On-Demand Detection against old malwares

Thanks, I have PMed him..

 

Net Protector, eAcceleration, Zillya & Paretologic tested.

 

Spybot S&D...

 

Coranti wich scored fourth best in the VB RAP test!
http://www.virusbtn.com/vb100/rap-index.xml

 

Comodo one of the big winners, they are becoming a real alternative in the AV industry
Comodo 495/500 (99%)
Comodo 4980/5000 (99.6%)

 

Thanks. Paretologic AV seems to be using KAV + their in-house antispyware. eAcceleration using old v4 engine?

CP Secure was bought by Netgear. I think I posted this info a year ago.

 

And possibly test this one as well:
https://www.wilderssecurity.com/showpost.php?p=1716062&postcount=73

 

@CiX: I will test it..
@SweX: Coranti is in my list..
@thanatos_theos: eAcceleration seems to use Digital Patrol engine.
About CP Secure, I saw it was bought. But it is still there in VirScan scanner. Does Netgear has any AV?

 

Yes tested it already, not updated in the list yet. But it seems to have the same problem as Hitman Pro. It scans only PE files. 16 bit, .Com etc files were skipped.

 

I see. Keep up the good work mate

 

Great, I will never (I think) use Coranti myself, though it should do good since it uses 4 engines? I guess.

Yes, well I sometimes go to virscan.org and pushes F5 once a minute to watch the newly scanned file results
(Just for fun ) and the CP-Secure AV seems to detect quite many of the sample that is uploaded.

 

sg09,

Can i ask what is the relevence of your tests in your opinion since the test samples used are probaly no longer distributed on the web ?

It appears to me the only places that anybody is at risk from them is by downloading them via someones VX/test collection and lets face it there no chance of a driveby attack by that vector.

So all i see is some folks get the warm fuzzy feeling that their brand has detected 90-100% of these no longer actively distributed malwares.

Rather a false sense of security being sold there as its how they perform against new malware being served up today from the bad guys which is the only true metric.

Unfortunetly the truth there is its far from 90-100% detections rates today.

 

I disagree. Some vendors remove their sigs for old malware thinking it isnt needed and to keep their overall package smaller. Old malware can be just as deadly today for those who removed the protection for it.

 

Hi, its a more than valid argument. But please understand that I am not from any testing organization. I am just doing these in my VM for fun.
But may I ask you which of the tests performs by various organizations represent the true real life situation (except the dynamic test by AVC). Actually a suite has more than an on-demand scanner to protect from malwares and on-demand scanner is only a part of that.
But truely if you ask if there any significance, I will say yes there is. In my country (India) there are several infected PCs that have been there for years only due to negligence of the user. My test may provide some light to the choice of AV to install in such PCs.

 

mks_vir, Wuzzup & Blink Personal tested. Wuzzup like Hitman Pro skips NE files and thats why its detection is poor in the second set like Hitman Pro. For Blink Personal, due to a bug I could not update the engine to the latest version, but databases are current for i

 

Does Blink still use the Norman engine?

Update: Just a note about Paretologic the have started cleaning up what they did wrong, in Hphost it is in the blacklist of misleading marketing.

 

I am not sure. But they scored fairly well compared to Norman. Was it a freeware for some time? I just read it here...
http://www.learnthisblog.co.cc/2009/03/free-blink-personal-edition-internet.html

Yes this is the first time I used Paretologic. I have to say I am impressed. The product is easy to use, scan is very fast and detection is very good, owing to Kaspersky signature.

 

Who`d have thought that 6 or 12 months ago

Looks like there runner up to Emsisoft

Nice work sg09 well done for putting the time and effort in

 

Hi, thank you...

But still some big vendors to come, Norton, McAfee, Coranti, G Data and Trustport....

 

G-Data i can see not doing too bad seeing it uses Bitdefender and Avast engines but the others i can`t see fairing to well. Maybe Norton will surprise with SONAR but i can`t see it getting >98%, allthough like McAfee with Artemis these are designed for newer threats

Never heard of Coranti (quite a few i`d not heard of), sounds a bit like a Korean car

 

New stuff may not be as big a threat as we are led to believe see here. Depending on exactly how old the malware is, it is likely more accurate than testing against zero-days. The fact remains that all of these vendors SHOULD have 100% detection/removal on old malware but according to this test they don't.

 

Great effort sg09!
Another sugestion: Spyware Terminator (with Clam Av active)

 

Thank you..

Very sorry . I just completed testing Spyware Terminator without clamAV. Actually I already tested clam engine twice, once in Immunet Free and then in Clam Cloud AV.
I will update the results soon...

 

Drive Sentry, Spyware Terminator (w/o Clam AV) and FSB Antivirus tested. Like Hitman Pro and Wuzzup, Drive Sentry also skipped many files in Set 2. It scanned only 1331 files among which it detected 1306. FSB Antivirus is a completely new product. It is still in beta. One of its developer tesk asked me to test the product. If you want to test the product mail to him ~thomas.sloth@fsb-antivirus.com~ . The product homepage is http://www.fsb-antivirus.com/ .

 

Hmm I read about FSB antivirus somewhere before...maybe it was at the remove malware forums anyway they did a nice job since they are already above Spyware Terminator

I am going to PM tesk now and see if they have a malware URL submission email