AV-Test -XP Exploit Test April 2014

Discussion in 'other anti-virus software' started by smallav, May 10, 2014.

Thread Status:
Not open for further replies.
  1. smallav

    smallav Registered Member

    Joined:
    Jun 2, 2006
    Posts:
    17
    www.av-test.org/fileadmin/pdf/reports/AV-TEST_XP_Exploit_Test_April_2014.pdf

    Qihoo is good.

    In another XP Exploit test by PCSL, hxxp://www.pitci.com/report/exploit/xp_exploit_review_201404_cn.pdf, Qihoo got TOP too. Avira and ESET got ZERO Point. :-(

    And the third, AV-C's same test, hxxp://www.av-comparatives.org/wp-content/uploads/2014/05/exploit_test__xp_eos_201405_cn.pdf[?PLAIN], Qihoo is NO.1 again.

    Reports from PCSL and AV-C are Chinese language only, seems for Chinese people specially.:)

    Qihoo, good job!!
     
    Last edited by a moderator: May 10, 2014
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Low detection by ESET. :thumbd: Good results for Norton and Quihoo. :thumb:
     
  3. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    People actually pay attention to these 'sponsored' tests? Those weren't even real threats, they were entirely 'synthetic', as such - I consider them relatively meaningless. The stronger the HIPS, the better something would do on entirely synthetic created, fake exploits. Not surprising, is it?

    I found this line in the test hilarious..

    The missed cases all use the messagebox payload, which of course wouldn’t be used in a real attack.

    So... Umm.. Why bother testing something that would never be used in a real attack? Further, this line seems to indicate that a good result in this 'fake' test protocol, doesn't actually equate to real life protection;

    So a good result in this test is not a guarantee that they will generically detect all attacks in real life.
     
  4. @DoctorPC good find, synthetic test also bypasses some of the security mechanism (like AVG Linkscanner)

    Coincidently was asked to put an AV on a WIn 8.1 home, so playing with exploits at the moment.

    Another surprise: WD is not as bad in my limited testing as the test of AV companies suggest o_O used about 25 fresh samples (from 4 to 48 hours) and 10 exploits from last two pages of Malware Domain (this is a to small a test set, I known).

    Discovered that Windows Defender is faster as MSE (WD loads IE11 on average 0.1 sec faster as MSE, while they should be identical o_O)

    AVG Linkscanner, will cost you little CPU overhead, while giving extra protection. Database of AVG Linkscanner really is small (< 1MB), research shows that 95% of exploits is using (variants) only 30 exploitkits.

    Best anti-exploit (AV based) setup with my (to small to be relevant) test: Panda FREE 3.0 with AVG Linkscanner FREE (of course with free EMET 4.1 Update 1).
     

    Attached Files:

    Last edited by a moderator: May 10, 2014
  5. blasev2nd

    blasev2nd Registered Member

    Joined:
    Mar 27, 2014
    Posts:
    47
    interesting
    what is the advantage of avg link scanner compared to bitdefender traffic light?
     
  6. AVG Linkscanner filters out (javascript) which uses known exploitkits (does job well). Trafficlight (depending on version) is primarely an URL filter, so you could use them together. URL filtering is a numbers game, therefore I think all those add-ons provide little additional protection over IE and Chrome build-in URL filters.
     
  7. blasev2nd

    blasev2nd Registered Member

    Joined:
    Mar 27, 2014
    Posts:
    47
    I see, thanks for the info...
     
  8. Gein

    Gein Registered Member

    Joined:
    Dec 8, 2013
    Posts:
    219
    Kind of a limited list of vendors isn't it? I'd love to see how F-Secure's deepguard performs on tests like this, but they never seem to be included.
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    That´s why shouldn´t rely on your AV to protect against exploits. You should rely on specialized tools like EMET and MBAE. :)
     
  10. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    Adguard has a remarkable exploit/malware domain filter system. I tested it last night on Malware Domain List, and it nixed 99% of every website I ran through it. Given how small, fast, and complete it is, I consider Adguard quite essential these days! Especially since Admuncher development has been terminated.

    http://i59.tinypic.com/343t89w.jpg
     
  11. tgell

    tgell Registered Member

    Joined:
    Nov 12, 2004
    Posts:
    1,097
    Av-Test.org listed Qihoo 360 as being Qihoo 360 Internet Security 9 Beta 9.7.0.1001 Beta. I thought the last beta was version 5.
     
  12. smallav

    smallav Registered Member

    Joined:
    Jun 2, 2006
    Posts:
    17
    Agree. But non-professional users did not know that.
     
  13. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,886
    Location:
    Innsbruck (Austria)
    As stated at least in our report, Qihoo wanted to have the results of their Beta product included, and with activated sandbox (as they recommend for XP users).
     
  14. smallav

    smallav Registered Member

    Joined:
    Jun 2, 2006
    Posts:
    17
    Yes, we can see that. Any problem?
     
  15. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,886
    Location:
    Innsbruck (Austria)
    I just replied to tgell about the Chinese beta version used.
     
  16. IvoShoen

    IvoShoen Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    849
    Of course Qihoo did good, they commissioned the test.
     
  17. tgell

    tgell Registered Member

    Joined:
    Nov 12, 2004
    Posts:
    1,097
    Thanks, I didn't see anywhere in the report that the Qihoo tested was the Chinese version. So, the Chinese beta version is at 9 and the English beta version is at 5.
     
  18. harshisthere

    harshisthere Registered Member

    Joined:
    Aug 8, 2011
    Posts:
    84
    All of the three tests are same and they cannot be called independent.
     
  19. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Is news about this test mentioned anywhere on the AV-Test website?

    @smallav: Thanks for posting :).
     
  20. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,102
    Location:
    on my zx10-r
    imo junk test
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.