BOClean, Ewido, A2, or other? I mean in terms of real-time scanning. I am not that interested in removal at this point, I will use everything available for removal. I am looking for a good real-time defense.

Thanks

B.

I guess BOCLEAN...

I will choose, ewido :)

I use Ewido Free and A2 Free and if there was a BOClean Free, I would use that one too.
One AT scanner isn't enough. What BOCLean doesn't remove, could be removed by Ewido or A2 or even by my other AV/AS scanners, if I'm very lucky.
Thank you for your attention. :)

-{ Quote: "I use Ewido Free and A2 Free." }-
BUT these free versions will do nothing for his real time defense which he requested.

Before considering any of the commercial AT scanners for real time protection look at how good your primary AV scanner is at trojan detection.

For example if you have KAV, McAfee, AntiVir and maybe NOD this may be sufficient, particularly if you backup your primary AV with the free on-demand AT scanners suggested.

-{ Quote: "I guess BOCLEAN..." }-
-{ Quote: "I will choose, ewido :)" }-
Ok, then i will choose both. Since i like them both. ;D

BOClean for me.

Check this great anti-trojan review:
http://www.anti-trojan-software-reviews.com/

I use the free Ewido.

-{ Quote: "BUT these free versions will do nothing for his real time defense which he requested.
" }-
Sorry. This is my n'th mistake and you are very right.
So no real-time protection against Trojans for me. :)

-{ Quote: "Check this great anti-trojan review:
http://www.anti-trojan-software-reviews.com/

I use the free Ewido." }-The reviews are a little old. They date from Aug 2004 and several have launched new versions and one (TDS-3) was discontinued recently.

-{ Quote: "Check this great anti-trojan review:
http://www.anti-trojan-software-reviews.com/

I use the free Ewido." }-
You can't use this "test" for anything, it only used 16 trojan samples, which is simply not enough, you need a lot more to be credible. :)

-{ Quote: "The reviews are a little old. They date from Aug 2004 and several have launched new versions and one (TDS-3) was discontinued recently." }-
Actually the website was just updated. If you have beenk keeping up with the page, for example Ewido was in his highly recommended category at the beginning of this year but he decided to upgrade its position to outstanding. He has only forgotten to update the copright dates at the bottom of the page. And he has acknowledge TDS-3 has stopped being supported:
-{ Quote: " TDS-3 Note: This product was discontinued by the developer on 22nd July, 2005" }-
-{ Quote: "You can't use this "test" for anything, it only used 16 trojan samples, which is simply not enough, you need a lot more to be credible." }-
But he has chosen his trojans carefully based on their capabilities to harm computers(e.g. disabling AV and AT programs) and difficulty in getting it removed. We all may feel certain tests are inadequate. For exmple I question AV-Comparatives' test methodology. In the end its which pogram suits us best and his review also other factors such as resource usage, support, and the what each AT program does to prevent itself from malfunctioning.

-{ Quote: "But he has chosen his trojans carefully based on their capabilities to harm computers(e.g. disabling AV and AT programs) and difficulty in getting it removed. We all may feel certain tests are inadequate. For exmple I question AV-Comparatives' test methodology. In the end its which pogram suits us best and his review also other factors such as resource usage, support, and the what each AT program does to prevent itself from malfunctioning." }-
This is exactly why you can't use the detection part of this review, because with so few samples, he could easily have choosen samples that would make the AT with the best overall detection, detect very (maybe zero) little and make a really bad AT detect all 16 samples, you need a lot more to make any meaningfull test we are talking thousands of samples, not 10-20. :)

TDS 3 was great but trojan hunter is not far behind in my opinion has good detection rates...

16 samples. It's comical. Plain and simple as that. Comical.

-{ Quote: "Actually the website was just updated. " }-

The tests are a joke. With respect to "just updating the site", the reviewer added a comment to the site to make readers aware of the situation regarding TDS3. There is no indication that he has run any new tests based on the dates in the reviews.

I believe there have been new versions of A2, Ewido, BOClean and TH released since August 2004. Kind of invalidates the test.

-{ Quote: "16 samples. It's comical. Plain and simple as that. Comical." }-

I agree. I can't believe anybody can take this test seriously. 16 samples? You can find more in half an hour of 'hunting' in the wild.

OK, I suggest for those ripping and blasting the test that this man conducted, to pool your talents and create your own trojan test. If you don't like a freebie sample and think it is "inadequate", stop talking and start acting. I, and I'm sure others will as well, be interested in seeing the test that you have put together as well as the results......

I'm not qualified to do such a thing. But if i tried it and posted the results on the net based on 16 samples then i would expect people to laugh at my test. Which is exactly what is happening here. Crikey, do we take every test as a serious evaluation. What's next, a test based on 6 samples? How about 10 year old Joey doing his own tests hey. The guy on that site is an inkjet salesman for pity's sake. Maybe in his next test he might stretch himself and conduct the test against 17 samples. Wuw! There are thousands of trojans in existance, obviously not all in the wild. But they are available from the right sources. So it doesn't take a genius to work out that 16 is just plain silly.

muf

-{ Quote: "OK, I suggest for those ripping and blasting the test that this man conducted, to pool your talents and create your own trojan test. If you don't like a freebie sample and think it is "inadequate", stop talking and start acting. I, and I'm sure others will as well, be interested in seeing the test that you have put together as well as the results......" }-
Are you saying that we are not allowed to post our opinions on this? The reason why we should not be making such a test public should be obvious, as obvious as 16 samples is not enough to publish a "review" that some will actually go out and buy an anti-trojan on it's ranking.

JR, you could download 32 trojans tonight and try them with some AT's, but it would not make you a credible source if you posted it as a review, even if you made a really fancy site without links to discount inkjetcartridges. :)

-{ Quote: "Actually the website was just updated. If you have beenk keeping up with the page, for example Ewido was in his highly recommended category at the beginning of this year but he decided to upgrade its position to outstanding. He has only forgotten to update the copright dates at the bottom of the page. And he has acknowledge TDS-3 has stopped being supported:


But he has chosen his trojans carefully based on their capabilities to harm computers(e.g. disabling AV and AT programs) and difficulty in getting it removed. We all may feel certain tests are inadequate. For exmple I question AV-Comparatives' test methodology. In the end its which pogram suits us best and his review also other factors such as resource usage, support, and the what each AT program does to prevent itself from malfunctioning." }-I don't know when the latest version of Ewido(3.5) was released but it appears the version tested was 3.0, and the version of BOClean tested is not the latest version 4.12 which was released in Jan /05.

BOClean for me also :)

Regards,

Brandon

I would simply like to see a test, Don, and even if it was 32 samples, I would still like to see a test. Therefore, I appreciate someone who is conducting a test for free, even if it is not very "scientific".

What does this mean? It means that NOBODY is doing any tests! While this test should not "prove" anything to anybody, AT LEAST this man did do a test! And if this man's job was to test anti-trojan products, then of course he would deserve to be ripped for conducting a test with such a small sample base. But the fact is he reviews and tests hundreds of product CATEGORIES (therefore, hundreds and hundreds of various product lines).....so he likely doesn't have the time, desire or ability to devote a huge sample size of trojans for reviewing various different AT products. And since the results are posted for free, and nobody is required to view or acknowledge the results, I don't see any harm with him conducting such a test.

But if anyone wanted to put together a 32 sample AT test and post the results on this (or any other) site, I would definitely be interested in seeing the results. They might not equate to anything more than humorous reading with procedures and results full of holes, but I certainly wouldn't criticize anyone for doing so......

BoClean for me too.

-{ Quote: "I would simply like to see a test, Don, and even if it was 32 samples, I would still like to see a test. Therefore, I appreciate someone who is conducting a test for free, even if it is not very "scientific".

What does this mean? It means that NOBODY is doing any tests! While this test should not "prove" anything to anybody, AT LEAST this man did do a test! And if this man's job was to test anti-trojan products, then of course he would deserve to be ripped for conducting a test with such a small sample base. But the fact is he reviews and tests hundreds of product CATEGORIES (therefore, hundreds and hundreds of various product lines).....so he likely doesn't have the time, desire or ability to devote a huge sample size of trojans for reviewing various different AT products. And since the results are posted for free, and nobody is required to view or acknowledge the results, I don't see any harm with him conducting such a test.

But if anyone wanted to put together a 32 sample AT test and post the results on this (or any other) site, I would definitely be interested in seeing the results. They might not equate to anything more than humorous reading with procedures and results full of holes, but I certainly wouldn't criticize anyone for doing so......" }-

1) Everyone is entitled to their opinions. This is a Security Enthusiast forum which means that tests are going to get a greater degree of scrutiny that on CNet.
2) Yes the review is free, but it's crap. Your average AT has tens of thousands of signatures that cover specific and variants of trojans, yet the reviewer only tested 16. Not what one would call a statistically significant sample. If you want crap for free, I'll be happy to eat a big salad tonight and share the results with you tomorrow. ;D
3) It has nothing to do with the fact that the test is not scientific. It has to do with the fact that for the uninitiated and people lacking expertise in this area, the results are misleading. Good example, the guy that supplied the link thinks that the results produced are credible despite the fact that most of the products in question have gone through one two or three revisions. Do you think it's OK for him to base a purchase decision on the information provided in that test?

-{ Quote: "I would simply like to see a test, Don, and even if it was 32 samples, I would still like to see a test. Therefore, I appreciate someone who is conducting a test for free, even if it is not very "scientific".

What does this mean? It means that NOBODY is doing any tests! While this test should not "prove" anything to anybody, AT LEAST this man did do a test! And if this man's job was to test anti-trojan products, then of course he would deserve to be ripped for conducting a test with such a small sample base. But the fact is he reviews and tests hundreds of product CATEGORIES (therefore, hundreds and hundreds of various product lines).....so he likely doesn't have the time, desire or ability to devote a huge sample size of trojans for reviewing various different AT products. And since the results are posted for free, and nobody is required to view or acknowledge the results, I don't see any harm with him conducting such a test.

But if anyone wanted to put together a 32 sample AT test and post the results on this (or any other) site, I would definitely be interested in seeing the results. They might not equate to anything more than humorous reading with procedures and results full of holes, but I certainly wouldn't criticize anyone for doing so......" }-
Why would you want to see a 16-32 sample test, you can't use it for anything, it (unfortunately) says nothing about the products anti-trojan capabilities.

I couldn't care less if this exact test was posted here by you for example, because then it would just be the basis of a good laugh or as you say "humorous reading with procedures and results full of holes", but thats precisely it, who ever made this, made it on a website called "Anti-trojan-software-reviews" and with no room for discussion or possibility of informing other readers that it is indeed not something you can base a purchase on.

There is a big difference between posting a 16 sample test here and doing it via a seemingly (to the untrained eye) professional review website.

Tazdevl sums it up quite nicely:
-{ Quote: "3) It has nothing to do with the fact that the test is not scientific. It has to do with the fact that for the uninitiated and people lacking expertise in this area, the results are misleading. Good example, the guy that supplied the link thinks that the results produced are credible despite the fact that most of the products in question have gone through one two or three revisions. Do you think it's OK for him to base a purchase decision on the information provided in that test?" }-

I fully agree with tazdevl.
A2 only detects 95276 trojans, so a test with 16 trojans is less than worthless. Isn't that logical ?
The larger the test bed, the more reliable the test will be to evaluate different AT scanners.

Such tests are indeed very misleading for less-knowledgeable users, because they only see the AT on top, without further thinking and they would buy the wrong AT, based on that ridiculous test.

I wouldn't even dare to publish such a poor test on the internet and if the author would feel some responsibility, he would have removed the test from the internet a long time ago.

Best for me, that would be........

BoClean

-{ Quote: "Yes the review is free, but it's crap. Your average AT has tens of thousands of signatures that cover specific and variants of trojans, yet the reviewer only tested 16. If you want crap for free, I'll be happy to eat a big salad tonight and share the results with you tomorrow. ;D " }-

Taz...come on, a big salad? How about a large anchovi pizza, with all the works? Then, top it off with a few nachos with chili cheese sauce and wash it down with a few brewskies. THEN I'd be real interested in hearing the results about your "crap" tomorrow ;D

Seriously though, I think that some people are missing my main point. My point is simply not to CRITICIZE someone for conducting a test. Question the methods, samples used, effectiveness of the results? Absolutely. But rip a man because he conducts a test that doesn't measure up to the standards (or results) that they would like to see? Just seems inappropriate.....

I do understand what you and others are saying about the results possibly being "misleading" because of the size and number of samples used, though. So then, what would be acceptable? A thousand samples? That's still only a fraction, since like you say, most AT products have "tens of thousands" of signatures or variants of. And since, because he isn't a "professional" in the AT field, who is qualified? Kevin from BOClean? Andreas from A-Squared? Peter from ewido? Magnus from TrojanHunter? I think those results would be questionable as well due to potential bias.

No, I would think that an independent test, using a large enough sample base should be sufficient for most. But as I have been saying......who is conducting such a test? NOONE. So rather than criticize and deter others from conducting such a test because their results may not be appreciated, how about encouraging someone to do such a test? And if those criticizing the results are not qualified to conduct such a test, then simply find and encourage someone who is. That way, if a product like BOClean doesn't perform as expected or hoped, they'll need another reason besides sample size or the tester's qualifcations to criticize the results......

-{ Quote: "Best for me, that would be........

BoClean" }-
Clearly Ewido - does the same as Boclean + more! This ewido software has also a very easy user interface but also more and better features.

-{ Quote: "OK, I suggest for those ripping and blasting the test that this man conducted, to pool your talents and create your own trojan test. If you don't like a freebie sample and think it is "inadequate", stop talking and start acting. I, and I'm sure others will as well, be interested in seeing the test that you have put together as well as the results......" }-

That's won't happen. It's takes a special kind of bravery not to mention stupidity, to do such tests. You can talk about qualified people, testing methodology until the cows come home, but any test will be ripped apart by the people who don't like the results. Is there any antivirus test here that doesn't get attacked? Even by the 'professionals'? :)

Most people here are smarter than that to stick their heads out like this. What is there to gain really? I do my own tests and get my own information out of my efforts.

But I don't see any need to publish it far and wide to the ungrateful people who will no doubt bash it if they don't like the results regardless of how carefully planned the methodology is, or how 'qualified' I am.

Don't get me wrong, it's not that I don't want to share my results, but the climate here is such that there is really very little gain in doing so.

-{ Quote: "Clearly Ewido - does the same as Boclean + more! This ewido software has also a very easy user interface but also more and better features." }-

Features which bogg down a system.

For me, BoClean is like everyone stated "set it and forget it"

No computer slow down for me at all.

Ewido real time scanner bogged my CPU down. I also don't like the interface and believe it finds a lot of false positives.

-{ Quote: "Features which bogg down a system.

For me, BoClean is like everyone stated "set it and forget it"

No computer slow down for me at all.

Ewido real time scanner bogged my CPU down. I also don't like the interface and believe it finds a lot of false positives." }-
Neither Ewido or BOClean is slowing my pc, in fact just for kicks, i sometimes run both i real-time and there is no slowdowns seen around here with both.

As for falsepositives, i have had two with both and they were quickly fixed by both, the only difference was that i got a personal mail from Kevin each time (and an apology). Judging from 3-4 years of using BOClean and 8 months of Ewido, i have to say they are both truely "Set & forget" and to me they are the "Topdogs" ATM, this is a personal view of course.

I also think that anyone looking for an AT, a part from those two should take a look at A2 & Trojan Hunter and make a choice based on those four. :)

Come on people, this is getting out of hand...

While 16 samples may not seem a lot, The 2004 Trojan Test Set (http://www.anti-trojan-software-reviews.com/trojan-detection-test.htm) page which details how they were obtained, makes the following points: They were taken from files circulating on P2P networks - i.e. ITW malware rather than zoo samples; Norton AV 2004 was used to "weed out" the common ones; Duplicates (and presumably variants) were removed.So while a small sample, it does consist of what AT scanners need to be picking up (there's little point having a 200,000 signature AT if most simply duplicate what many AVs have) so this is more of a "value added" test.

Those who have been most dismissive of this review appear to underestimate the amount of work needed for such tests. To test a memory scanner, you have to run the malware which means risking infection. To counter this, the tester needs to image their system and restore it after each test for every combination of malware and scanner - that anti-trojan review had 128. Reviewing file scanner performance (which is what almost all anti-virus tests involve) is far less work in comparison so testing with very large samples is far more practicable.

So yes, this review is dated, is only a snapshot and is conducted by an inkjet salesman (as if that was of any significance). However the conclusions drawn there have had more research and work behind them than virtually any posters' recommendation on this forum and they deserve better respect for that alone.

-{ Quote: "Come on people, this is getting out of hand...

While 16 samples may not seem a lot, The 2004 Trojan Test Set (http://www.anti-trojan-software-reviews.com/trojan-detection-test.htm) page which details how they were obtained, makes the following points: They were taken from files circulating on P2P networks - i.e. ITW malware rather than zoo samples; Norton AV 2004 was used to "weed out" the common ones; Duplicates (and presumably variants) were removed.So while a small sample, it does consist of what AT scanners need to be picking up (there's little point having a 200,000 signature AT if most simply duplicate what many AVs have) so this is more of a "value added" test.

Those who have been most dismissive of this review appear to underestimate the amount of work needed for such tests. To test a memory scanner, you have to run the malware which means risking infection. To counter this, the tester needs to image their system and restore it after each test for every combination of malware and scanner - that anti-trojan review had 128. Reviewing file scanner performance (which is what almost all anti-virus tests involve) is far less work in comparison so testing with very large samples is far more practicable.

So yes, this review is dated, is only a snapshot and is conducted by an inkjet salesman (as if that was of any significance). However the conclusions drawn there have had more research and work behind them than virtually any posters' recommendation on this forum and they deserve better respect for that alone." }-

Thank you, Paranoid....for explaining in more detail and a bit more eloquently the point that I was trying to make ;)

I stick to my opinion and I put my feelings aside when I evaluate tests and softwares.
Much work, having respect has nothing to do with evaluating tests and softwares.
I wouldn't even waste my time on a test with 16 trojans and IF I would to it, I would keep those tests for myself and share these tests with people in the same business and certainly not with less-knowledgeable users.

Besides that, I consider AV/AS/AT/AK/... scanners as a very bad solution with alot of other problems.
I would never collect malwares in definition databases, because they come from a very unreliable, inexhaustible, unexpected, unpredictable and above all uncontrollable source : the countless bad guys in the world.
You even have to search for these malwares in order to find them, which makes it even worse.
Any security software that is based on what the bad guys do, is doomed to fail from the start.
That's not the right strategy to fight against the bad guys, collecting their stuff, following their tracks.
You can't keep running after the thief, you have to catch him and beat him on every level.

I'm not a security expert of course, but my way of solving malware would be based on what the good guys do, because that source is very reliable, well-known and above all controllable.
When you have problems you have to look at problems from different angles in order to find different solutions.
If the problems are too difficult, you have to split them in smaller problems and smaller problems are easier to solve.
I'm doing this all the time at my job and I always keep the less-knowledgeable user in mind when I create my applications.

AV/AS/AT/AK/... scanners is just ONE solution and in this case a very bad solution, you just have to find other solutions and of course it isn't always easy. If everything was easy we wouldn't need knowledgeabe people.

-{ Quote: "Clearly Ewido - does the same as Boclean + more! This ewido software has also a very easy user interface but also more and better features." }- ::) If you say so...don't need the "+ more"...I'll stick with BoClean. It is the best for me. ;)

-{ Quote: "
AV/AS/AT/AK/... scanners is just ONE solution and in this case a very bad solution, you just have to find other solutions and of course it isn't always easy. If everything was easy we wouldn't need knowledgeabe people." }-

Scanning is actually the best current solution there is, for a number of reasons. I might be inclined to agree with you if home users always used a limited account except when installing new, trusted software; if they always kept up-to-date with patches; if they never ran untrusted programs and if they never browsed "questionable" sites. Unfortunately this is not what is happening and many users are doing all of these things.

Samples are actually not just what the bad guys provide to the developes. If a new piece of malware is spreading quickly it will end up on many machines and hence have a high probability of being submitted to vendors.

Proactive protection has its place, but it just isn't a solution that works at the moment. Too many users quickly grow tired of "Allow this program to run?" queries and just answer Yes to everything. Including the piece of malware that just injected itself into svchost.exe and wants to access the net.

-{ Quote: "::) If you say so...don't need the "+ more"...I'll stick with BoClean. It is the best for me. ;)" }-

Same here. I have two top AV's that are excellent at detecting trojans. Certainly don't need an AT with a file scanner as well. BOClean will do fine thanks.

M.

-{ Quote: " Certainly don't need an AT with a file scanner as well.

M." }-

I thought the same thing until I ran Ewido's scanner for the first time and it found 78 problems. :o

-{ Quote: "I thought the same thing until I ran Ewido's scanner for the first time and it found 78 problems. :o" }-Were you using another AT with real time protection enabled? If so which one? 78 problems what type? Maybe cookies?