New MRG Test #20 Real Time Test

Hi,
The following is the brief of tests. The tests used 60 different malwares. The first column is name of av, second total blocked, third total missed:

Program Blocked Missed MRG Project#20
a-squared 60 0 Passed
Avast 58 2 Failed
AVG 59 1 Failed
AVIRA 60 0 Passed
BitDefender 53 7 Failed
Dr.Web 57 3 Failed
eScan 52 8 Failed
F-Prot 46 14 Failed
Ikarus 60 0 Passed
Kaspersky 60 0 Passed
Microsoft (BETA) 57 3 Failed
Nod32 58 2 Failed
Norman 50 10 Failed
Norton 58 2 Failed
Panda 60 0 Passed
Panda Cloud 60 0 Passed
Prevx 60 0 Passed
Spy Emergency 44 16 Failed
Twister 58 2 Failed
VIPRE 60 0 Passed
COMODO 60 0 Passed
F-Secure 60 0 Passed
G DATA 60 0 Passed
McAfee 59 1 Failed
Online Armor++ 60 0 Passed

Conclusion: Mixed Results.

Results page: http://malwareresearchgroup.com/?page_id=2

 

"Pass or fail " is a subjective notion,esp when it comes to such tests,and should be thrown around with discretion.

 

https://www.wilderssecurity.com/showthread.php?t=251113

There is a test discussed here, but is this the same one?

 

No, its a new one released today

 

Hey no offence, but I was jst saying what it could be conceived from this test

 

Virus names used seem to be Kaspersky labeling isn't it?

 

Ok fine, if you think if you think it looks like labeling, I have edited my post no more mention of any names.

 

On behalf of ESET I'd like to mention that:
1, all files we've found to be dected as "Trojan.Ransom.Win32.SMSer.in" by any of the AV vendor are already detected. Since different malware families were detected in this name and we don't have the hash of the missed files, it's impossible to tell when exactly detection was added. The point is all these malware families are currently detected by generic signatures and no single file was missed.

2, As for Trojan.Win32.Inject.ahhq, this one is intentionally undetected if we talk about the very same file. When executed, it simply does nothing malicious, just finds a specific window and ends. It may be a part of malware, but it's completely benign and thus not subject to detection.

 

Thanks for the update Marcos. Always impressed with Nod32.

 

It seems a bit odd to me to be directly comparing standalone AV products with integrated suites such as Online Armor ++ and CIS.For example BitDefender AV missed 7 samples,why not use their Internet Security product? Surely such a test should be like for like

 

Agree with you andyman. At the same time, although a small number of samples, it's interesting to see the difference between a small AV such as Twister, an up-and-coming VIPRE, compared to G-Data or so.

Overall, I'd say all of the programs discussed on this forum and used by members did well.

 

Need more informations?

Go to: hxxp://malwareresearchgroup.com/?page_id=4

"For all general information about Malware Research Group please contact:"
Info>at<MalwareResearchGroup.com
Link: hxxp://mrg.ssupdater.com/info@malwareresearchgroup.com

Cheers

 

No surprises here.

 

Haha another MRG test, here we go!

 

this thread will probly span another 10 pages.

 

Well done BitDefender Congratulations to Panda, great improvement

 

The gentlemen from MRG/SSUpdater preferred to remove the link from their site.

But it can still be found at the yahoo cache.



Cheers

 

sneaky...

 

Again you leave out Rising RAV, if you do decide to test it change the defaults which have a lot of good features disabled and enable them all and set it high protection to high. I use AVIRA PE but also RAV under RIS 2009 on systems that need extra protection where AVIRA PE doesn't feature email protection. But good to see the APE catch everything you had thrown at it though!

 

This does explain a lot about the strange methodology of this test. SSUpdater tests always included the likes of MBAM and SAS in an unrepresentative way too.

 

Twister only missed 2! It is looking VERY promising, to my *twisted* way of thinking.

However, my computer's main contraceptive continues to be Avira -- nonpareil!

 

As the results seem to be random, I don't think it depends on any defined methodology.

Cheers

 

The strange methodology I'm referring too is the comparing of standalone AVs alongside full security suites with included HIPS.

 

Very true.Dynamic testing is extremely time consuming though which is why most just tend to do on-demand scan tests upon a large number of static samples.

Until someone comes up with an effective way to test a large number of currently active malware in a real-world way at best all these tests are a small indication of a product's capabilities and a great way to start a heated Wilders debate.

 

Hi ssj100

Do you how long it will take to execute 60,000,000 samples one after the other? It could take weeks or probably months and there is a good possibility that the PC would crash even before you reach the 1,000th sample. Good Luck trying though.