Anti-virus tester

So it's clear now that the tester is creating files on the fly ...then why KAV 4.5 is
failing all 4 tests? I hope this test wasn't designed especially to discredit Kaspersky

- AgentX

 

I just installed and tested with avp 3.5 with latest updates as well, and failed all 4 tests. I am puzzled how did you manage to get the avp 3.5 worked.

 

hello people, nice to know that an Indian software is making currents if not waves. but if you ask me then i won't trust this software as the source not........ well lets put it this way i'm paranoid i only trust a few people. i'll choose VB or Westcoast or AV-TEST anytime before Damselsoft. the best way to test your AV is to download some viruses and test it yourself.

 

I couldn't believe that KAV was failing this test, so I installed KAV 5 and tested. It failed all four tests. Now in my mind, that completely discredits this test. Kaspersky's reputation speaks for itself and this testing utility, to me, now has a bad reputation. Even the worst AV out there should be able to detect an EICAR test file. It's just a standard test file that I think all AV's are required to know about. If KAV can detect the file downloaded at www.eicar.org but not the one generated by this tool, that makes me think that there is something else going on with this tool that isn't right.

I should mention I tested with latest updates and everything set to maximum protection.

 

That's the strangest kind of logic I've ever encountered. Shouldn't it be the other way around?

swatch

 

for the member poster (kloshar) who questioned what the point of my original post was on page 1:

my point is if you have no reason to trust or are not familiar with what a program or a link does do not click or execute.

very simple concept

se7engreen you make a good observation...

for those who want to get closer put what se7engreen wrote:

together with AgentX

I already posted what the author of the program says it does:

Description by publisher/author of anti-virus tester

who knows what else it is doing (maybe nothing)

not trying to denigrate but I am not surprised that not many above junior member have posted as having tried this anti-virus tester

click indiscriminately at your own risk (not paranoid, simply common sense

[

 

Yeah, I know what you mean, but when you put an unknown testing utility up against an established AV heavyweight like Kaspersky, I just don't see any other way to look at it.
It's really the EICAR test that makes me suspicious. I can't even download the raw eicar test file from the official eicar site without KAV going nuts, but somehow it misses it when this AV tester generates it. I don't know what this tool generates but it must be different than what www.eicar.org offers.

 

..then why is it, many others reported here their antivirus passed this?

swatch

 

I can't explain the logic behind the program or why some pass and some don't. All I can say is that because of the strange results of this test, I won't put any faith in it. This is based on certain things that I believe to be true:
1) ALL antivirus software on the market today should catch the EICAR test file.
2) If KAV can detect EICAR from it's true source but not when generated from this utility, then something must be different between the two.
3) There are a hundred different tests/testers/sites/certifications, whatever, that say Kaspersky AV has an incredible detection rate, among, if not the best. Just because it failed this questionable test doesn't mean that West Coast Labs should remove it's checkmark. (I know that no one implied this, I'm just showing how ridiculous these test results look to me)

I won't trust this test based on what I stated.

This would also raise a red flag with me.

I'm not trying to completely bash the software, I think a testing utility like that is a good idea, it would just need to provide accurate & consistent results.

 

Strange program that give unpredictable results:
Windows XP (NTFS) AV TREND PC-CILLIN 9.05 signature success at 4 tests (only 2 according
Windows 98 SE (FAT 32) AV NOD32 signature 1.747 failure at 4 tests
After the tests on Win98 nothing can be recover on the root of C: (with Norton undelete) and the file test.vbs cannot be recover from anywhere on the disc.
I retrieve the files from PC-Cillin quarantine on XP machine and put them on a floppy. NOD32 (AMON) detects all 4.

Detection with Trend
Simple: VBS_GENERIC.009
Enhanced:VBS_LOVELETTER.A
Crypted: VBS_VBSWG.GEN

Detection with NOD
Probably unknown script virus
Probably modified worm LOVELETTER.A
Probably unknown script virus

 

Well I just ran the test and etrust passed 3 out of the 4. Didnt pass the simple worm which they described as email viruses.

 

NOD32 failed all 4

 

This test is useless.
Stop bothering with it.

My DrWeb found them all but I've tried
KAV 4.5 (and NOD) in the past and tested them with real viruses
and I don't believe that they can't find viruses DrWeb finds,
especially KAV.

I just use DrWeb instead of KAV because is light and doesn't
have conflicts with anything in my PC.

 

OK, thanks for all posts! I will send this test to Kaspersky labs so they will see what is wrong with their product or with tester.

Regards!

 

AVG failed the tests, except when I used the hacked .exe that leaves the virus/worms on the disk, then AVG detects all 4 when I go to the root directory its stored in.

 

OK, here is Kaspersky's answer:

Dear kloshar.

This is legal soft Anitivirus Tester 3.0
We know about it and think that there is not any virus in this soft.

Sincerely yours,
Elsa Bikulova
Technical Support
Kaspersky Labs
E-mail: support@kaspersky.com
Internet: http://www.kaspersky.com, http://www.viruslist.com

 

My KAV 5 flags the files, however - it just doesn't delete or quarantine them.

 

NOD detect the .exe file as NewHeur_PE Virus using AH.

 

I think its simple really..

F-Secure is finding it because of its backup engines and their heuristics - which I don't think anyone disputes as being very strong. KAV is only one aspect of the F-Secure system obviously, and their other engines work.

NOD32 is failing because it has issues with its AMON - specifically no or almost no heuristics.

DrWeb is finding them, because its known to have good heuristics.

So there you have it really.. Since nothing is really written to the HD with this program, thats probably why all those on-access HD scanner toys are picking them up once you hack the program.

Maybe i'm wrong, but dang, it seems a bit obvious here.

 

NOD passed them all.