IMMUNET Protect 2.0 free: a promising cloud antivirus (Test against know malware)

[leofelix]

disclaimer: the following test is based on my experience and it is only an amateur one.
-----------------------------------------------------------------------------
IMMUNET Protect 2.0 free is easy to install, it doesn't require to reboot.
Configuring it is also very simple.
IMMUNET 2.0 free uses two antivirus engines, has a very powerful realtime module, lacks of web protection, cannot scan inside compressed files and is not able to detect and remove rootkits (some functions more are available in the Plus - paid - edition)
It requires of an internet connection in order to work properly.

I have tested it against 10 known- nevertheless dangerous - malware samples: Trojans, Keyloggers, Virus, Worm, Spyware and Exploit.
I copied 10 compressed malware samples into my VMware Player running XP Pro SP 3




When I tried to unzip the first malware sample I had been immediately alerted by IMMUNET Protect 2.0 free real time protection



As a result I had to temporarily disable Immunet Real Time module and I could extract the remaining malware samples to my desktop.




Well, now 9 infected executable lie on my desktop.

I can run a scan




Not bad: 8 malware samples have been detected and destroyed easily.
Only a Win32.Induc.A is not detected.

I can get rid of it thanks to a-squared 4.5 free via context menu scan



Since all zipped files still contain malware samples I run an a-squared 4.5 free scan which can easily quarantine them




My opinion:
IMMUNET Protect 2.0 free has considerably improved in comparison with previous versions, it takes 20 MB memory according to my taskmanager but is still a little bit immature even if looks promising and its detection rate is quite good.
Do note: I haven't tested it against new 0 days threats.
I believe that for an advanced user might be sufficient.

My suggestion: use it along side a good antimalware (ie.SAS Pro, MalwareBytes' AntiMalware Pro, EMSISOFT Anti-malware or even Windows Defender) if you believe IMMUNET protect meets your needs and if you practice a safe surfing.

Here are some virustotal reports of some malware samples I used for my test

Code:

http://www.virustotal.com/en/analisis/274d87ef20163c99ac352385a70cd1583620a58e16f01767666a705e6ba47f91-1277767450

Code:

http://www.virustotal.com/en/analisis/adcfaac703e66eec2a6849228d05b4d4b691631201d0790db5cd603a52346d2f-1277767308

Code:

http://www.virustotal.com/en/analisis/f3dafef56f0d9be149a88dc89fcdf93e0248a1444dcc0000dd2bf68619a5f849-1277767175

Code:

http://www.virustotal.com/en/analisis/afc6422a2fa81952373fcdd60846b719e30cb85be5ad3dfb67f5b103c321ed58-1277767102

Code:

http://www.virustotal.com/en/analisis/be20a2a4ba11c576baebc09679b4c5ef94276e288ee09d2ca44ca6d9c3b51ce4-1277766961

Opinions, suggestions, corrections are welcome


Thank you

[sujay]

Good to hear that it has improved...

[akhil]

leofelix,
please test clamav for windows ( which s said to use immunet technology ) against rootkits
i think results may be promising
thanks

[sujay]

AFAIK clamAV for windows still use the previous version technology of Immunet. As the latest version of Immunet does not include rootkit detection it is less probable that the previous version will detect. Also it do not have option for full scan.

[leofelix]

Hi akhil,
as far as I know ClamAV doesn't offer any real time protection module (correct me if I'm wrong, please)
In regards to IMMUNET partnership

http://www.clamav.net/lang/it/about/win32/

Immunet placed ClamAV into their Cloud infrastructure alongside their Ethos detection engine

So my question is: if ClamAv engine is included into IMMUNET free which cannot scan and detect for rootkits, can ClamAv detect rootkits too?


@ Sujay: indeed, it has improved a lot , even if in my opinion IMMUNET Corp have still to work to refine their antivirus.
IMMUNET protect 2 free detected 9 samples of known malware and missed the very known Win32.Induc.A which is largely spread, that sounds a little bit odd

[sujay]

@leo, I think the rootkit detection of an antivirus can be judged only if it is installed. And Immunet free does not have antirootkit in free version. But in a on-demand scan (you extracted them on the desktop), its detection is based on its signature only. So, if it misses that it is the fault of their database not their engine...

[leofelix]

@ sujay.
I have downloaded a known TDSS rootkit on a previous test and IMMUNET protect 2.0 couldn't even see neither on demand nor after executing it.
MBAM detected it immediately instead.
I do not remember where I saved the related snapshots, now I cannot find it, I'm sorry.
If a rootkit is already installed hardly an antivirus can detect and remove it, usually specific tools are required.

However I was asking about ClamAV in particular

Thank you

[EDIT to add] sorry, sujay, I had not noticed your previous post

AFAIK clamAV for windows still use the previous version technology of Immunet. As the latest version of Immunet does not include rootkit detection it is less probable that the previous version will detect. Also it do not have option for full scan.

[Ceyfer √]

Rootkit detection?

I think it can detect generic rootkit/blended threat samples ( if it can't then it's a waste of your computing memory )...but rootkit disinfection is another story.

[leofelix]

@ Ceyfer: I hope so.
I'm a little bit confused.
IMMUNET states that their free antivirus doesn't include any antirookit ability.
It is likely you are right, since generic rootkit code might be part of other kind of malware which IMMUNET can detect.
I'd like to elaborate their concept of community cloud based (based on what? Facebook and Twitter users???)

[Alboguy]

Keep up the good work leo!!