NEW! Rootkit 'detection' test

C.S.J · #1 January 4th, 2008, 09:27 PM

tested via anti-malware.ru, regarding detection of rootkits.

Name: rookit detection.JPG
Views: 3275
Size: 63.6 KB

nod32 is once again shocking me, but for the wrong reasons.

especially as this is their NEW software version.

trjam · #2 January 4th, 2008, 09:40 PM

doesnt shock me, at all. Wonder how Avira would do, their rootkit detection is good.

C.S.J · #3 January 4th, 2008, 09:44 PM

Quote:

Originally Posted by trjam

doesnt shock me, at all. Wonder how Avira would do, their rootkit detection is good.

aviras detection has been good for a while, we all know that jeff.

they did test the 1.0 rootkit detectio from avira which is currently beta I THINK, it scored well as expected.

the_sly_dog · #4 January 4th, 2008, 09:50 PM

Way to Goooooooooooo Kaspersky This product never seems to Amaze me It goes from strength to strength

Well done to the other products -drweb,f-secure, symantec

Eset isn`t Doing so well neither lol

Think they might of forgot to put the rootkit detecter in it

trjam · #5 January 4th, 2008, 09:54 PM

Eset has never had great detection, regardless of what others want you to think. It does excel in other areas though.

the_sly_dog · #6 January 4th, 2008, 09:57 PM

Quote:

Originally Posted by trjam

Eset has never had great detection, regardless of what others want you to think. It does excel in other areas though.

SECOND That 1

huangker · #7 January 4th, 2008, 09:59 PM

Has Eset put some time and effort into rootkit detection?

the_sly_dog · #8 January 4th, 2008, 10:01 PM

Doesn`t Look like it

Maybe The rootkit scanner Was drunk from the christmas party or was Just Very tired And Sleepy lol

Thankful · #9 January 4th, 2008, 10:10 PM

What's the difference between Avira Rootkit Detection and the rootkit detector within Avira AV? Does Avira plan to integrate Avira Rootkit Detection 1.0 within the AV?

trjam · #10 January 4th, 2008, 10:12 PM

It already is there, when you do a system scan, the rootkit detection runs first then the AV. It is fairly seemless.

trjam · #11 January 4th, 2008, 10:13 PM

when you click on configuration choose expert, over on the right will be a bx to tick for rootkit scan first.

Thankful · #12 January 4th, 2008, 10:14 PM

Does it have the same capabilities as the stand alone Rootkit Detection?
Thanks.

trjam · #13 January 4th, 2008, 10:14 PM

huangker · #14 January 4th, 2008, 10:32 PM

Quote:

Originally Posted by the_sly_dog

Doesn`t Look like it

Maybe The rootkit scanner Was drunk from the christmas party or was Just Very tired And Sleepy lol

Well if they haven't put much effort into it then it wont be expected to be very good. Maybe Eset should have a look into developing an anti-rootkit module.

Thankful · #15 January 4th, 2008, 10:47 PM

Quote:

Originally Posted by huangker

Well if they haven't put much effort into it then it wont be expected to be very good. Maybe Eset should have a look into developing an anti-rootkit module.

They already have one. It's called 'anti-stealth technology'. According to the test, it can be improved.

huangker · #16 January 4th, 2008, 11:22 PM

Quote:

Originally Posted by Thankful

They already have one. It's called 'anti-stealth technology'. According to the test, it can be improved.

Yep thanks, I've found a brief article in their knowledge base describing it.

Quote:

Originally Posted by trjam

Eset has never had great detection, regardless of what others want you to think. It does excel in other areas though.

Do you mean Eset has had bad detection of rootkits specifically or just in general?

Diver · #17 January 4th, 2008, 11:24 PM

What happened to rootkit revealer?

solcroft · #18 January 4th, 2008, 11:39 PM

Quote:

Originally Posted by trjam

Eset has never had great detection, regardless of what others want you to think. It does excel in other areas though.

There's a very big difference between detecting a rootkit when it's just a file on a drive, and when it's active and loaded into memory, even when they're the exact same rootkit variant. Doing the former just requires you to have a signature to detect the rootkit, just like any other malware. Detecting the same rootkit when it's active means you need to have advanced technologies to query and obtain low-level uncorrupted information from the OS. Nothing to do with detection rate here.

solcroft · #19 January 4th, 2008, 11:49 PM

Also, keep in mind that the score of anti-virus products for the PoC rootkits is essentially meaningless. A PoC is not malware, though some vendors may choose to detect it as riskware. There's no absolute standard that says that anti-virus vendors need to detect PoC code.

Anti-rootkit utilities, though, should ideally score as high as possible for it. Unlike anti-virus products, they're not designed to distinguish which hidden files/processes/reg entries are real malware, and should ideally be able to report all such hidden data to the user.

s4u · #20 January 5th, 2008, 01:22 AM

Well done Dr Web.
They are getting better and better I see

C.S.J · #21 January 5th, 2008, 03:10 AM

Quote:

Originally Posted by s4u

Well done Dr Web.
They are getting better and better I see

Drweb always seem to always do well at anti-malware, it puzzles me.

The last 2 tests have all been positive aswell

Removal: gold award
hueristics: silver award

pykko · #22 January 5th, 2008, 01:54 PM

Nice... Avira and Kasperksy are the best antiviruses for these type of threats.
NOD32 is at the bottom of the list, as they used us in the last period.

C.S.J · #23 January 5th, 2008, 02:12 PM

nod32 are very good at marketing, and charge a high price for that.

i do like nod32, but its completely over-hyped, and its purely because of av-comparatives and VB.

apart from fantastic hueristics, i dont see anything 'great'

so i would not label this antivirus as the best antivirus of 2007, or 2006.

i would have no problems using nod32 myself, but the hype is too much.

sorry nod fans

---------
nod used to be known as a very light, zero bugs kinda program.
this year, nod have lost all that.

Firecat · #24 January 6th, 2008, 09:57 AM

I am wondering again why Kaspersky's rootkit detection is higher than F-Secure. AFAIK the detection abilities of all products using the Kaspersky engine was supposed to be the same with the exception of the newer, better heuristics on KAV 7.0 compared to the clone AVs. F-Secure isn't bad at all, but still I was not expecting this.

AVG Anti-Rootkit does a fairly good job as well. This bodes very well for the upcoming AVG 8 products

dawgg · #25 January 6th, 2008, 04:23 PM

Quote:

Originally Posted by Firecat

I am wondering again why Kaspersky's rootkit detection is higher than F-Secure. AFAIK the detection abilities of all products using the Kaspersky engine was supposed to be the same with the exception of the newer, better heuristics on KAV 7.0 compared to the clone AVs. F-Secure isn't bad at all, but still I was not expecting this.

Thats got to do with strength of the AV (drivers) when detecting live rootkits.
When the rootkit isn't live (hasn't infected the computer), then F-Secure should detect it.

Also, I think there's a bit of a time-lapse between when Kaspersky issues signature and F-Secure

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search