Comparative test of popular antivirus software from the developer of cyber weapons Hacking Team

Just recently, the internal networks of the well-known in certain circles of the manufacturer of cyber-weapons, the company Hacking Team, were hacked, as already described in detail in Habré. As a result of the leak, about 400GB of files got into the network, including email archives, financial documents, source codes of malicious modules and much more. The so-called knowledge base of the company (Knowledge Base) was also merged, in which spyware developers accumulated useful information, including the quality of the detection of their creations by various antiviruses. Given the situation, it seems that this test can be fully called "independent", because research was conducted in their own interests.









Three types of malicious load are tested - Silent (malicious agent in its pure form), Melt (malware in the installer of another application, for example , Firefox or uTorrent) and Exploit (exploit inside an office or other document). Testing was conducted on Windows 7, 64bit. Data on desktop antiviruses have 82 edits and are relevant as of June 16, 2015:

')





Green - the antivirus does not respond to the launch of the agent.

Yellow - the agent establishes a connection with the server, but sometimes antivirus warnings may appear, or the antivirus has a non-standard configuration (ie, the firewall is disabled).

Black - the agent cannot establish a connection with the server, but there are no anti-virus warnings, or the agent is on the black list of the antivirus.

Red - the agent cannot establish a connection with the server, antivirus warnings appear (the agent is detected as malicious).



Solider - standard agent version.

Elite is an advanced version.



Also, antiviruses under OSX and Android are tested: