Rokop test series

[meneer]

The Rokop crew started testing AV tools. So far they reported on GData AntiVirenKit professional 2004 and Norton AntiVirus 2004. I don't know about english translations available, I could summarize a bit if you want it.

What I do like is their testing resources used. Haven't seen that a lot.

You can find the Rokop site via this link

(babelfish.altavista.com is quite effective in translating german to english )

[solarpowered candle]

Hi Meneer, That would be really good if you could summarize it for those of us who dont speak german . Thank you kind sir.

[meneer]

The rokop standard test comprises:
Windows XP system, with a test set of wild trojans, zoo Backdoors, packed Backdoors, common worms (worms, i-worms, P2P, IRC etc.), macro viruses and Dialers, altogether the test set contains 817 Samples.

(please no comments to me... about the test setup )


GDATA:
It's equipped with two scanning engines (Kaspersky and Bitdefender). Kaspersy scanner is very good, almost redering BD useless... almost
Very good detection rate:
* Backdoor Zoo - all found (1 missed by Kaspersky but found by BD)
* wild horses (trojans in this case) - all found
* Backdoors packed - 3 misses (1 by BD)
* Macroviren - all found
* Wild worms – all found
* Dialers - ca. 15 % (12 % BD, 3 % KAV)
* False positives - 8 (BD-Engine)
resources used: 3 processes take 16.6 Mb
Reference test took 3 min. and 1:19 min CPU time

Conclusion:
All in all the program makes a very good impression. A very easy operation, a simple configurability and an excellent detection rate recommend this program.
The impression is clouded a little by the fact that one gets updates only once per week (excluded Emergency update) and that, depending upon configuration and existing hardware, the system performance can suffer somewhat.
The problem with the updates can be solved however through to a support extension connected with additional costs.


Norton 2004:
Scanner weaknesses in detecting dialers and packed virusses.
* Backdoor Zoo - missed 2
* wild trojans, - missed 5
* Backdoors packed - found 9,3 %
* Macroviren - found all
* wild worms – missed 9
* Dialers - ca. 24 %
* False positives - severe errors during testing
Resources used:
5 processes, using 16 to 23 Mb
Reference test took 5:22 min. and 3:02 min CPU time

Conclusion:
In our case the difficult installation and crashes with the false positive test cloud the general impression. (Rokop are a bit uncertain if the less than positive testresults are due to a testenvironment, although their system contains no exotic components...)
On the other hand the user interface, the very easy operation and configuration works is appreciated.
The detection rate and scanning new parasites leaves something to be desired, but at least Norton started implementing of the scanning of packed executables.

Watch out for the third part of our test series which will be available tomorrow!

[solarpowered candle]

Hey Bo , welcome .

Thank you solarpowered candle!

BTW: our new test is online:

http://www.rokop-security.de/main/article.php?sid=690&mode=thread&order=0

[Primrose]

Thanks Bo and welcome for sure

[Tony]

And heres the translated version

Quote:

In the third part of our test series we regarded the version 8 of the virus scanner of McAfee more exactly. The previous version 7 had left in our test from August 2003 an extremely positive impression, expectations was accordingly high already.



Overview:


McAfee virus CAN 8.0

Build 8.0.22

Engine version 4.2.60

Dat version 4.0.4313

Dat file produces on 7.1.2004

E-Mail Scan, Instant of measuringclose file checks, Script and Wormstopper, planned Scanvorgaenge, virus map, recognition of Spyware, Adware and dia.-learn

Scope of supply:

1 year virus and software update, weekly

Price: 44,95 ¬ (box version)

Further information and Downloads is there on the McAfee homepage


Documentation:

Beside the 47-seitigen, there is printed manual the more extensive on-line assistance. This is written understandably and during the operation of the program always callable, however not because of manipulation of the key F1, but over a Button in the program window. The explanations are indicated usually in steps, what is to facilitate the operation of the program, however not straight to the Schmoekern in-loads. Rather the assistance is probably to be understood as reference book, if elements of the program are unclear.

The system requirements are indicated for all operating systems (98, ME, 2000 and XP) as identical. So the program is to be running on a PC with a Pentium I 133 MHz and 32 MT main memories. We regard this however as a very optimistic indication.

Installation/Deinstallation:

Installation: The installation is very easy, because after inserting the program CD an autostarting screen is indicated, which offers an option apart from optional regarding of the manual or the last pieces of news also for the installation.
The set UP screen makes a good impression at first sight, since it indicates four steps, which are to probably represent the progress of the installation. Incomprehensible way was already jumped over the first point with the start of the Setups and which with "Download implemented" is meant, simply one conceals to the user. Also the last point of this progress announcement makes already curious when starting. Thus the last step seems to be the failure of the installation, because this is marked with "Instal. broken off". Probably it should read "Instal. locked", because this actually passes at the end of the Setups. During the installation one can select only whether a Desktopsymbol is to be put on and whether one would like to transmit statistic data at McAfee, which are used for the virus map. With the virus map concerns it a map of the world, on which one can regard the infection rates.
To the restart PC loads the guard, who calls itself with McAfee "ActiveShield", automatically and an assistant makes the user attentive on innovations in the program. The registration starting on it is necessary, in order to be able to refer signature updates automatically over the update function existing in the program. Beside the symbol in the Tray, one finds program linkings in the starting menu and, if one indicated this for the Setup, on the Desktop.

Deinstallation: The program must be deinstalliert in two stages. First one deinstalliert application of virus CANS over the system control and starts the PC again. Afterwards the "SecurityCenter" must over the system control be likewise removed and the PC again be again started. Despite these quite aufwaendigen Deinstallationsroutine remain some files and files on our test system, which we had to delete by hand. Also in the Windows registration still various entries were to be found, which were not removed automatically.

Prompting:

McAfee sets with the administration of the program on a program surface named "SecurityCenter". Although this is developed quite responding and has also a summary page, the surface does not leave a good impression. This is connected particularly with the strategy to want to anpreisen the user further "safety programs". Like that already menu options for the programs McAfee Firewall plus and Privacy service are present. Also the summary page already indicates information about the further products. Thus no information meaningful according to our opinion is indicated there like the conditions of the virus signatures or recommendations for a system CAN. Rather by statistics like "my safety index" it is indicated that the PC without the further products of the company is optimally secured McAfee not yet. One finds the reference to further programs of McAfee also in the context menu of the Traysymbols. The program can be administered however over this Kontexmenue around lengths more simply, than over the "SecurityCenter".

The options of the program are not very extensive and not always are clear, as the connection between the standard menu opinion and the extended opinion is. Fortunately there is a short explanation under each option and if this is not sufficient, one led across one click on the assistance Button to the suitable entry in the on-line assistance, to who somewhat more exactly all explains. The selected attitudes cannot be protected with a password.

An amazing decision is the use of ActiveX and ActiveScripting for program functions and the user surface. Thus the program cannot be used actually, if the sicheheitsrelevanten functions mentioned are deactivated in the InterNet Explorer. The surface of the "SecurityCenter" is not usable and still more badly weighs that the update function is no longer usable. If one deactivates all ActiveX functionalities and Active Scripting, then acknowledge virus CAN this with messages like these:



Functional test


Recognition achievement: The recognition achievements of the program are considerable. The dial he recognition and the fact are particularly positively noticeable that no false alarms were produced:


Backdoor zoo - all found

spread Trojaner - all found

Backdoors run timecompresses - 89%
Macro viruses - all found

common worms  to 1 gives

Dialer - 88 %

False alarms - none



Resources load: McAfee virus CAN produces after the installation 5 current processes on our test computer directly after system start approx.. 28.1 MT RAM occupied. The computing time of the memory resident software amounted to according to task manager 4 seconds. CCU time. On the non removable disk became approx.. 17 MT storage location taken up.

With the scanning of our reference listing virus CAN with the standard attitudes needed altogether 3:20 min. and a CCU time of 1:17 min. With the scanning of the large false alarm test set it only 6:45 needed approx. 100 GB hours.



Pre-setting, functions: The pre-setting is quite meaningful. It surprises at first that ActiveShield all files scanning is, performance break-downs we thereby however not notice could not. The updates are downloaded automatically and installed in the pre-setting. After it a message is only made by this procedure, which is indicated in addition, in the Tray by a separate symbol.

The program CD is not boatable, but emergency disks can be provided under Windows, which support however only FAT partitions. Recognized mark commodity can be administered in the quarantine, whereby the information about the kind of the parasit is quite meager. Also the reference to the McAfee homepage did not lead in our test directly to information about the parasit, although this is present in the on-line data base. When one knows users of the program, all the same whether one decided with the installation to the own participation, the virus map to use, which indicates the world-wide infection rates on a map.

Error behavior:

During the test we could not determine serious, technical lack. The installation ran smoothly and the updates was correctly installed. The program ran completely stably and with operating errors or virus infestation reacted the program with understandable information and supplementing references.
Some users report on difficulties in connection with Outlook express. So ActiveShield and/or the E-Mail is to block examination the receipt of enamels, if under these with a certain mark commodity contaminated messages are. Only after the deactivation of the guard the complete execution of the Mailempfangs and concomitantly the further receipt that are not "infected" enamels to be possible. McAfee is this problem however already admits and a Patch in work to be.

Result:

If one regards only the erkennungsraten and features like the recognition of potentially unwanted applications such as Spyware, Adware or Dialer, then it concerns with McAfee virus CAN 8 a outstanding virus scanner. This impression is supported also by high stability and the error free use, if one refrains from the rare error with the E-Mail receipt.
Only the program surface and above all the dependence of the program of ActiveX and ActiveScripting cloud this good picture. Over the years we saw and also many different program surfaces these with McAfee are everything but perfectly. Thereby e.g. the "advertisement" is noticeable negatively for other products of the manufacturer. Thus the customer gets the impression not to be perfectly protected. Desirable would be also, if on the summary page of the program surface more useful information, as the date of the last Systemscans, the conditions of the virus signatures or the like would be indicated. As complete inakzeptabel however surely some users will feel the mandatory uses of ActiveX and ActiveScripting and for an alternative program will therefore decide. ActiveX is one of the arguments of an increasing number of users to decide for an alternative to the InterNet Explorer. Under this safety-relevant aspect it is more than doubtful that a manufacturer of safety software decides for the use of this technology.
In the manual a small irregularity was noticeable to us, which might be surely not insignificant however for potential/current users. There the license extension is offered around one year for 14,95 ¬, on the homepage however for 24,95 ¬.
Unfortunate it is also that the emergency disks do not exhibit support for NTFS. If one regards the high and strongly increasing spreading of Windows 2000 and Windows XP Professional, then this kind of emergency disk is no longer up-to-date in our eyes.


Details to the test procedure:

One finds a fundamental description of the test series here. Demands are at any time in our forum possible. And here gehts to part of 1 and part of 2 of our test series.

Screenshots:



Bo Derek, 16.01.2004

[Firefighter]

To everyone from Firefighter!

When u are looking at those two last comparison tests made by Rokop, u can see that AVK 2004 with KAV and BitDefender engines is superior to scan runtimepackers compared to any other av.

http://www.rokop-security.de/main/article.php?sid=632

http://www.rokop-security.de/main/article.php?sid=693

The former AVK 12 Pro with KAV and RAV was poorer to detect packed trojans in Scheinsicherheit's test last year than McAfee, KAV and F-Secure but now I believe that there isn't any other av that can unpack so well than AVK 2004 (KAV 5.0 beta?).

Runtimepacked scanning capability according to Rokop last two comparing tests were.

--1. 97.7 % AVK 2004
--2. 89.0 % McAfee 8.0
--3. 87.0 % McAfee 7.0
--4. 84.8 % F-Secure AV 5.40 PE
--5. 82.6 % KAV 4.5 Personal
--6. 60.9 % DrWeb 4.30
--6. 60.9 % RAV v8.6
--8. 58.7 % NOD32 v2
--9. 54.3 % BitDefender v7.1 Pro
10. 28.3 % AntiVir PE 6.21

We have to remember that these results are a summary of two different tests made by a same tester, but anyway.

"The truth is out there, but it hurts!"

Best regards,
Firefigter!

[meneer]

The AVK test is available in English

There's an overview for the three packages tested sofar: at this link.

(Hey guys: will you be testing free AV's too? )

Well, I thought about including AntiVir in our test series but it depends on my (our) time budget. Do you have any candidates you'd like to see?

[illukka]

go ahead! i'd like to see anti-vir in the rokop test

[meneer]

Avast please

We published an english review of this antivirus solution about a year ago:

http://www.rokop-security.de/main/article.php?sid=501

The detection test is not comparable to the one we use in our actual test series, because of different malware samples in our test sets.

[swisscoms]

I would like to see McAfee retested again with it's new engine avaialbele :

http://www.nai.com/us/downloads/updates/engine.asp

This is a highly regarded improvement apparantly.

[SMaus]

And, of course, NOD32. But Roman promised it would we tested anyway. So I'm looking forward...

Regards

Stefan

Quote:

quoting: swisscoms link=board=24;threadid=19391;start=0#msg121586 date=1074529313]
I would like to see McAfee retested again with it's new engine avaialbele :

This would be interesting! On the other hand, this engine only is available via manual update. Therefore it is doubtful, whether this comparison would reflect real life situations a regular user is confronted with.

[solarpowered candle]

I would be real interested to see how e trust promo does BO . It has both vet and inoculateIT .

[StarFox]

-Computer Associates EZ AV 6.1.7 ( Vet Engine )
-eTrust Antivirus 7.0 Promotional ( InoculateIT and Vet on-demand and real-time scan engines )
-AVG 6 free
-Trend Micro PC-Cillin

Quote:

quoting: swisscoms link=board=24;threadid=19391;start=0#msg121586 date=1074529313]
I would like to see McAfee retested again with it's new engine avaialbele :

http://www.nai.com/us/downloads/updates/engine.asp

This is a highly regarded improvement apparantly.

It seems not to be as interesting as I thought it would be!

I retested the whole program with engine 4260 (because of the changed signature files) and then tested it again with the new and promising engine 4320. It virtually made no difference if I used the old or the new engine, the results were exactly the same! By the way, as McAfee performed very well in our original test, improvements are hard to make.

[swisscoms]

Thank you Bo for the retest and info! I found the new engine could catch bugs like Java Byte Verify and NO_Cheat in the zipped archive files, and then delete them. But as you say, the programme has done so well in the past. My favorite AV by far (Enterprise v.7.1.0)

[bigc73542]

I have been trying to tell people for years or at least since version 6.0 that mcafee is an excellent AV.

The next test of our series is online! You can find our Bitdefender Standard v7 test here: http://www.rokop-security.de/main/ar...thread&order=0

Today, we released the next test in our current test series:

AntiVir PE: http://www.rokop-security.de/main/ar...thread&order=0

A free AV as you wished

[Paul Wilders]

Good job, Bo

Gratuliere my compliments

regards,

paul