Hi,
The following is the brief of tests. The tests used 60 different malwares. The first column is name of av, second total blocked, third total missed:

Program Blocked Missed MRG Project#20
a-squared 60 0 Passed
Avast 58 2 Failed
AVG 59 1 Failed
AVIRA 60 0 Passed
BitDefender 53 7 Failed
Dr.Web 57 3 Failed
eScan 52 8 Failed
F-Prot 46 14 Failed
Ikarus 60 0 Passed
Kaspersky 60 0 Passed
Microsoft (BETA) 57 3 Failed
Nod32 58 2 Failed
Norman 50 10 Failed
Norton 58 2 Failed
Panda 60 0 Passed
Panda Cloud 60 0 Passed
Prevx 60 0 Passed
Spy Emergency 44 16 Failed
Twister 58 2 Failed
VIPRE 60 0 Passed
COMODO 60 0 Passed
F-Secure 60 0 Passed
G DATA 60 0 Passed
McAfee 59 1 Failed
Online Armor++ 60 0 Passed

Conclusion: Mixed Results.

Results page: http://malwareresearchgroup.com/?page_id=2

-{ Quote: "
Conclusion: big vendors except for Kaspersky and avira fails this test.
" }-
"Pass or fail " is a subjective notion,esp when it comes to such tests,and should be thrown around with discretion.

http://www.wilderssecurity.com/showthread.php?t=251113

There is a test discussed here, but is this the same one?

-{ Quote: "http://www.wilderssecurity.com/showthread.php?t=251113

There is a test discussed here, but is this the same one?" }-
No, its a new one released today

-{ Quote: ""Pass or fail " is a subjective notion,esp when it comes to such tests,and should be thrown around with discretion." }-
Hey no offence, but I was jst saying what it could be conceived from this test

-{ Quote: "Hey no offence, but I was jst saying what it could be conceived from this test" }-
Virus names used seem to be Kaspersky labeling isn't it?

-{ Quote: "Virus names used seem to be Kaspersky labeling isn't it?" }-
Ok fine, if you think if you think it looks like labeling, I have edited my post no more mention of any names.

On behalf of ESET I'd like to mention that:
1, all files we've found to be dected as "Trojan.Ransom.Win32.SMSer.in" by any of the AV vendor are already detected. Since different malware families were detected in this name and we don't have the hash of the missed files, it's impossible to tell when exactly detection was added. The point is all these malware families are currently detected by generic signatures and no single file was missed.

2, As for Trojan.Win32.Inject.ahhq, this one is intentionally undetected if we talk about the very same file. When executed, it simply does nothing malicious, just finds a specific window and ends. It may be a part of malware, but it's completely benign and thus not subject to detection.

Thanks for the update Marcos. Always impressed with Nod32.

It seems a bit odd to me to be directly comparing standalone AV products with integrated suites such as Online Armor ++ and CIS.For example BitDefender AV missed 7 samples,why not use their Internet Security product? Surely such a test should be like for like ???

Agree with you andyman. At the same time, although a small number of samples, it's interesting to see the difference between a small AV such as Twister, an up-and-coming VIPRE, compared to G-Data or so.

Overall, I'd say all of the programs discussed on this forum and used by members did well.

Need more informations?

Go to: hxxp://malwareresearchgroup.com/?page_id=4

"For all general information about Malware Research Group please contact:"
Info>at<MalwareResearchGroup.com
Link: hxxp://mrg.ssupdater.com/info@malwareresearchgroup.com

-{ Quote: "
Malware Research Group has no connections to ssupdater..." }-

Cheers

-{ Quote: "Need more informations?

Go to: hxxp://malwareresearchgroup.com/?page_id=4

"For all general information about Malware Research Group please contact:"
Info>at<MalwareResearchGroup.com
Link: hxxp://mrg.ssupdater.com/info@malwareresearchgroup.com



Cheers" }-

No surprises here. :thumbd:

Haha another MRG test, here we go!

-{ Quote: "Haha another MRG test, here we go!" }-

this thread will probly span another 10 pages. :)

Well done BitDefender ::) Congratulations to Panda, great improvement :)

The gentlemen from MRG/SSUpdater preferred to remove the link from their site. :'(

But it can still be found at the yahoo cache. :o

211822

Cheers

-{ Quote: "The gentlemen from MRG/SSUpdater preferred to remove the link from their site. :'(

But it can still be found at the yahoo cache. :o

211822

Cheers" }-

sneaky... :dry:

Again you leave out Rising RAV, if you do decide to test it change the defaults which have a lot of good features disabled and enable them all and set it high protection to high. I use AVIRA PE but also RAV under RIS 2009 on systems that need extra protection where AVIRA PE doesn't feature email protection. But good to see the APE catch everything you had thrown at it though! :)

-{ Quote: "The gentlemen from MRG/SSUpdater preferred to remove the link from their site. :'(

But it can still be found at the yahoo cache. :o

211822

Cheers" }-
This does explain a lot about the strange methodology of this test. SSUpdater tests always included the likes of MBAM and SAS in an unrepresentative way too.::)

Twister only missed 2! It is looking VERY promising, to my *twisted* way of thinking.8)

However, my computer's main contraceptive continues to be Avira -- nonpareil!

-{ Quote: "This does explain a lot about the strange methodology of this test." }-
As the results seem to be random, I don't think it depends on any defined methodology. :dry:

Cheers

-{ Quote: "As the results seem to be random, I don't think it depends on any defined methodology. :dry:

Cheers" }-
The strange methodology I'm referring too is the comparing of standalone AVs alongside full security suites with included HIPS.

-{ Quote: "Then again, 60 malware isn't exactly a very accurate way of measuring how well a black-listing/behaviour-blocking program does.

You need 60 million samples really. I don't know. It's all a roll of the dice anyway, as to whether the black-lister/behaviour-blocker will detect it or not." }-
Very true.Dynamic testing is extremely time consuming though which is why most just tend to do on-demand scan tests upon a large number of static samples.

Until someone comes up with an effective way to test a large number of currently active malware in a real-world way at best all these tests are a small indication of a product's capabilities and a great way to start a heated Wilders debate.;D

-{ Quote: "Then again, 60 malware isn't exactly a very accurate way of measuring how well a black-listing/behaviour-blocking program does.

You need 60 million samples really. I don't know. It's all a roll of the dice anyway, as to whether the black-lister/behaviour-blocker will detect it or not." }-

Hi ssj100

Do you how long it will take to execute 60,000,000 samples one after the other? It could take weeks or probably months and there is a good possibility that the PC would crash even before you reach the 1,000th sample. Good Luck trying though. ;D

-{ Quote: "this thread will probably span another 10 pages. :)" }-
Yeah, probably. A waste of expensive bandwidth. And also a deterioration of our valuable brains. Pfffff...::)

-{ Quote: "On behalf of ESET I'd like to mention that:
1, all files we've found to be dected as "Trojan.Ransom.Win32.SMSer.in" by any of the AV vendor are already detected. Since different malware families were detected in this name and we don't have the hash of the missed files, it's impossible to tell when exactly detection was added. The point is all these malware families are currently detected by generic signatures and no single file was missed.

2, As for Trojan.Win32.Inject.ahhq, this one is intentionally undetected if we talk about the very same file. When executed, it simply does nothing malicious, just finds a specific window and ends. It may be a part of malware, but it's completely benign and thus not subject to detection." }-

Closing any window is malicious to me, what if I'm doing an assignment and it closes my assignment. :argh: