New AV Test From SSU

[maymoons]

Quote:

Welcome to SSUpdater.com Anti-Malware test, the only independent malware test online!!!
In total 30 programs have been tested, which were picked by our members, all the programs tested used maximum settings including heuristic behavior and riskware defense.
The test was conducted in virtual environment using Microsoft's Windows XP SP3 with all the latest updates.
The main goal of this test is to make a comparison to VirusBulletin's VB100 test and therefore we did NOT use any of the samples from their test, another goal is to compare our results with always questionable results form AV Comparatives.
In this case we used a malware sample containing 800.025 items, in the folowing categories:
Windows Viruses, Trojans, Backdoors, Worms, Spyware, Adware, Rootkits, Exploits, Keyloggers, Hacking Tools, Malicious Scripts and other malware
In other words we used 99.5% of the known malware from the last 4 years including this year, we also used samples which are a bit older but only the ones that pose a threat of possible outbreak/infection.
As always we used a collection of unknown malware, those samples are custom made and are NOT for mass distribution, in total there were 18 255 samples in that collection.

Quote:

The Results
(Name/Detection Rate)

1. a-squared Anti-Malware - 99.12%
2. AntiVir PE Premium - 98.88%
3. Avast! - 98.75%
4. Norton Antivirus - 98.69%
5. Ikarus Virus Utilities - 98.48%
6. Kaspersky Antivirus - 97.83%
7. BitDefender Antivirus-97.79%
8. F-Secure -97.21%
9. Zone Alarm-96.91%
10. Spy Emergency-95.64%
11. McAfee VirusScan Plus - 94.18%
12. Comodo Internet Security - 92.53%
13. Twister Anti-TrojanVirus - 92.49%
14. Rising Antivirus - 92.27%
15. Dr.Web- 92.04%
16. Norman Antivirus & Antispyware - 91.78%
17. Blink Personal Edition - 90.93%
18. PC Tools Internet Security - 89.77%
19. Nod32- 88.35%
20. AVG Antivirus - 87.45%
21. Microsoft Windows Live OneCare - 87.12%
22. MoonSecure Antivirus - 86.43%
23. Spy Sweeper with Antivirus - 84.64%
24. TrendMicro Internet Security- 84.13%
25. Spyware Terminator with Antivirus- 61.38%
26. VIPRE- 60.97%
27. 123 Spyware Free - 57.68%
28. Ad Aware - 28.04%
29. SuperAntiSpyware - 07.24%
30. Malwarebytes Anti-Malware - 02.66%

Speed and VB100 Award

1. a-squared Anti-Malware - average - N/A
2. AntiVir PE Premium - fast - Passed
3. Avast! - average - Passed
4. Norton Antivirus - average - Passed
5. Ikarus Virus Utilities - average - Failed(37 wildlist misses, 8 false positives)
6. Kaspersky Antivirus - average - Passed
7. BitDefender Antivirus - average - Failed(4 false positives)
8. F-Secure - average - Passed
9. Zone Alarm - average - N/A
10. Spy Emergency - very slow - N/A
11. McAfee VirusScan Plus - slow - Passed
12. Comodo Internet Security - fast - Passed
13. Twister Anti-TrojanVirus - average - N/A
14. Rising Antivirus - average - Passed
15. Dr.Web - average - N/A
16. Norman Antivirus & Antispyware - slow - Passed
17. Blink Personal Edition - average - N/A
18. PC Tools Internet Security - average - Passed
19. Nod32 - fast - Passed
20. AVG Antivirus - average - Passed
21. Microsoft Windows Live OneCare - average - N/A
22. MoonSecure Antivirus - very slow - N/A
23. Spy Sweeper with Antivirus - slow - Passed
24. TrendMicro Internet Security - average - Failed(3 wildlist misses, 2 false positives)
25. Spyware Terminator with Antivirus - slow - N/A
26. VIPRE - average - N/A
27. 123 Spyware Free - average - N/A
28. Ad Aware - average - N/A
29. SuperAntiSpyware - average - N/A
30. Malwarebytes Anti-Malware - average - N/A


Our Rating and User Experience Advised

1. a-squared Anti-Malware - Good - Extreme Caution!
2. AntiVir PE Premium - Excellent - Minor Caution
3. Avast! - Excellent - Minor Caution
4. Norton Antivirus - Excellent - Safe
5. Ikarus Virus Utilities - Good - Extreme Caution!
6. Kaspersky Antivirus - Very Good - Caution
7. BitDefender Antivirus - Very Good - Minor Caution
8. F-Secure - Very Good - Safe
9. Zone Alarm - Good - Caution
10. Spy Emergency - Very Good - Caution
11. McAfee VirusScan Plus - Good - Safe
12. Comodo Internet Security - Good - Caution
13. Twister Anti-TrojanVirus - Good - Caution
14. Rising Antivirus - Average - Caution
15. Dr.Web - Average - Caution
16. Norman Antivirus & Antispyware - Average - Safe
17. Blink Personal Edition - Average - Caution
18. PC Tools Internet Security - Average - Caution
19. Nod32 - Average - Safe
20. AVG Antivirus - Average - Caution
21. Microsoft Windows Live OneCare - Average - Caution
22. MoonSecure Antivirus - Average - Caution
23. Spy Sweeper with Antivirus - Average - Caution
24. TrendMicro Internet Security - Average - Caution
25. Spyware Terminator with Antivirus - Below Average - Caution
26. VIPRE - Below Average - Caution
27. 123 Spyware Free - Below Average - Caution
28. Ad Aware - Poor - Caution
29. SuperAntiSpyware - Poor - Safe
30. Malwarebytes Anti-Malware - Poor* - Safe

Quote:

* Note: Since this test, like all the other ones that are made by the SSUpdater Crew, will be shown on various websites,forums,support forums.... and will be commented by various "security experts" which favor cretin programs, I call on them to come here at http://ssupdater.com , and give their opinion here where they can get answers from people who are responsible for this test.
Unlike others WE HAVE NOTHING TO HIDE!!!

http://ssupdater.com/modules/Forums/...showtopic=3746

[cruelsister]

For those who are not familiar with this excellent website, the choice of programs to be tested was voted on by the members with the exclusion of those Av's like Avira, Kaspersky, etc which were going to be included no matter what.

Just though it should be mentioned in case anyone had questions about the inclusion criteria.

Looks like Avira tops again and Avast pleasantly surprises us all.

[Don johnson]

Now I want to know if there are many clean/corrupted samples in the test,and if they have enough ability to analyze if all of them contain malicious code

[trjam]

yeah, that $8.00 antivirus didnt do to bad either.

[trjam]

Quote:

Originally Posted by Don johnson

Now I want to know if there are many clean/corrupted samples in the test,and if they have enough ability to analyze if all of them contain malicious code

yes, yes and yes.

[Fuzzfas]

[fanboy on] Way to go Twister, little fella! (not that i care about what AV tests say). Stood up with dignity! [/fanboy off]

Does CIS include the D+ module in the score?

What's the engine of "Spy emergency"?

[Timo Schmidt]

What's really surprising is the Comodo CIS result - OK 92% isn't that good but hey - for a free security suite with a very new antivirus this isn't too bad . According to Melih it will take some month until the antivirus is on par with Kaspersky & Co. - so let's wait and see ^^

[Einsturzende]

yeah, for Comodo, ~92% is great on which/whatever samples...

hello........the most suggested and advocated mbam and superantispyware are languishing at the bottom....

[EraserHW]

I haven't checked this test lately, anyway I had a look at that test on last August and, from what I remember:

1) Not well selected samples (read: let's get all together what is supposed to be infected)

2) Some corrupted samples (yes, some av can still detect them, it depends on the kind of signature used and rules applied - i.e. if a file is corrupted then scan it anyway or not)

3) Wrong file extensions (some files were packed too, while the extension was saying another kind of file)

4) Source codes present inside the collection. Why those? What's the goal with them?

5) Harmless files present inside the collection (i.e. plain text files)

[rolarocka]

It would be interesting to know if CIS AV3 did the work alone or also with the help of D+. But very good beginning

[emperordarius]

I'm starting to believe to the sample corruption. Unless they are using a terribly small amount of spyware, and half of it made up of cookies, I can't really believe this:



28. Ad Aware - 28.04%
29. SuperAntiSpyware - 07.24%
30. Malwarebytes Anti-Malware - 02.66%

[plantextract]

29 and 30 rely on file name detaction (malwarebytes does it quite extensive), so it's good for cleaning an infected system which has sychost in c:\windows but once that program is renamed to 4e3d2eea13ea8.... it won't detect it based on file name

[emperordarius]

Quote:

Originally Posted by plantextract

29 and 30 rely on file name detaction (malwarebytes does it quite extensive), so it's good for cleaning an infected system which has sychost in c:\windows but once that program is renamed to 4e3d2eea13ea8.... it won't detect it based on file name

I don't know about SAS(Maybe Nick can tell us something about it), but MBAM doesn't detect only using file name detection

Look here: http://www.malwarebytes.org/forums/i...showtopic=6316

Quote:

MBAM detects malware through the following means :

MD5
unique strings
semi polymorphic strings
unique GUID linked dlls (and other executable components) (these are bi-directional)
unique load point to file (these are bi-directional)
IPH (unique heuristics we created and without giving anything away bypasses all current polymorphic blackhat packers and encryption and is also immune to randomized file names)
Unique file names combined with FP killing routines (we do not just do file name)
There are many more but I dont want to give to much away .

Quote:

Vundo uses random file names but we detect it at over 95% in real world infections . Stats like this are the real reason some people are getting upset .

Quote:

"vundo is randomly named and polymorphic yet MBAM detects it far more often then most AVs , how are they doing this with just file names and MD5s ?"

"why is MBAM the only application that seems to have a handle on antivirus xp 2008 . it is randomly named and detected by next to no AVs on a regular basis , how are they doing this ?"

[Einsturzende]

Quote:

Originally Posted by rolarocka

It would be interesting to know if CIS AV3 did the work alone or also with the help of D+. But very good beginning

if D+ was tested, testing will for sure be in progress for some time in very long future, and of course when finnished will be at ~100% on testing board...
D+ WAS NOT TESTED . (← period)
P.S. try to execute 800025 items and answer to all D+ questions, number of clicks will be ~∞...

[djohn]

Wow, Avast is breathing down the necks of Avira.

[FRug]

Quote:

"1. a-squared Anti-Malware - 99.12%"

Oh.... PLEAAAASE..... this is so ridiculous it isn't even funny anymore....


Edit: ow wait, they added the IKARUS engine... hooray for an incredible amount of FPs

[Sputnik]

Quote:

Originally Posted by FRug

Oh.... PLEAAAASE..... this is so ridiculous it isn't even funny anymore....

Not really, since it includes Ikarus engine since version 4...

[Sputnik]

@emperordarius
SAS en MBAM are especially for cleaning, not for 'normal av on-access' detection.

@rolarocka
It's on-demand scanning so no help of D+ there.

[emperordarius]

Quote:

Originally Posted by Sputnik

Not really, since it includes Ikarus engine since version 4...

Too bad that it seems to have a lot of positives

a-squared Anti-Malware - Good - Extreme Caution!

[emperordarius]

Quote:

Originally Posted by Sputnik

@emperordarius
SAS en MBAM are especially for cleaning, not for 'normal av on-access' detection.

Yes, I know, but if they got so low scores there musn't have been many spyware samples.

[Sputnik]

Quote:

Originally Posted by emperordarius

Too bad that it seems to have a lot of positives

a-squared Anti-Malware - Good - Extreme Caution!

Ow well, Avira improved in this too. Personally I must say that I saw more fp's from a2's own engine then from Ikarus.

Quote:

Originally Posted by emperordarius

Yes, I know, but if they got so low scores there musn't have been many spyware samples.

Probably. Maybe many viruses were packed, and SAS an MBAM don't have (or very little) unpackers as far I noticed (a couple of months ago).

[ShyGuy]

Why panda 2009 products are not on that Test?
Is a relevant player.

[JasSolo]

Quote:

Originally Posted by ShyGuy

Why panda 2009 products are not on that Test?
Is a relevant player.

They probably don't wanna be in the test, just like they don't wanna be in almost all other tests. I wonder what they are afraid of?!


Cheers