Anti-malware.ru, treatment of active infections (July 2011)

Link to test: http://www.anti-malware.ru/malware_treatment_test_2011
Test performed 29. July.
Internet security products tested against active infections.
Malware used:

1. TDL (TDSS, Alureon, Tidserv)
2. Koutodoor
3. Win32/Glaze
4. Sinowal (Mebroot)
5. Rootkit.Protector (Cutwail, Pandex)
6. Worm.Rorpian
7. Rootkit.Podnuha (Boaxxe)
8. Virus.Protector (Kobcka, Neprodoor)
9. Rustock (Bubnix)
10. Email-Worm.Scano (Areses)
11. SST (DNSChanger, FakeAV)
12. SubSys (Trojan.Okuks)
13. Rootkit.Pakes (synsenddrv, BlackEnergy)
14. TDL2 (TDSS, Alureon, Tidserv)
15. TDL3 (TDSS, Alureon, Tidserv)
16. TDL4 (TDSS, Alureon, Tidserv) *
17. Xorpix (Eterok)

*TDL4 tested on 64bit Win 7 as well as on 32bit XP.

XLS file attached at the end of the report contains additional information about the samples used.

Google translate: http://translate.google.com/transla...w.anti-malware.ru/malware_treatment_test_2011

First three competitors:

1. Kaspersky Internet Security 2011 (100%)
2. Dr.Web Security Space 6.0 (94%)
3. Avast! Internet Security 6.0 (53%)

 

Hello

 

Something tells me the samples are heavily Russian regional based.

 

As the test is about treatment of infections, malware droppers were sent (anonymously) to vendors to make sure they actually know about them (you cannot cure what you don't know about, rendering the test useless).

 

Well done GData

 

kudos to Dr Web.

Ok, if rigged, take the top 2 out of the equation and look at how the others handled these so called Russian malware. It still tells a tale of where some are investing their ability. Even MSE did respectable considering how non-legit you claim this is. Kudos to Avast to.

 

Kaspersky is great!

 

The message is don't get infected, especially with rootkits.

Avast did well, because it uses GMER. Dr.Web did great as before. Kaspersky kinda surprised me. Everyone under bronze is somewhat unexpected.

 

Kaspersky is certainly on a roll this year. I'm going to have to put it back on again. Too bad I run something for about a week or 2 before I get bored and load something else.

 

based on just 17 samples

anyways, congrats kaspersky

 

What do you expect out of active infections?

 

That's nice. But detection of active infections is definitely not what I look for first in security software.

Still, Kudos to kaspersky.

 

well done dr. web

 

The test is not about detection, rather about treatment or cure which I think is really important if you are going to use it in an infected system. I know everyone might say that it is not wise to install an AV in an infected PC but this is what common users do.

 

Detection, removal, repair, whatever. It's a nice thing to have in an antivirus but I'd much prefer it be able to prevent infection.

 

I am sorry but I call *COUGH bullcrap COUGH*.

The owner of that review site works for Kaspersky Marketing

IlyaShabanov
Founder and Managing Partner at Anti-Malware Test Lab Russian Federation | Computer & Network Security Current: Founder and Managing Partner at Anti-Malware Test Lab Past: Head of Marketing Research at InfoWatch, Marketing Audit Manager at Kaspersky Lab, Senior Marketing Researcher at Kaspersky Lab


http://www.linkedin.com/pub/dir/Ilya/Shabanov






~Off topic comment removed~

 

Doesn't Kaspersky always get the first position in all tests made by Anti-malware.ru

 

Ah. And thats why the test is wrong? Weak argument.
And many other guys from russian security vendors are on anti-malware.ru too...shocking? Russian experts on a russian site...strange world

Do it for yourself and look for similar sample types...
I played a month ago with a few TDL Samples - in my amateurish test Kasperksy was able to clean, HitmanPro was, Dr. Web was...others I tested: not.

To say prevention is better than cleaning is ok. To have problems with cleaning at all, ok too.
But nevertheless: When it comes to cleaning this test has some value and is still interesting.

Wrong too. Some simple research on Anti-malware.ru website and you can answer your question.

 

Although I've known that Kaspersky and Dr. Web have effective cleaning capabilities, it's surprising to see such a gap between them and the other products. I guess it'd be much more even if there were more samples.

Doesn't seem so, looking at their performance test: http://www.anti-malware-test.com/?q=node/167

 

Thanks. I guess not then Though it was meant as a sarcastic comment.

 

I wonder why...
OR shouldn't I?

 

A test where Dr.Web gets 94% and Emsisoft gets 18% is not to be taken seriously.

 

Why? I miss the argument...

Emsisoft is great in detection in curing - there are better ones. (also EAM v6 beta makes some improvements here). Dr.Web was always known as good in curing...

 

Well those just 17 samples are common and also most dangerous ones out there