I put the fear of God into my 70 year old mom about internet infections.
Now she's a religious SandboxIE user.

WARNING regarding Comodo Time Machine:

Don't ever boot using a liveCD/USB and write to the HD, or you will find your machine hosed. The only remedy is to return to the baseline snapshot. Any changes since the baseline are irrecoverably lost.
I lost 2 weeks of work (not data) and was reverted to an almost fresh install of Windows on my main laptop.

I plan on never using that product again.

Thanks for the update. I've been considering this product.

Two things I'd be interested in you adding to your tests if you're willing.

1. OpenDNS - http://www.opendns.org
My understanding is that OpenDNS may not always block the installation of malware, but does its best to block known sites that common malware access once installed, essentially crippling the malware. From their malware information page ... 'This means even if the virus has penetrated machines on your network it is rendered useless because it cannot connect back to the botnet.' Would be interesting to see what the result is.

2. MVP hosts - http://winhelp2002.mvps.org/hosts.htm
I've used this with surprising success with some repeat customers. Had a client bring his malware infected machine back three times in two months with different infections. He uses porn sites that were aggregating content from other sites across the web. After installing this custom host file it stopped. The surprising part is that this hosts file has to be manually maintained so I was expecting limited success. I'm still in regular contact with him but he hasn't seen a re-occurance. The MVP host file I installed is probably 15 months old at this point. Just a little extra to help block the known stuff.

http://www.funkytoad.com/index.php?opti ... tent&id=13
This particular item, referenced by A1C-James, did not prevent me from going to my 3 rogue av sites that I use for testing.
In regard to Time Machine thanks for the information. I will also test with various boot discs. Who would have thunk it.

Hey SHCS,
Yea the MVP hosts are excellect in combination with a solid AV. As it was just mentioned it did not prevent the ransomeware it does however provide a frontline passive defence against %80 of all ads, popups, and various online scan malware. I love MVP but since it cuts the bad stuff out of the picture before it gets to the browser and refuses connection.

I'm not familiar with the paid version of Malwarebytes. I know that it will automatically update and you can schedule scans, but I didn't realize that it worked proactively. Could you elaborate as to how it prevented you from going to these three sites. Does it just stop the browser and throw up a warning or what?
Also what browser did you use?
Thanks for providing the results of your research, BTW. Very interesting, T.

Ive actually noticed in the past that malware bytes installs a background process or service that runs all the time but does not use up barely any resources. I suspect this is the real time agent for they're advertised defenses. I really wanna try it but don't wanna fork out the doh lol.

on another note I looked into tests form other various sites for comparison on proactive AV suites. Current versions of kaspersky and Symantec are currently leading. It was a brief overview of some of those dynamic tests but from what I could tell is that they are both impenetrable to the strains of infections performed. I however, I did not look as to how many tests or strains were analyzed but from the 10 or 15 suites that were tested it seemed pretty on point in respect to the results I get here on my bench.

anyways check out the site http://www.av-comparatives.org
I did some background checking on them as well to see if they are in any way associated to any specific av products and they seemed to come up clean so take it with a grain of salt.

It appears that Malwarebytes and SAS are unable to detect and remove the TDSS tld4 rootkit. Combofix also claims it does however it returns through the spooler.

I get machines that have kaspersky installed and up to date and still get infected.

Rafael Garces
MCSA, ACMT, CompTia A+, NET +, MCP

Could you elaborate as to how it prevented you from going to these three sites. Does it just stop the browser and throw up a warning or what?
Also what browser did you use?

Yes. You simply get a pop up dialogue from Malwarebytes that states:
"Malwarebytes successfully blocked access to 22.22.11.44 (example) and denied access".
And it does not care what browser you are using.