Which is the best AT program?

Why would you want to see a 16-32 sample test, you can't use it for anything, it (unfortunately) says nothing about the products anti-trojan capabilities.

I couldn't care less if this exact test was posted here by you for example, because then it would just be the basis of a good laugh or as you say "humorous reading with procedures and results full of holes", but thats precisely it, who ever made this, made it on a website called "Anti-trojan-software-reviews" and with no room for discussion or possibility of informing other readers that it is indeed not something you can base a purchase on.

There is a big difference between posting a 16 sample test here and doing it via a seemingly (to the untrained eye) professional review website.

Tazdevl sums it up quite nicely:

 

I fully agree with tazdevl.
A2 only detects 95276 trojans, so a test with 16 trojans is less than worthless. Isn't that logical ?
The larger the test bed, the more reliable the test will be to evaluate different AT scanners.

Such tests are indeed very misleading for less-knowledgeable users, because they only see the AT on top, without further thinking and they would buy the wrong AT, based on that ridiculous test.

I wouldn't even dare to publish such a poor test on the internet and if the author would feel some responsibility, he would have removed the test from the internet a long time ago.

 

Best for me, that would be........

BoClean

 

Taz...come on, a big salad? How about a large anchovi pizza, with all the works? Then, top it off with a few nachos with chili cheese sauce and wash it down with a few brewskies. THEN I'd be real interested in hearing the results about your "crap" tomorrow

Seriously though, I think that some people are missing my main point. My point is simply not to CRITICIZE someone for conducting a test. Question the methods, samples used, effectiveness of the results? Absolutely. But rip a man because he conducts a test that doesn't measure up to the standards (or results) that they would like to see? Just seems inappropriate.....

I do understand what you and others are saying about the results possibly being "misleading" because of the size and number of samples used, though. So then, what would be acceptable? A thousand samples? That's still only a fraction, since like you say, most AT products have "tens of thousands" of signatures or variants of. And since, because he isn't a "professional" in the AT field, who is qualified? Kevin from BOClean? Andreas from A-Squared? Peter from ewido? Magnus from TrojanHunter? I think those results would be questionable as well due to potential bias.

No, I would think that an independent test, using a large enough sample base should be sufficient for most. But as I have been saying......who is conducting such a test? NOONE. So rather than criticize and deter others from conducting such a test because their results may not be appreciated, how about encouraging someone to do such a test? And if those criticizing the results are not qualified to conduct such a test, then simply find and encourage someone who is. That way, if a product like BOClean doesn't perform as expected or hoped, they'll need another reason besides sample size or the tester's qualifcations to criticize the results......

 

Clearly Ewido - does the same as Boclean + more! This ewido software has also a very easy user interface but also more and better features.

 

That's won't happen. It's takes a special kind of bravery not to mention stupidity, to do such tests. You can talk about qualified people, testing methodology until the cows come home, but any test will be ripped apart by the people who don't like the results. Is there any antivirus test here that doesn't get attacked? Even by the 'professionals'?

Most people here are smarter than that to stick their heads out like this. What is there to gain really? I do my own tests and get my own information out of my efforts.

But I don't see any need to publish it far and wide to the ungrateful people who will no doubt bash it if they don't like the results regardless of how carefully planned the methodology is, or how 'qualified' I am.

Don't get me wrong, it's not that I don't want to share my results, but the climate here is such that there is really very little gain in doing so.

 

Features which bogg down a system.

For me, BoClean is like everyone stated "set it and forget it"

No computer slow down for me at all.

Ewido real time scanner bogged my CPU down. I also don't like the interface and believe it finds a lot of false positives.

 

Neither Ewido or BOClean is slowing my pc, in fact just for kicks, i sometimes run both i real-time and there is no slowdowns seen around here with both.

As for falsepositives, i have had two with both and they were quickly fixed by both, the only difference was that i got a personal mail from Kevin each time (and an apology). Judging from 3-4 years of using BOClean and 8 months of Ewido, i have to say they are both truely "Set & forget" and to me they are the "Topdogs" ATM, this is a personal view of course.

I also think that anyone looking for an AT, a part from those two should take a look at A2 & Trojan Hunter and make a choice based on those four.

 

Come on people, this is getting out of hand...

While 16 samples may not seem a lot, The 2004 Trojan Test Set page which details how they were obtained, makes the following points:

• They were taken from files circulating on P2P networks - i.e. ITW malware rather than zoo samples;
• Norton AV 2004 was used to "weed out" the common ones;
• Duplicates (and presumably variants) were removed.

So while a small sample, it does consist of what AT scanners need to be picking up (there's little point having a 200,000 signature AT if most simply duplicate what many AVs have) so this is more of a "value added" test.

Those who have been most dismissive of this review appear to underestimate the amount of work needed for such tests. To test a memory scanner, you have to run the malware which means risking infection. To counter this, the tester needs to image their system and restore it after each test for every combination of malware and scanner - that anti-trojan review had 128. Reviewing file scanner performance (which is what almost all anti-virus tests involve) is far less work in comparison so testing with very large samples is far more practicable.

So yes, this review is dated, is only a snapshot and is conducted by an inkjet salesman (as if that was of any significance). However the conclusions drawn there have had more research and work behind them than virtually any posters' recommendation on this forum and they deserve better respect for that alone.

 

Thank you, Paranoid....for explaining in more detail and a bit more eloquently the point that I was trying to make

 

I stick to my opinion and I put my feelings aside when I evaluate tests and softwares.
Much work, having respect has nothing to do with evaluating tests and softwares.
I wouldn't even waste my time on a test with 16 trojans and IF I would to it, I would keep those tests for myself and share these tests with people in the same business and certainly not with less-knowledgeable users.

Besides that, I consider AV/AS/AT/AK/... scanners as a very bad solution with alot of other problems.
I would never collect malwares in definition databases, because they come from a very unreliable, inexhaustible, unexpected, unpredictable and above all uncontrollable source : the countless bad guys in the world.
You even have to search for these malwares in order to find them, which makes it even worse.
Any security software that is based on what the bad guys do, is doomed to fail from the start.
That's not the right strategy to fight against the bad guys, collecting their stuff, following their tracks.
You can't keep running after the thief, you have to catch him and beat him on every level.

I'm not a security expert of course, but my way of solving malware would be based on what the good guys do, because that source is very reliable, well-known and above all controllable.
When you have problems you have to look at problems from different angles in order to find different solutions.
If the problems are too difficult, you have to split them in smaller problems and smaller problems are easier to solve.
I'm doing this all the time at my job and I always keep the less-knowledgeable user in mind when I create my applications.

AV/AS/AT/AK/... scanners is just ONE solution and in this case a very bad solution, you just have to find other solutions and of course it isn't always easy. If everything was easy we wouldn't need knowledgeabe people.

 

If you say so...don't need the "+ more"...I'll stick with BoClean. It is the best for me.

 

Scanning is actually the best current solution there is, for a number of reasons. I might be inclined to agree with you if home users always used a limited account except when installing new, trusted software; if they always kept up-to-date with patches; if they never ran untrusted programs and if they never browsed "questionable" sites. Unfortunately this is not what is happening and many users are doing all of these things.

Samples are actually not just what the bad guys provide to the developes. If a new piece of malware is spreading quickly it will end up on many machines and hence have a high probability of being submitted to vendors.

Proactive protection has its place, but it just isn't a solution that works at the moment. Too many users quickly grow tired of "Allow this program to run?" queries and just answer Yes to everything. Including the piece of malware that just injected itself into svchost.exe and wants to access the net.

 

Same here. I have two top AV's that are excellent at detecting trojans. Certainly don't need an AT with a file scanner as well. BOClean will do fine thanks.

M.

 

I thought the same thing until I ran Ewido's scanner for the first time and it found 78 problems.

 

Were you using another AT with real time protection enabled? If so which one? 78 problems what type? Maybe cookies?