PC Welt, test of trojan detection rate

Lodore, don't forget that by using Prevx you have a top class security program as an additional layer that will likely pick up anything that gets past your intial defence - AV. I have ran Prevx by itself recently by now run with KAV. I would not say this is 100% safe but I would trust this set up more than seperate AV, AS, AT and FW.

 

Ewido-73%
a2--47%

These must be the older versions as this test was Feb '06.
There is quite a gap between the programs in this test though.

 

thats it what I thought. i mean prevx is and outbound firewall which when paired with windows firewall is complete. and its alot that a firewall lol.

atm i use f-secure internet security 2006 but it slows me down alot. so i believe
separate apps are the way to go. kaspersky is the best av but its firewall isn't.


the best av and firewall combo I think is kav and outpost.
best av+Hips is kav+prevx1 and then ive got two hips.

 

Thanks. I recall that in the past Ewido has clearly been the winner. However, I am under the impression that a-squared has significantly improved. It remains to be seen however.

Ewido did better in this test than I remembered also. However, when we see AVs with 98 and 99% detection rates the 73% for a dedicated anti-trojan application (at least that is what Ewido was.) it seems pretty weak, and not worth buying for the AT capabilities. I think that it might be worth it for the other anti-spyware type applications.
In this test, http://www.castlecops.com/posts165650-0.html, the ATs did better than the dedicated AS applications. A-squared was a very good performer comparatively.

Best,
Jerry

 

No offense - but that's really a test performed by an amateur - with good intentions no doubt. Better leave reliable testing to the pro's like av-comparatives and Marx. In a way it's deceptive as well.

 

I would like to see AVC do such a test. However, I am not aware of a good similar test of AS applications.

While one might take exceptions with some of his work there, unless someone can come up with something other than he is an amateur I think he has some pretty good comparisons.
If you see some specific errors in his tests I would like to know. Evidently Nick at SuperAntiSpyware did not see them as so amateurish that he ignored them.

Not trying to flame your response, but I do notice that when things do not turn out well for some companies they always complain that the tests are not realistic. Not that you work for a company.

So if that is the case then I would like to see someone come up with a series of tests that most would agree were real world, and valid.
So far I have not seen such, and frankly do not expect to. Evidently it is very difficult to make such tests, and more difficult than a straight anti virus test such as IBK conducts. I say that since no one seems to agree on a methodology and the malware samples.

At this point in time we seem to have no real way to determine the effectiveness of anti-spyware applications, and the lines are blurred as to what is important enough to consider as serious malware. We only have the word of the various vendors as to why the various tests do not realistically test their programs.
Until then I do place some value on the test that nosirrah conducted, amateur or not.

When someone who is not associated with a company runs tests, all applications face the same conditions, and so it is as fair for one as another.

Best,
Jerry

 

Agreed upon.

Let's quote Nick at SAS on that thread over there:

To test the way the anti-spyware applications behave in real-world situations, the applications have to be tested against actual infections / actual infected machines without copying installers to random folders, or the desktop, etc. and without disabling startup entries, etc.

This hasn't been the case in the test in question - merely an example of many.

On the contrary - Nick made the effort to point to reasons disqualifeing the test method. I do applaud him for doing so.

Finally - coming from SAS blog:

Malware testing is certainly a daunting task and adequate documentation of methodology is the single most important element in validation of the results. When testing is performed by individuals one can accept and or excuse minor inadequacies. However, when the results are performed by alleged experts, in testing facilities which exist for testing purposes, they must be held to the highest standards.

..says it all - using mild wording.

Well, since I have no beef with any company, that counts me out

I'm pretty sure IBK can perform such tests...

A matter of definition really. Heavily paid former top notch black hats on the payrol from the spyware maffia, coming up with very sophisticated malware including rootkits is problem nowadays. Cromozon is for example...

All I can say is: see Nick's/SAS comments - why not contact him on the subject? I'm pretty sure he will be quite outspoken....

Let's wait and see wether or not IBK jumps in

 

Hi Panther,

Thanks for the reply.

I have a lifetime license, in fact 2, for SAS, and I think Nick is great in wanting to put out a fine product.
However, SAS has not shown well in any test that I have seen, and Nick always has the "not realworld" complaint. He may in fact be correct, but I have asked if there ever will be a real world test.

I have read his assesments of at least some of the tests. I continue to note that all the applications face the same hurdles in the various tests, and unfortunately neither SAS nor Spyware Terminator has shown up among the top programs. On the other hand Zero Spyware,a freebie, has shown pretty well. What do you think that nosirrah did that made it better than most of the others tested?

In fact none of the anti-spyware applications do very well in my opinion. I do not recall any that detect over 80%, and most are well below that mark. That does not inspire much confidence, but we just do the best we can.

In spite of it all, unless someone can tell me why the test by nosirrah are not as adequate as others, specifically, I will continue to place a reasonably high level of confidence in his tests. If they are poor then let Nick and others try to help and finally get a good test. I realize that may not be practicable considering nosirrah is not a full time tester, and Nick has a lot of other things to do also.

It seems to me that the best test would be to have a completely clean machine and one by one install the various programs on a clean machine, and attempt to infect the machine in the way malware does in the real world. I seem to recall that Nick has mentioned this.Then take infected machines and one by one attempt to find and remove the malware. I think the latter is the way most are conducted, but what I really want in my anti-malware applications is to keep the "stuff" off my computer.

I guess it is not possible to get many of the developers to agree on a methodology, and malware samples that would be realistic. So in the meantime no matter who conducts the tests they will continue to complain about the lack of real world tests, and excuse their poor performance.

I admit a long time of zero infections of any kind, so maybe they are doing better than the numbers indicate.

I would not base my evaluation on a single test, but when test after test by different testers show similar rankings, and performance then I consider that surely all are not totally incompetent.

Edit
I am not attempting to criticize anyone for the purpose of doing that, but would like to see competent test organizations do some work in the area of anti-malware other than the type of work IBK does. His is tops in my view, but I have seen some sour grapes at his results. I hope he can continue such good work, and I realize that at some point he may not be able to do so, seeing that he is getting no monetary support to conduct his tests.

I have not seen tests which permit users to determine the most reliable and competent anti-malware programs. There is a fairly wide range of rankings between the various tests.

In the meantime it is easier to be a critic than a doer.

Regards,
Jerry

 

in theory probably yes, in pratice no, not really , that's why I so far always refused to provide an exhaustice and reliable anti-Spyware test. But there are some plans to try to do something during next year, but I think it will be not an important test and have its limitations (which I will have to explain). dunno yet more. it will just be an attempt, i even dunno if i will keep it only for me or publish it (will depend about what i finally think of it).
P.S.: it will test only AV products and NOT anti-spyware products (most probably). we will see.

P.P.S.: iff i remember fine, the only organization that atm does imo make good anti-spyware testing (i mean by installing the spyware, seeing if it gets detected and fully removed etc., and this with various samples) is currently ICSALabs, but of course only with a limited number of samples (and note the definition of spyware they have and what they include in it[!]) and participants.

 

CA eTrust still has a very very poor results in such tests as always.

 

I wonder if those were the free or paid versions of antivir and avast tested. AVG did quite well, seeing as the free version is basically the same as the pay version thats pretty darn good for a free av.

 

I think there's no difference for avast!.

As fas as I know, for an on-demand scanner results, there's no difference between free avast! Home and paid avast! Pro, they use the same scanning engine ability, same signature database.

 

Yeah i was actually just looking at the avast website and it seems there is not much difference between the paid and free version so avast did very well for a freebie.

 

results are very much on expected lines,barring the fact that norton has done exceptionally well and even better than crowd favourite-kaspersky..

And as shown by ibk's test earlier mcafee has diss-appointed,but i will over look it as he said that mcafee are concentrating on quality rather than quantity of detections..

also i think AVG will do even better with the upcoming 7.5 version which will have ewido with it..

 

McAfee focusing on quality? Hm, last time I checked, they report alot of harmless Upack packed files as New Malware.n .aj or similar. Not to mention Sophos, which is really going over the top with their Mal/Packer "detection". It seems that some people think it is no longer necessary to even bother to limit the detection to really suspicious files.

 

do u mean when using the GUI or with the commandline scanner?

 

Most likely command line scanner....I don't think they'd want to alarm their home user base with such useless detections.

 

Obviously these kind of results are the wrong one. When the FREE av:s are actually in the TOP or very close to it, that is too much for some aliases in here, which may actually represent some av-vendors. By using these free av:s, you can save your money to other security solution's or even better, some things out of the PC:s at all. With that money you can release, you can buy USB memory cards, digital TV sticks, MP3 players etc. For me, I can get a free month first class dog food to my little Collie baby girl.

Best regards,
Firefighter!

 

http://www.eweek.com/article2/0,1759,2023127,00.asp?kc=EWRSS03129TX1K0000614

 

I think you should open another thread because this test isn't the same (Pc-welt) test.

 

It looks like it is the same (same size, same testing body, same results)

 

ooops, my fault sorry .

 

Please check a dictionary. The primary distinction between "amateur" & "professional" is that a "pro" does it for money. The two terms do not necessarily define the respective levels of proficiency.

The stem of "amateur" is the Latin "ama" -- "love." Thus, an amateur is one who does what s/he does BECAUSE s/he loves doing it.

Any assessment of a given test's validity should, I think, give consideration to the methods & database used, and not be based solely upon the presumed competency of the person doing the test.

I myself find the CC-posted test results instructive -- in the context of other test results I am aware of.

Even so (as things now stand) I am considering alternatives to my present AT/IDS (a-squared). I really really wish that AV-Comparatives would find a way to test BOClean (sigh).

 

Bellgamin,
[Please check a dictionary. The primary distinction between "amateur" & "professional" is that a "pro" does it for money. The two terms do not necessarily define the respective levels of proficiency.

The stem of "amateur" is the Latin "ama" -- "love." Thus, an amateur is one who does what s/he does BECAUSE s/he loves doing it.]

Very good point. There have been a few things during my lifetime that I just loved to do. They occupied a high priority, sometimes too high. Without sounding prideful, I knew and know more about those subjects than the vast majority of those who were considered pros. I just did not make money from them.

When it gets down to it, some of the most highly respected testers are not really pros in that they do not get paid.

Best,
Jerry