Anti-Malware.ru: (Zero-Day) malware test

This test is a joke? They collected a pile of applications including HIPS, AVs, Suites, Sandboxes and tested them altogether. Camparing oranges with apples.

 

Why should a user care if Malware is stopped by apples or oranges. Either security software is effective or it is not.
BTW this sounds like a postulation to test only suites vs suites and sandboxes vs sandboxes etc.
But why? Just to let suites shine in their own little test?

The only thing I don't like is that both added "HIPS" are from Russia. It would have been really interesting to see the results of apps like Geswall, Sandboxie or Malware Defender as well.

Cheers

 

Way to go Ilya. Thats why I use Defense Wall.

 

Is there a reason some (all?) testers stop at a service pack update but don't install any further updates? I can see why they would want to keep the system constant throughout the testing period, but I would imagine that there were updates between SP3 being released and July.

Also the translation may be off but is the report saying it tested 36 links total during the testing period? Are dynamic tests by their nature limited to sample sizes of this range?

 

There is a site with the "Test Methodology":
http://translate.google.com/translate?hl=en&sl=ru&u=http://www.anti-malware.ru/node/1922
Seems like it was rather difficult to find Malware which was not detected by more than 20% of the tested Scanners at VirusTotal.

Cheers

 

Comodo can stop over 80% and Outpost barely 40% ....
I thought Comodo and Outpost has nearly similar HIPS capabilities.

 

The report says that all AV's (their wording even though not all contenders were AV's) were tested with standard default settings which, for OSS, could mean it was in learning mode. Certainly OSS default settings won't pass leak tests and is not a fair reflection of the capability of the suite. In my opinion tests like this are of little value other than curiosity. There is too little information on the setup of each contender.

By the way, when I click the link to that site to view the report I get many suspicious packets blocked by OP (I'm currently using the FW not the full suite but have licences for both and have used both).

 

With the Google translate link?

Cheers

 

yeah, i just wish more people knew that.

 

Agreed.

 

Good to know that I'm using the Best protection.

.........
..........
.......
DefenseWall

 

and you dont have to be waiting for database updates

 

Yes that's correct.

 

I'm not going to bash DW because I happen to think it's good at what it does but I found it too heavy on my system. I know you guys love it because the praise flows freely in almost every thread of the forum.

 

same as aigle - same useless test as matousec offers - only another color.

 

Hardly a useless test, when it shows how many so-called Security Suites are quite incapable of preventing new malware infection.

Who cares which antivirus can identify the most long dead threats, if they can't stop what is happening now?

 

Why did you consider DefenseWall as "heavy"?

 

Defensewall

 

I'm not bashing DW, Ilya, as I happen to think it's a unique solution and the concept is great. I tried it a few weeks ago and there was a definite delay when I load my browser (firefox). I am in the habit of closing and reloading my browser often so it became an annoyance. I guess that any virtualization or rules based product would add some kind of overhead as you can't get something for nothing. I'm open minded and when DW3 is the current version then maybe I'll take another look.

I like that you are visible in the forums and quick to respond to user concerns. That's something the big companies seem unable to achieve. Keep up the good work.

 

I could write a report on a comprehensive test I have just completed and publish the results along with a link to the report and you would believe whatever I said. If someone wants to pay me to put their product in first place send me a PM

We see these so called tests all the time and the methodology employed is usually lacking in any great detail so how can we be sure that the results have any meaning or value other than scare mongering? Do we blindly accept results then go changing our AV if it's shown way down the list? I think that's what happens a lot.

This latest test used 'out of the box' default settings for each of the products tested. That tells me they took that approach because it's the easy way to do it and doesn't involve the testers having to know anything about the product they are testing. We all know that AV's, HIPS, FW etc all need to be configured properly to give a desired level of protection. You need to get to know how each security software works in order to get the best protection from it.

This test is flawed but the gullible will see a table of results and think that many of the products tested are providing very little protection when, in fact, that is not true. You only have to look at the variance in results from different tests to see that far from providing any clarity these tests are simply causing confusion and creating fog.

The only way to get meaningful results is to do your own test.

 

OK, that's why I ask. Usually, FireFox slowdown because of DW is about two or three seconds at my computer. Well, four maximum. If, in your case, time delay is more then this numbers, you need contact me in order to initiate investigation process.

 

Unfortunately, it's true. If security software is so strong, why their customers keeps get infected, over and over again?

 

forget about the antivirus technology it doesnt keep up their database againts the thousands of new nasty malware,we need proactive protection in our pc's
i know some people spend alot of money in security suites and still get infected for example i have a friend he called and invite for a diner tomorrow for the purpose of pc clean up and he has avast antivirus and other antispyware solution with a firewall and still got hit i bet with just defensewall on his computers i will not be invited for the dinner thanks to avast and his antispyware solution i will eat tomorrow lol

 

Did your friend get infected after visiting your website?

 

No I think you are wrong. I think this is the way to test because any complete security needs to work for someone with no knowledge of computers. It is no good having a default configuration which fails. Most people would have no idea and less interest in altering the default settings. They need protection the most.