Norton vs zip

 

 

On December 17, 2012, "Safetygate.ru" conducted a test on Trojan MBRLock. Here are their results.
AVs in green color passed the test, AVs in red - failed. Also, first day Norton failed the test - DI ans Sonar did not react, but the second day, after Symantec was able to update their signatures, Norton passed the test.frgntply4a.png

Conducted a comparative test.
Selected 146 samples of malicious programs, Norton detects and removes all the unpacking RAR archive.
These samples are packed in ZIP archive.
Downloaded from the server and unpack ZIP archives.
Norton is not detecting unpacking and scanning.
Why the difference?
  Run 51 samples from the unpacked archive ZIP
Files are really malicious. We see the work of Sonar.

23-12-2012 16-14-42.png

 

run the file № 43
https://www.virustotal.com/file/28e8c76a8ca2e2cead77e96a966112ad6b8490f11be4c00fa1ea841152dbed43/analysis/1356259224/

Norton failed miserably. Winlock.

23-12-2012 17-50-25.png

 

run the file № 51

https://www.virustotal.com/file/4ec8b97fa515b519c24203d99065375c8a156ea9eb477196450461187559abe0/analysis/1356259630/

Norton no protection.

23-12-2012 16-29-35.png

 

Why such a different defense?
Any thoughts

Prior,

 

Sounds too obvious to ask but Norton does have a setting not to check inside compressed archives ..... default is NOT ISTR so which way is yours st?

Thanks Hugh
By default the scan compressed files is enabled.

24-12-2012 11-27-09.png

 

Norton works differently with the files unpacked from the archive RAR and ZIP.
When downloading a file or decompressing RAR archives first working Download Insight, removes the detected malware files.
Then provides information about the files with a bad reputation SONAR.

When loading and subsequent unpacking ZIP archive Download Insight does not work.
SONAR does not receive information about the files with a bad reputation. (In my opinion)

 

 

Vladimir

How can it happen?
  Kaspersky and Comodo when accessing a file is checked every cloud technologies.
Norton was the first to use this technology.


AntiMalware wrote:

Hi.

 

Correct me if I'm wrong : No AV vendors (including Norton) can scan Zip/Rar file for malware until the file is completely unpacked.

 

Thank you.


Can someone confirm this please?

 

Thanks.

Each layer of a compressed file is decompressed and scanned.

Congratulations to all the members of the forum and Symantec employees a Merry Christmas and a Happy New Year.


By results of vote of users Safetygate.ru

Norton Internet Security 2013 received an award in the nomination "The Best Web Defender"

NBy9R.png