Every year there are a lot of reports on which is the best antivirus, firewall or HIPS security software and most of them have different opinions. Some will say Kaspersky is the best, and some will prefer NOD32… When magazines or people say which antivirus, firewall or host intrusion prevention system software is the best, is it really accurate? I personally think that the only way to tell which is the best antivirus program IF all antivirus vendor give their source code to the world’s best security coder to analyze them, then maybe we can have the real winner. Virus coders can also tell which antivirus program is the best because they need to analyze how to code something that won’t trigger antivirus alert.
If we don’t know any virus coder, then how do we know which security software to use? Why not put your currently installed antivirus, firewall and HIPS program to the test?
System Shutdown Simulator is a unique leaktest designed to test the effectiveness of your firewall, antivirus and host-intrusion prevention system (HIPS) when malware simulates a fake Windows shutdown. System Shutdown Simulator is the first of a new generation of leaktests designed to test the effectiveness of HIPS software in protecting your computer from malware.
With the line between firewall and HIPS software becoming increasingly more blurred, System Shutdown Simulator is designed to redefine the leaktest formula by testing both your firewall and HIPS as well as antivirus software for leaks in their protection.
This leaktest highlights a new vulnerability that exists when a user shuts down their computer and a program cancels the
shutdown. For example, when installing new software, the installation program often asks the user to restart their
computer to complete the installation. When the user allows the computer to be restarted, the installation program could potentially compromise the user’s computer completely undetected by security software as these have already shutdown.
Simply follow the steps to test your security programs. First you press the “Intercept System Shutdown Call” button. Next, You can either hit the “Shutdown Computer button” from the program or manually shutdown your computer. You’ll notice that your computer WON’T shutdown because it has been intercepted when you clicked the Intercept System Shutdown Call button and also all your running programs including antivirus has been closed. Now if you want to test your antivirus, click the “Create Eicar Test file” and it will create a virus file on your computer. If your antivirus is able to detect the Eicar file, then your antivirus program proofs to be smart.
I tested System Shutdown Simulator with Kaspersky Anti-Virus v22.214.171.1245 and was disappointed to know that it didn’t detect Eicar :( However, this doesn’t mean that the latest version of Kaspersky Anti-Virus is useless as this test is only one of the leaktest method. Good news is the upcoming version 8 will be able to detect this vulnerability.