaspersky with extra defs appears to be reasonably effective with
these, but others only detect a few, if any. The vast majority of av
are useless for this purpose.
Since most av are ineffective when it comes to Adware and spyware,
I'd like to focus more on the malware they normally can detect ... and
compare their ability to alert on Install and Setup files.
If anyone has qualms about posting info or links to such files, my
email addy is artsown at epix dot net. Personally, I don't have such
qualms. I'd prefer to see the info posted so that people can be made
aware of which software apps to avoid.
Re: The definitive list ?
It's easy to find commercial "controversialware" with Setup or Install
files. Keyloggers and port scanners are two examples. The problem is
that only sketchy info can be obtained from these since not all av
detect them. Here's one example:
Setup file name: setup_akl.exe
Uploading the setup file to Virus Total shows that only KAV, NOD32 and
CAT-QuickHeal alert. Since I have the first two intalled, I was able
to determine that KAV and NOD32 were able to extract and "scan within"
the setup file. They don't depend on doing a sig on the outer shell. I
installed the Keylogger and also installed CAT-QH. It doesn't alert
when scanning the Keylogger folder. It apparently only uses a sig
on the outer shell and that's all.
AV products that do alert on one or more of the installed files
include: AntiVir, Avira, Fortinet, KAV, McAfee, NOD32, Panda,
and The Hacker. So these are some of the products that do
detect such controversialware. Unfortunately, most don't give
the user a clue before the installation process commences, so
the user must rely on his particular realtime monitor. Not the
best way way to do things, IMO.
It can certainly be argued that simply using a sig on the outer
shell of the install and setup files is sufficient ... and there is no
need to get fancy and decompress/extract to "look within". You
couldn't have this "simple sig" approach operational though at the
ISP/gateway level for commercial controversialware. But it seems
to me it would be a boon to have it for rogue software that contains
Adware/Spyware/Trojans that nobody in their right mind would want
to have installed on their machines. It's with these rogue programs
that most av fail miserably.