Full F-Secure + Adaware Pro for free w/Lifetime License.

[Sputnik]

@Firefighter
I've been discussing about F-Secure's Libra engine any times already... The official statement at F-Secure is "Libra is NO F-Prot engine" they don't ever mention about the database...
Personally I think just like Firecat that F-Secure made their own engine using the F-Prot databases, maybe we can invastigate if the Libra and F-Prot update sequence are simular

[Firecat]

Quote:

Originally Posted by Firefighter

My fault, I just corrected my former post.

Best regards,
Firefighter!

But still...if all three AVs had a common heuristic name, its likely it came from Libra.

[Firefighter]

Quote:

Originally Posted by StyleWarz

@Firefighter
I've been discussing about F-Secure's Libra engine any times already... The official statement at F-Secure is "Libra is NO F-Prot engine" they don't ever mention about the database...
Personally I think just like Firecat that F-Secure made their own engine using the F-Prot databases, maybe we can invastigate if the Libra and F-Prot update sequence are simular

So, after all, they made it, a KIA with exact the same design and performance as Ferrari's.

Best regards,
Firefighter!

[Blackcat]

Quote:

Originally Posted by Firecat

I personally see nothing wrong in putting samples in archives. Of course, I could be wrong, but putting in archives would only show off a better part of the AV as any AV out there can easily detect malware in files. No offense towards anybody, but archiving can in no way affect any AV's performance. The file packers are meant for files only.

Simply looking at a scanner's log-files after archived malware testing is both very time consuming and inaccurate in terms of the actual number of detected samples. This is because in some situations, for example with packed malware, some AV's count the same sample twice.

The infected archive count using scan logs can therefore be much higher than the original malware sample size!!! Initially, I was very surprised by this result when I first started my amateur AV malware testing

Therefore it is better to scan the archive and allow the scanner to delete the recognised malware; then compare the number of remaining samples with the original malware collection size.

Now, IMHO, some AV scanners do have problems in scanning/deleting archived samples.

Quote:

Originally Posted by _anvil

That said, it is to be noted that test samples should never be in archives (be it ordinary "zip" or exotic "Win32 Ultra Shrink 2000 Plus" archive) in a proper detection rate test.

Agree completely.

Quote:

Originally Posted by Firecat

Its not very easy to put up a test like that and do testing and get your PC in risk

Keep samples off your machine and any zipped samples collected from well-known VX sites can be extracted to a flash drive or equivalent to test an AV scanners detection rate

[Sputnik]

Quote:

Originally Posted by Firefighter

So, after all, they made it, a KIA with excact the same design and performance as Ferrari's.

But nothing is wrong with a KIA, they use Huyendai (?) engines and just roll... Nothing special but a KIA car does what it has to do, without to much problems

[Firefighter]

Quote:

Originally Posted by Blackcat

Simply looking at a scanner's log-files after archived malware testing is both very time consuming and inaccurate in terms of the actual number of detected samples. This is because in some situations, for example with packed malware, some AV's count the same sample twice.

I agree! Actually I am counting different zip file sample names, if the rename/delete/move option is not possible. This is from Shaw Secure logfile and I counted that as ONE detection.

• Worm_731\Email-Worm.Win32.Klez.h.zip\I-Worm.Klez.h\[From cij1999 ][Subject:[Users] Re:users,japanese girl VS playboy] Suspected infection: Exploit.HTML.FileDownload
• Worm_731\Email-Worm.Win32.Klez.h.zip\I-Worm.Klez.h\[From cij1999 ][Subject:[Users] Re:users,japanese girl VS playboy]t13[1].scr Infection: Email-Worm.Win32.Klez.h
• Worm_731\Email-Worm.Win32.Klez.h.zip\I-Worm.Klez.h Suspected infection: Exploit.HTML.FileDownload

Best regards,
Firefighter!

[Firefighter]

Quote:

Originally Posted by StyleWarz

But nothing is wrong with a KIA, they use Huyendai (?) engines and just roll... Nothing special but a KIA car does what it has to do, without to much problems

I agree that KIA is a very good choice. In Finland it has 5 year warranty to 150 000 kilometers. Only Huyndai can offer a bit better, 5 years without other limitations.

Probably my next car.

Best regards,
Firefighter!

[Sputnik]

Quote:

Originally Posted by Firefighter

I agree that KIA is a very good choice. In Finland it has 5 year quarantee to 150 000 kilometers. Only Huyndai can offer a bit better, 5 years without other limitations.

Indeed, that's very good... Huyndai has good cars as well...
I'll be happy to buy a 20 year old Lada next year :p but first searching for an appartment

[Firefighter]

Quote:

Originally Posted by StyleWarz

Indeed, that's very good... Huyndai has good cars as well...
I'll be happy to buy a 20 year old Lada next year :p but first searching for an appartment

Why to search an appartment when you can always live in an igloo.

Best regards,
Firefighter!

[_anvil]

Quote:

Originally Posted by Firefighter

This is from Shaw Secure logfile and I counted that as ONE detection.

• Worm_731\Email-Worm.Win32.Klez.h.zip\I-Worm.Klez.h\[From cij1999 ][Subject:[Users] Re:users,japanese girl VS playboy] Suspected infection: Exploit.HTML.FileDownload
• Worm_731\Email-Worm.Win32.Klez.h.zip\I-Worm.Klez.h\[From cij1999 ][Subject:[Users] Re:users,japanese girl VS playboy]t13[1].scr Infection: Email-Worm.Win32.Klez.h
• Worm_731\Email-Worm.Win32.Klez.h.zip\I-Worm.Klez.h Suspected infection: Exploit.HTML.FileDownload

Sorry, I don't really get it...
Is there more than one file in this archive? If yes, why?
You are supposed to test only the real Klez malware file (in this case, it seems to be a *.scr).
The rest seem to be exploits, which are to "deliver" the malware. Don't you have an own exploit section?

And again: why are your samples zipped at all? That is confusing and can falsify the results.

[Firefighter]

Quote:

Originally Posted by _anvil

Sorry, I don't really get it...
Is there more than one file in this archive? If yes, why?
You are supposed to test only the real Klez malware file (in this case, it seems to be a *.scr).
The rest seem to be exploits, which are to "deliver" the malware. Don't you have an own exploit section?

And again: why are your samples zipped at all? That is confusing and can falsify the results.

Because my samples are in my PC all the time, I don't want that my resident security programs are alarming me too often.

Over 95 % of my samples contains only one infected file, but because they were picked from virus collection sites, s...t happens.

This may falsify the total results a bit, but only towards a bit better detection rate among some not so good av:s.

Best regards,
Firefighter!

[Sputnik]

Quote:

Originally Posted by Firefighter

Why to search an appartment when you can always live in an igloo.

haha, nooo Igloo is too cold

[kloshar]

IT'S HYUNDAI, NOT HUYNDAI.

[Firefighter]

Quote:

Originally Posted by kloshar

IT'S HYUNDAI, NOT HUYNDAI.

I agree. My fault.

Best regards,
Firefighter!

[abhi_mittal]

I tried this rebranded product on my Celeron M 1.5Ghz, 256 RAM Notebook PC. The product is genuine F-Secure Antivirus 2005. Its loaded with a Firewall, spam control, parental filters etc.
But, I found it to be a major resource hog. I feel it surpasses Norton. It adds a number of processes and consumes your RAM like crazy.
I recomend that users with fast processors and large memory (512MB) should stick with it.
Lower end machines cant cope with it.

Regards,
Abhishek

[no13]

Quote:

Originally Posted by StyleWarz

haha, nooo Igloo is too cold

Igloos are insulated and trap the heat withiun them, dude!

[Firefighter]

Just added Norman VC 5.80.02 with Sandbox to my test table in post 78. this thread. Detected 10 as "possible", 29 as "New unknown virus" and 93 by Sandbox.

Best regards,
Firefighter!

[Blackcat]

Is this good or bad compared to your other tested AV's, FF?

[Firefighter]

Quote:

Originally Posted by Blackcat

Is this good or bad compared to your other tested AV's, FF?

To be honest, I expected more from Norman against viruses, trojan like detection was about that I expected.

Best regards,
Firefighter!

[Firefighter]

Unfortunately there was an calculating error in the last Norman trojan like detectings in post 78. The table should be.

Best regards,
Firefighter!

[suebaby41]

Quote:

Originally Posted by abhi_mittal

I tried this rebranded product on my Celeron M 1.5Ghz, 256 RAM Notebook PC. The product is genuine F-Secure Antivirus 2005. Its loaded with a Firewall, spam control, parental filters etc.
But, I found it to be a major resource hog. I feel it surpasses Norton. It adds a number of processes and consumes your RAM like crazy.
I recomend that users with fast processors and large memory (512MB) should stick with it.
Lower end machines cant cope with it.

Regards,
Abhishek

When I checked F-Secure Anti-virus on the anti-virus section, my copy said that it was 2004. I downloaded from the site Friday. I like the product and will keep it even if it is 2004.

[Sputnik]

@Firefighter
Are the results of Command AV the same as F-Prot? I heard they use the same engine, and since the results of Command AV in your test are just fine, F-Prot might get more interesting every day for me

To Firefighter:

Can you add Dr.Web with its Spyware/Adware databases into the text mix? I think the extra database adds about 3,000+ more threats.

Thanks

[Firefighter]

Quote:

Originally Posted by StyleWarz

@Firefighter
Are the results of Command AV the same as F-Prot? I heard they use the same engine, and since the results of Command AV in your test are just fine, F-Prot might get more interesting every day for me

Not tested F-Prot recently, but after that CSAV 4.92.8 found 40+ samples as suspious that were not in the original scanlog and were not deleted as the other detectings, I think that Command and F-Prot are now very close each other.

Best regards,
Firefighter!

[Firefighter]

Quote:

Originally Posted by SDS909

To Firefighter:

Can you add Dr.Web with its Spyware/Adware databases into the text mix? I think the extra database adds about 3,000+ more threats.

Thanks

Unfortunately I don't have DrWeb licence anymore and my trial period has outdated, I just can't test DrWeb anymore. Before, it was better than Command or BitDefender with about 100 detectings.

Best regards,
Firefighter!