Anti-trojan tests - you can do your own dilgence :)

Discussion in 'other anti-trojan software' started by Wai_Wai, Oct 12, 2006.

Thread Status:
Not open for further replies.
  1. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Okay. I see there are several people who asks about the performance of anti-trojan tests, so you can do your own dilgence, instead of relying people's word-of-mouth.

    Here's what I found. The trojan tests are very limited, due to the low participation of AT vendors. Only on-demand tests are available:
    If you don't wish to read each report individually, you may jump to the summary section.
    1) AT comparative test from AV-comparatives
    http://www.av-comparatives.org/ ....snipped pdf portion of link....Bubba
    The author who performed the test has mentioned why anti-trojan test is so few. he author said "due to the low participation level of AT vendors, we don't know if we will carry this test next year".
    Guess why AT vendors don't like to compare their products? :cautious:

    Table of Performance Comparison:
    [​IMG]


    2) www.virus.gr
    This website tests a lot of AV/AT. The main page only list the overall detection rates of all malware. You need to read the detailed test results to find out the trojan detection rates of each product.

    Steps to get the report:
    a) go to http://www.virus.gr/english/fullxml/default.asp?id=82&mnu=82
    b) Scroll down to the bottom. Then click on: DETAILED TEST RESULTS
    c) You will get Excel files which classify the detection rates by different types of malware. Look particularly for trojan detection rates. Now look for the performances of your interested AV/AT by searching their names.


    3) Very informal test by an individual
    The poster simply asked AT users to report whether their AT caught anything, an indirect way to know whether your AT can do anything extra to catch what your AV misses.

    Has your real-time anti-trojan ever caught anything?
    https://www.wilderssecurity.com/showthread.php?t=93179


    4) Old trojan tests
    These tests are old, but don't discredit their values immediately.
    I found out most of their AT on-demand performances remains more or less the same, so these tests can give you a general picture about how your AT would probably perform in on-demand tests:
    http://www.claymania.com/tests-trojan.html

    PS: If you know any more trojan tests, please tell. Thank you!
     
    Last edited by a moderator: Oct 19, 2006
  2. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Summary
    If you have no time to read each report yourself, I have extracted/summarised the facts/info for you:
    - On-demand test results:
    -- The best AV can get about 90-99% trojan detection rates.
    -- The average AV are around 50-70%.
    -- No AT can come up with 50%. Most are less than 20%. Disappointing!! :(
    -- Ewido is the only exception which can manage to get over the 50% barrier, lying somewhere between 60%-80%.
    -- Note that the detection rate is for known trojans. How about if the trojan is not known or new? How about if the trojan is home-made or personalised? Who knows? But the result is probably much worse, like from 99% to 50% or lower.
    - Apart from the on-demand capability, you may wish to get an AT due to the following reasons:
    -- if you are infected, they are supposed to do better jobs to remove that trojan. Alternatively you can simply download specific removal tools to remove particular trojans. Simply google for {trojan name} removal tools.
    -- memory scan in AT is supposed to be better than AV. If AV somehow misses that trojan in on-demand scan + memory scan, AT may be able to detect it when it rns in momery. However it will appear only if AT has the signature of that trojan. Heuristics may help, but not much.
    -- However most AT users report that their AT simply remains silent while AV catches all of them before it can detect any.
    -- One observed a lot of the posts in the trojan and backdoors forum are from guests or new members that get hit with trojans that get through their AV.
    [Ref: https://www.wilderssecurity.com/showthread.php?t=93179 ]

    After all, feel free to (mis)interpret any information presented here. Do your own diligence before making your decision.
     
    Last edited: Oct 12, 2006
  3. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Other useful links or discussions:
    Alternatives to Anti-trojan programs (*must read :D*)
    https://www.wilderssecurity.com/showpost.php?p=855828&postcount=13

    Comparison of anti-trojan programs and intrusion protection systems when dealing with trojans
    https://www.wilderssecurity.com/showthread.php?t=94258

    Is a dedicated anti-trojan program really needed?
    https://www.wilderssecurity.com/showthread.php?t=150010

    Why bother using any anti-trojan program
    https://www.wilderssecurity.com/showthread.php?t=93044
     
  4. ^Ale

    ^Ale Registered Member

    Joined:
    Jul 6, 2004
    Posts:
    187
    Location:
    Italy
    From AV-Comparatives:

    Please link ONLY to our main site www.av-comparatives.org and not to the other subpages.It's forbidden to use/provide our test results/documents on other sites without our permission.

    ^Ale
     
  5. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Isn't virus.gr basically considered worthless when talking about virus testing since they use worthless testing methology and also don't even know how to get products to their maximum detection level :doubt: So I wouldn't really take those test into much consideration at all. (Hey look at that, my 666th post :eek: :ninja: )

    Alphalutra1
     
  6. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    How trojans look like ? Is it an object somewhere installed on my harddisk ? Has it a file extension ? I never saw one. :oops:
     
Thread Status:
Not open for further replies.