Test Your Anti Virus Software

A Quick Way To Test If Your Computers Anti-Virus Software Is Working

By Strictly-Software

This is a quick and quite a simple way of testing if your PC is protected properly from files that may contain viruses or malware. It has apparently been around for a long time but I only stumbled across it tonight and when I tested it against my AV tools I was surprised at the results.

The test is called a Eicar test file is a file, developed by the EICAR organization, that is used in testing anti-virus scanners for their integrity in detecting viruses. The actual file is simply a text file of either 68 or 70 bytes that can be created using any text editing program like Notepad. It is not actually a virus but the characters within the file should flag a hit in most Anti Virus tools making them think it is one.

With so many free anti-malware / virus software out there to use it can be a case that you have multiple apps installed to protect your computer as I have found that some AV products will detect some malware, and others malware that the previous products didn't find.

Therefore I have found that having more than one AV / Anti Malware product on my computer is the best policy just in case something is found by old school virus definitions or by heuristic behaviour detection which other AV products use.

I read something the other day about Bitcoin miners hacking into a quantum computer at some US university to leverage it's super power to mine coins. Obviously their standard AV software didn't detect whatever program was running so they actually came up with a new solution which I really don't understand why home PC users couldn't use as well.

It's a pretty simple concept in that the Quantum Computer just like any computer should only be running certain "allowed" programs.  System programs that operate the machine and then programs that have been installed on the machine by admin. All the new anti-virus tool did was hold a list of every program allowed to run on the machine, and then it would constantly scan the Task Manager or equivalent tool and if it found any program executing that wasn't on the "allowed" list it would terminate the process and quarantine or remove the executable.

To me this sounds like quite a simple solution to malware detection and a lot better than constantly updating AV software with definition lists. How hard would it be to create a program that logged all tasks and services that were OS-based, and then add to this whitelist any programs that were properly installed by an administrator. You could run the setup of this program in safe mode, or on a clean install so that it stored only safe OS programs in it's a whitelist and then when a new program was installed it would be added to the same list.

Then the AV tool would just run alongside your Task Manager looking for any process not in it's white list and flag it when found. The user could then inspect the properties and location of the file and decide whether it was legitimate or illegal and either add it to the white list or have it removed. I might even have a crack at making something like this.

Anyway this is about testing your current system to see if your AV software will detect the following file as malware which it should. I don't know what this does if anything, or whether it just matches a virus definition from some time back but I ran the test earlier and you can see my results below.

Run Your Own Anti Virus Test

1. Open Notepad -> Run -> Notepad

2. Type the following text into the file: 

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

3. Save the file somewhere on your PC as an executable, e.g. I saved my file in Documents as AVTest.exe

4. If you have multiple AV tools in your context menu. You can right click above the file and test each one to see if they detect the file as malware e.g

5. However if you are on Windows and haven't replaced Windows Defender with a premium AV tool it should always be running and detect threats as they come. It does on my PC despite me having other AV tools. As soon as I save the AVtest.exe file on my machine Windows Defender pops up a message saying it has detected malware on my machine in the top right corner and in the bottom right corner another message tells me that I don't need to do anything as "Detected threats are being cleaned" and within a minute the file disappears from my Documents folder. Therefore if you want to test other AV software you need to have them up and running and ready so you can do a quick single file virus test from your context menu before Windows Defender removes it.

Notice the two Windows Defender messages in the right hand corners of the screen when I save the file.

So I have a variety of AV tools on my system but keep Windows Defender running at all times. These were the results I got from my Context Menu test. Please let me know of any other free AV tools that either detect or DON'T detect this as a virus.

-Windows Defender: It detected the file as a virus as soon as I saved it. Showed me warning messages and said it would be removing it. Within a minute or so the file had gone.

-Malwarebytes Anti-Malware: Running a scan on this file from the context menu it detected it and quarantined it for me but a full scan did not find it.

-Norton PRO: used instead of Windows Defender on my other laptop, BT has changed from McAfee to Norton, and you get a pro version of the AV software for free from BT, I didn't even realise until they told me to update from McAfee to Norton, anyway - DID DETECT AND REMOVE IT a few seconds after I saved the file on my laptop.

-McAfee PRO: used  instead of Windows Defender as my main virus checker - DID NOT DETECT IT AS A VIRUS

-Emsisoft Security Center: - DID NOT DETECT IT AS A VIRUS.

-SuperAntiSpyware (Free Edition): - DID NOT DETECT IT AS A VIRUS

Now I cannot be a 100% sure that the reason that the last two apps did NOT detect it as a virus was that Windows Defender had somehow put a lock on the file so that they could not detect it or something however the free version of Malware Anti-Malware did detect it when running a single file scan from the right-click context menu.

Anyway, this is a good test just to make sure your computer is detecting virus files and it only takes a few minutes to copy that string of letters and place them in a text file, save it, and see which AV tool shoots up a message that a virus has been detected.

It's an old trick so I don't claim to be the first to know about it but I was just surprised at the results, it is always good to know your machine is protected and this is a very simple way without installing an actual virus.

Let me know of any other FREE AV / Anti Malware tools that don't detect it as malware in the comments.

By Strictly-Software

Quickly Grab Generated Source Code With One Click

Quickly Grab Generated Source Code With One Click

By Strictly-Software

Now that my broken arm is getting better I will be doing more code. It still hurts like mad though, the arm bone didn't even look like it belonged anywhere near the shoulder where it was dislocated.

If you want WordPress plugins then go and check out the main site which I need to do some work on. I am also thinking of building an alternative search engine to get round Google's/CIA/NSA's de-ranking and demonetisation.

I used to have a Super Search Engine years ago, that took the top 10 items from Google, BING and Yahoo, however they kept changing the source code until it all became AJAX loaded in on the fly and too hard to scrape.

I think with the push or deletion of alternative news down the rankings, and pro-establishment news gaining viewers they would never had got a year ago due to Facebook's subservience to the USA and Israeli governments. More and more people will move to new decentralised social media platforms and once that happens Facebook and Google, who are already losing out to duckduckgo.com  due to privacy concerns will lose money in their share price as well as many members.                                 

The problem is money of course and too few people click on adverts or donate out the kindness of their heart.

I think, like search.darkpolitriks.com, that has a starting page of core main #altnews websites and podcasts, I could write my own one and charge £10 for a relevant #altnews blog or channel to be added to the SERP, just so that small alternative sites have the same chance of being found in results and sites like CNN and the BBC are weeded out.

Easiest way of creating a SERP. Just ensure the site is relevant and not mainstream.

Anyway I was fixing a bug today when I realised that it was a bookmark with an http source on an https site that prevented the lock from showing.

Sometimes I don't think people realise how dangerous loading third party scripts can be.

Just loading in a CSS stylesheet could cause nightmares.

For example say your site loaded in a stylesheet from www.SomeSiteIDontControl1.com which loads in a background PNG image which in turn loads in another remote 3rd party stylesheet from www.SomeSiteIDontControl2.com.

Then one day the person in control of that site changes that 2nd image to a dangerous .js file or .exe that loads in an XSS attack.

You are so far removed from the actual cause of the problem that with minification and compression you might have no hope in finding the dangerous file.

So one day the 2nd CSS file that you are loading looks something like this:

background:url(http://www.somesiteIdontcontrol2.com/images/background.png) no-repeat 16px 0;

Then one day this site owner changes his background image to be an .js file e.g

background:url(http://www.somesiteIdontcontrol2.com/images/dodgyscript.js) no-repeat 16px 0;

And when the page loads, and after your onDOMLoad event loads in these scripts it hits your user with the JavaScript sites code.

A recursive script might be handy to run every day to check diagnostics by referencing every URL it finds in any style-sheet or JavaScript on your site.

Follow it backwards and check every other URL it finds.

Another way, if you are perfectly happy with your code is to create local versions of the files and images and keep it all on a server you control so no-one could malform the objects being loaded.

This is a bookmarklet script I wrote years ago that shows me the DOM loaded afterwards and not before.

I wanted to see what scripts and files had been added since I pressed the View Source button that shows the HTML and JS/CSS before any code is run on the page.

I use it all the time. I created a bookmarklet and added it to my bookmark bar so it's within easy reach with a URL to www.google.com and save it.

I then edit it and change the location of the JavaScript I want from www.google.com to the code so that it runs. This might not be necessary anymore but I had add a real URL in the old days.

This code basically takes a snapshot of the DOM once all 3rd party objects have modified the code, loaded videos, changed images and anything else sites like to do when onDOMLoad (not onWindowLoad, which only fires once every image and external object has been loaded.

As you are loading the code with a press of a button there is plenty of time for the onDOM onWindow and onFrame load events to fire, plus many others.

javascript:(function()%7b function htmlEscape(s)%7bs=s.replace(/&/g,'&amp;');s=s.replace(/>/g,'&gt;');s=s.replace(/</g,'&lt;');return s;%7d x=window.open(); x.document.write('<pre>' + htmlEscape('<html>\n' + document.documentElement.innerHTML + '\n</html>')); x.document.close(); %7d)();

As the HTML 5 spec still allows for href="javascript: ..... " then a link or button can run JavaScript when it really should be running external document.addEventListener events to each object needing code to fire when hit.

The code just creates a URL encoded function called htmlEscape which replaces brackets and ampersands and opens a new window writing this new code out into the document.documentElement.innerHTML.

Not hard to do but very useful.


By Strictly-Software

© 2018 Strictly-Software