av-test.org (Andreas Marx) did an ITW test for PC Professionell (german magazine) with the major vendors after the latest wildlist was released on last sunday. He used the respective antivirus databases from that day to check out how they did without giving the vendors much time to react specifically on the relased list. The list below is a quick translation of the results.


Undetected samples of the 52 new Malwares in the October WildList 10/2006 (released last sunday, 17th december) for the different vendors:



Of course lower values are better in this test...

Name Missed Percent
=======================================
-CA eTrust-INO 11 21%

-Microsoft OneCare 9 17%

-Command 7 13%

-ClamAV, CA eTrust-VET, 6 12%
F-Prot, UNA

-Avast 3 6%

-BitDefender, eSafe, 2 4%
Sophos, VirusBuster

-AVG, Dr. Web, Ewido, 1 2%
McAfee, NOD32, Norman,
QuickHeal, Rising

-AntiVir, AVK 2006, 0 0%
AVK 2007, F-Secure,
Fortinet, Kaspersky,
Panda, Symantec,
Trend Micro, VBA32
and WebWasher

yeah, thats the reality. Like I said already in past (some of you may remember), the vendors get (after several months on non-detection) in most ITW tests the "worldwide-spreading-ITW"-samples in advance and add them in a hurry and then most AV's pass e.g. VB. I very welcome this test of Marx. ;D :thumb:

{QUOTE-> yeah, thats the reality. Like I said already in past (some of you may remember), the vendors get (after several months on non-detection) in most ITW tests the "worldwide-spreading-ITW"-samples in advance and add them in a hurry and then most AV's pass e.g. VB. I very welcome this test of Marx. ;D :thumb: <-QUOTE}
you're right IBK... and that's sad they're behaving like that... some are doing the same with your av-comparatives.org tests... 2 weeks before the test big, major, monstrous updates and they are highly rated. :( (I won't give any names but they are not hard to guess). I just wondered everytime how will the results look like if they wouldn't perform those updates. :blink: ::)

that behavior seems now to have changed (at least so far it seems they released the big updates shorhly after the last test); anyway ITW samples have to be added more quickly and have higher priority, so its not the same like adding shortly before my tests e.g. the remaining stuff that is only marginally around.

I have said several years that VB tests sucks. Now it's proven more than clearly. ::)

VirusBulletin = Commercial Marketing

Best regards,
Firefighter!

Stop! You should separate between Wildlist and Virusbulletin. That's not the same organisation!

Here is the direct link:
http://www.testticker.de/pcpro/praxis/security/article200612180252.aspx

{QUOTE-> Stop! You should separate between Wildlist and Virusbulletin. That's not the same organisation! <-QUOTE}If this was for me. I already know that they are different organisations but VB tests antiviruses against ItW samples, but how, it's for sure a story that you know better. ;D

Best regards,
Firefighter!

{QUOTE-> If this was for me. I already know that they are different organisations but VB tests antiviruses against ItW samples, but how, it's for sure a story that you know better. ;D

Best regards,
Firefighter! <-QUOTE}
yeahhh, dr.web only missed one, so its in the same group as nod32 and mcafee, that will suit me fine.

bitdefender missing three, hmm.

and microsoft and ca... as expected. :-\

but yeah, this is a cool test.

bit defender missed 2, CSJ. ;D

{QUOTE-> bit defender missed 2, CSJ. ;D <-QUOTE}

ohhh yeah, my bad.

still its one more than dr.web ;D

its rare that dr.web gets on par with mcafee / nod32 in tests and even beats bitdefender, so let me ejoy it. ;D

Yep, think we missed, zero.

we sure did miss Zero Jeff=D
grats kaspersky and avira
lodore

{QUOTE-> we sure did miss Zero Jeff=D
grats kaspersky and avira
lodore <-QUOTE}
How can you overlook VBA32? :)

sorry and i also forgot to say congrats to panda as well!
lodore

Good test, and I see AVG ONLY ONE!!! OHHHHHHHHHHH

{QUOTE-> sorry and i also forgot to say congrats to panda as well!
lodore <-QUOTE}
...and AVK, F-Secure, Fortinet, Symantec, Trend Micro, WebWasher too

I am surprised that trend micro did not missed anything. Good to see symantec making into that 0% missed malware list. Overall, i am not surprised.

I was surprised at AVG, and disappointed with Avast.
I have a perception that AVG is making great strides. I am very glad since so many folks that I personally know use the free version with total satisfaction.

Avast has always been my fall back AV, but I may someday take a look at AVG.

PS
Ain't F-Secure great? I bet Lodore is sorry he dumped it. He, He.

Best,
Jerry

{QUOTE-> I was surprised at AVG, and disappointed with Avast.
I have a perception that AVG is making great strides. I am very glad since so many folks that I personally know use the free version with total satisfaction.

Avast has always been my fall back AV, but I may someday take a look at AVG.

<-QUOTE}

If you take this way, I hope you will change your antivirus every other day between Kaspersky and AVG Free and AntiVir and so on... :o :D :o :)

{QUOTE-> If you take this way, I hope you will change your antivirus every other day between Kaspersky and AVG Free and AntiVir and so on... :o :D :o :) <-QUOTE}

Nothing in my post indicated I change with every passing test. However, to have blind faith in an AV regardless of test results is not especially sensible in my view.
When I don't have one and need it, then is a good time to trial a different one.
AVG seems to offer the most trouble free "set and forget' performance of any. I make that conclusion by the number of folks who I personally know who use it with complete satisfaction.

If I had none, and was going to select one, I would get the most effective one I could determine fit that bill if it ran well on my machine.

For now, I don't intend to change KAV6 or F-Secure 2007 for anything as long as they operate well on my machines.

BTW, do you never change? Or maybe you are using the same applications you started with some time ago?;D

Best,
Jerry

well, I disagree on the performance of F-Prot, Avast and BitDefender.
Overall results(Microsoft, ClamAV, CA on the bad side; Antivir, NOD32, Kaspersky, Dr. Web, Symantec, Norman on the good) are not surprising, perhaps AVG and VBA32 have changed some minds about them.
{QUOTE-> AVG seems to offer the most trouble free "set and forget' performance of any. I make that conclusion by the number of folks who I personally know who use it with complete satisfaction. <-QUOTE}
Agreed ;)
If I know that a certain person can´t manage the basics(updates, schedule scannings) of an AV I install AVG to him.

{QUOTE-> well, I disagree on the performance of F-Prot, Avast and BitDefender.
Overall results(Microsoft, ClamAV, CA on the bad side; Antivir, NOD32, Kaspersky, Dr. Web, Symantec, Norman on the good) are not surprising, perhaps AVG and VBA32 have changed some minds about them.

Agreed ;)
If I know that a certain person can´t manage the basics(updates, schedule scannings) of an AV I install AVG to him. <-QUOTE}

Out of curiosity, what have been the results with AVG? Have there been infections? I realize that the habits of users influence that to a large degree.

Best,
Jerry

I'm curious to know whether these guys tested AVG Free/Pro edition of the AVG Anti-Malware edition, as it is well known that the ewido engine is a good supplement to AVG. Also, does the ITW sample set in this test include only viruses or trojans and other malware as well? ???

+W32/Areses!ITW#30.......[Scano!B95C.....] 10/06 FnMt
+W32/Areses!ITW#36.......[Scano!E437.....] 10/06 FnMt
+W32/Areses!ITW#37.......[Scano!4B8B.....] 10/06 FnMt
+W32/Areses!ITW#41.......[Scano!9931.....] 10/06 FnMt
+W32/Areses!ITW#5........[Scano!DF6A.....] 10/06 AoIs
+W32/Bagle!ITW#110.......[Sality!2CFF....] 10/06 FnTa
+W32/Feebs!ITW#68........[!9568..........] 10/06 FnTa
+W32/Forbot!ITW#19.......[!21B6..........] 10/06 FnSj
*W32/Ganda...............[...............] 10/06 FnMt
+W32/Kebede!ITW#2........[!F423..........] 10/06 FnTa
+W32/Looked!ITW#11.......[!4373..........] 10/06 FnSo
+W32/Looked!ITW#14.......[!04C0..........] 10/06 FnJc
+W32/Looked!ITW#32.......[!D918..........] 10/06 FnJc
+W32/Looked!ITW#9........[!BFC0..........] 10/06 FnJc
+W32/Maslan.A-mm.........[...............] 10/06 FnIs
+W32/Mytob!ITW#235.......[!B2FA..........] 10/06 AoFn
+W32/Mytob!ITW#447.......[!F3FA..........] 10/06 FnNb
+W32/Mytob!ITW#497.......[!4300..........] 10/06 SkTa
+W32/Mytob!ITW#500.......[!88A6..........] 10/06 AyFn
+W32/Mytob!ITW#518.......[!9E21..........] 10/06 FnMt
+W32/Mytob!ITW#519.......[!5C70..........] 10/06 FnMt
+W32/Mytob!ITW#520.......[!B872..........] 10/06 FnMt
+W32/Mytob!ITW#537.......[!d9ac..........] 10/06 FnTa
+W32/Mytob!ITW#547.......[!fcec..........] 10/06 FnTa
+W32/Mytob!ITW#568.......[!3B2C..........] 10/06 FnMt
+W32/Mytob!ITW#590.......[!C7D3..........] 10/06 FnMt
+W32/Rontokbro!ITW#36....[Brontok!5E84...] 10/06 FnTa
+W32/Sdbot!ITW#1791......[!2A4D..........] 10/06 DlFn
+W32/Sdbot!ITW#1799......[!29CC..........] 10/06 FnSj
+W32/Sdbot!ITW#1809......[!6D10..........] 10/06 DlFn
+W32/Sdbot!ITW#1831......[!C32C..........] 10/06 DlRs
+W32/Sdbot!ITW#1847......[!DBB4..........] 10/06 DlRs
+W32/Stration!ITW#101....[!6F1E..........] 10/06 AoFn
+W32/Stration!ITW#102....[!9873..........] 10/06 AoSr
+W32/Stration!ITW#13.....[!0908..........] 10/06 FnMt
+W32/Stration!ITW#20.....[!EEED..........] 10/06 FnIsSkSo
+W32/Stration!ITW#28.....[!C417..........] 10/06 MtRs
+W32/Stration!ITW#30.....[!A9D8..........] 10/06 FnSrTa
+W32/Stration!ITW#31.....[!1A49..........] 10/06 FnSr
+W32/Stration!ITW#36.....[!47C4..........] 10/06 FnWw
+W32/Stration!ITW#41.....[!05A4..........] 10/06 FnWw
+W32/Stration!ITW#42.....[!C2FF..........] 10/06 MtSk
+W32/Stration!ITW#43.....[!40C6..........] 10/06 AoMt
+W32/Stration!ITW#44.....[!2077..........] 10/06 AoMt
+W32/Stration!ITW#45.....[!7568..........] 10/06 AoMt
+W32/Stration!ITW#46.....[!7E4B..........] 10/06 AoMt
+W32/Stration!ITW#47.....[!B8E4..........] 10/06 AoMt
+W32/Stration!ITW#60.....[!E06D..........] 10/06 MtSkWw
+W32/Womble!ITW#2........[!FB75..........] 10/06 MtTa
+W32/Womble!ITW#3........[!343A..........] 10/06 FnSkMt
+W32/Womble!ITW#4........[!7A6D..........] 10/06 FnMt
+W32/Zafi.F..............[...............] 10/06 FnNb[/FONT]

@jerry no way im loving kis6.0;D
why dump it for something heaver like f-secure when you can get faster updates and lighter this way. and the same detection rate.
lodore

{QUOTE-> Out of curiosity, what have been the results with AVG? Have there been infections? I realize that the habits of users influence that to a large degree.

Best,
Jerry <-QUOTE}
You have guessed right ;) I saw only three infections with AVG:
-A user that ignored the alerts from AVG. She was downloading a crack ::)
-A user that followed a link in a unsolicited mail. I guess it was a drive-by site.
-A user infected with a nasty spyware. I couldn´t track down that infection.

{QUOTE-> You have guessed right ;) I saw only three infections with AVG:
-A user that ignored the alerts from AVG. She was downloading a crack ::)
-A user that followed a link in a unsolicited mail. I guess it was a drive-by site.
-A user infected with a nasty spyware. I couldn´t track down that infection. <-QUOTE}

Thanks, Lucas.
Jerry

You are welcome.
What I have said about AVG applies to almost all major AV engines.

I am of the opinion that anyone who is a safe user, keeps Windows and AV updated, and uses normal caution will find any of the popular AVs adequate. I would not use those at the bottom of the detection rate list, such as Clamwin as my AV, but anything from AVG up would do the job.

I suppose that if one clicked on every link and attachment no AV would keep the system clean.
To show I "put my money where my mouth is," I use KAV6 and F-Secure.;D ;D

I recall that not too long ago Scot's forum was attacked. Those on the forum at that time were using various AVs, and none was infected. If I remember correctly some were using AVG.
I think that is a case of the AV doing the job, as there was nothing unsafe visiting a forum such as that one or this one.

Best,
Jerry

{QUOTE-> I have said several years that VB tests sucks. Now it's proven more than clearly. ::)

VirusBulletin = Commercial Marketing

Best regards,
Firefighter! <-QUOTE}
I would go further:-any test where the vendors know in advance the testing date can be manipulated by any vendor wishing to do so,as it is at the moment,all the tests can be used as marketing if so wanted,apart from ones not relying on up to date sigs,but in my opinion they are also worthless,unless of course you are a masochist and actually want to run with your av"out of date"!

{QUOTE-> I would go further:-any test where the vendors know in advance the testing date can be manipulated by any vendor wishing to do so,as it is at the moment,all the tests can be used as marketing if so wanted,apart from ones not relying on up to date sigs,but in my opinion they are also worthless,unless of course you are a masochist and actually want to run with your av"out of date"! <-QUOTE}

I AGREE, no vendors should know the date of such tests, it just makes results a little invalid.

maybe some, well .. 'we know some' will change in detection for sure.

i think if a vendor gives permission to be tested, thats were it ends.

but i personally think they shouldnt even be asked to be tested, the public have the right to test such products without them not knowing when these tests are, until then ... there will never be a proper valid test.

it seems that nod32 add alot of signatures the day before the tests...
im sure other vendors do as well.
lodore