av-comparatives new results for sophos

Discussion in 'other anti-virus software' started by acr1965, Dec 25, 2007.

Thread Status:
Not open for further replies.
  1. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Looks like Sophos did much better this time around. Scroll to nearly the bottom of the page for Single Product Test: Sophos.

    http://www.av-comparatives.org/

    It appears that the test set was from August, just that Sophos was able to add definition updates and be retested. This sounds like the results are incredibly skewed because of that.

    Results-
    Windows Viruses- 97%
    Macro Viruses- 100%
    Script viruses/malware- 68%
    Worms- 96%
    Backdoors- 98%
    Trojans- 95%
    Other malware- 69%
    Other viruses/malware- 62%
    Total- 95%
     
  2. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    yes it looks like a good result, however.... is it a paranoid detector?

    maybe after this result, sophos will be included in future ondemand and even more so the proactive tests to see if it 'really has' improved.

    also, its english, so i would love to see sophos doing well. :D
     
  3. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I think so. Virustotal shows lots of packer-based detections from Sophos.
    I hope so. Fortinet will be excluded from the regular tests, so maybe Sophos might fill that place.
     
  4. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    well they have had 4 months to get the signatures for those files tested, right?
     
  5. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Right. Sophos has been making signatures since the test bed was frozen, so they have higher probabilities of detecting malware in that zoo.
     
  6. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,818
    Location:
    Innsbruck (Austria)
    right. you have to wait 2-3 months more to know how it scores on an actual test-set. thats why it states in the report several times the test-set date and there is no "award". the comment section was longer this time, as the detection rates were not the important factor in that report.
    the place left by fortinet will most probably be filled by panda. in 1 month i will probably know who will participate and who not.
     
  7. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I ran Sophos AntiVirus and I have the impression that it has more F/P's than most scanners. Is that possible, because I don't know anything about it ?
    I have a few f/p's on my system and ShadowProtect was one of them.
     
  8. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    IMO Yes, it does have more FPs than most other scanners. Like I've mentioned earlier before, "Mad Packer Detection" (TM)
     
  9. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    You should try Fortinet :D
     
  10. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    53 infections on a 'drweb clean' system with Fortinet.

    Pretty terrible, would this even be good at the gateway level?

    its a shame really.

    ------------
    is sophos just for businesses, i cant seem to find a price for a home user?
     
  11. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    With default settings? IIRC, you can enable a deeper scanning, but I could be wrong.
    Yes, kick every executable entering in your network.
     
  12. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    no, it was with max settings, 53 false positives with Fortinet on my drweb machine.

    im curious to see if sophos will create me any.
     
  13. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    What do they call their engine, "Insane Packer Detection"? :D
     
  14. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I just ran Dr. Web (trial). No threats found. No false positives either.
    That took 70+ minuts in total and at least 45 minuts to scan my system partition. Pffft.
     
  15. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    erm, yes.

    but at least you know its been thoroughly scanned.

    im giving sophos a scan to see how bad its paranoid detection is, if it doesnt find anything/much, its good enough.
     
  16. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Well I had enough for today. Tomorrow F-Secure. The trouble is that they make it you difficult to get a free download of the trial : your name, your email, your this and your that and then you get an email or a download site.
    It was alot easier in the past.
     
  17. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    just dowload the OEM version to test it, without inputing any details.

    http://www.f-secure.com/vista/oem
     
  18. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    i dont think it has 'paranoid detection'

    it detected just 1 false positive on my machine.

    this was:

    Mal/Basine-C

    C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
    C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe:pid:000001d0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SMSystemAnalyzer

    so, i wouldnt really label sophos as paranoid.

    i will re-test Fortinet on my current setup, and compare as i really would label that as paranoid.

    edit:

    fortinet found 24 false positives on my machine, compared to sophos's 1.

    -------------
    Scan started at 26 December 2007 20:12:09.
    C:\Program Files\Ashampoo\Ashampoo Burning Studio 6\Uninstall\BS6_Uninstall.EXE, virus found: Suspicious, action: <None>
    C:\Program Files\BitTorrent\uninst.exe, virus found: Suspicious, action: <None>
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\CoreFoundation.dll, virus found: Suspicious, action: <None>
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\DeviceLink.dll, virus found: Suspicious, action: <None>
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\libxml2.dll, virus found: Suspicious, action: <None>
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\MobileDevice.dll, virus found: Suspicious, action: <None>
    C:\Program Files\iolo\Common\Lib\INETMIB1.DLL, virus found: Suspicious, action: <None>
    C:\Program Files\iolo\Common\Lib\SNMPAPI.DLL, virus found: Suspicious, action: <None>
    C:\Program Files\QuickTime\QTOControl.dll, virus found: Suspicious, action: <None>
    C:\Program Files\QuickTime\QTSystem\QTJavaNative.dll, virus found: Suspicious, action: <None>
    C:\Program Files\QuickTime\QTSystem\QuickTime.qts, virus found: Suspicious, action: <None>
    C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\ko.lproj\QuickTimeAudioSupportLocalized.dll, virus found: Suspicious, action: <None>
    C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.qtx, virus found: Suspicious, action: <None>
    C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.qtx, virus found: Suspicious, action: <None>
    C:\Program Files\QuickTime\QTUIPanelControl.dll, virus found: Suspicious, action: <None>
    C:\Program Files\Shield\Drive image\cygwin1.dll, virus found: Suspicious, action: <None>
    C:\Program Files\The Bat!\TBMapi.dll, virus found: Suspicious, action: <None>
    C:\Program Files\The Bat!\thebat.exe, virus found: Suspicious, action: <None>
    C:\Program Files\WinRAR\WinRAR.exe, virus found: Suspicious, action: <None>
    C:\Program Files\Your Uninstaller 2008\autoupdater.exe, virus found: Suspicious, action: <None>
    C:\RollBackV81\program files\Shield\Drive image\cygwin1.dll, virus found: Suspicious, action: <None>
    C:\WINDOWS\ehome\CreateDisc\Filters\SonicMPEGAudio.dll, virus found: Suspicious, action: <None>
    C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmadmod.dll, virus found: Suspicious, action: <None>
    C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe, virus found: Suspicious, action: <None>
    Scan finished at 26 December 2007 20:27:35.
    Total files scanned 26546, infected 24. Total boot blocks scanned 3, infected 0.
    ------------
     
  19. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Hmm.....I kinda heard that Sophos would mark basically anything it cannot scan as malware under its paranoid detection. But dunno. :doubt:
     
  20. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    incorrect, it could not scan 5 files (probably password protected), these are shown as 'errors'

    only infection was System Mechanic 7 for my machine.

    fortinet on the same set of files (my machine :) ) gave me 24 infections this time, now... thats paranoid.

    sophos actually ran quite well, i wonder how well its been integrated into spysweeper, maybe time for another trial just for the sake of it? :)
     
  21. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    I think the Sophos engine in Webroot Spy Sweeper 5.5 is still an older Sophos engine which does not have nearly as good detection rates. Plus I believe the Sophos heuristics are disabled as well in Spy Sweeper's AV.
     
  22. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    well i tried it and it found 1 infection again, i suspect its the same one as Sophos v7.

    however, SS5.5 really does not tell you what is infected, which is terrible.
    i tried looking for a log of some kind, nothing.

    pretty poor that it doesnt tell you what is actually infected, it only tells you the viral name with an action of quarentine etc, id definatly recommend people go for sophos instead of spysweeper with antivirus.
     
  23. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    My system partition is indeed thoroughly scanned, but it took 45 minuts.
    My boot-to-restore does the same job in 2 minuts, including cleaning of registry, history, junk-files and the job of all other AV/AS/AT/AK/AR/... scanners.
    I can reboot 22 times in 44 minuts and each reboot = clean system partition.

    ShadowProtect restores a clean system partition in 10 minuts, I can do this 4 times in 40 minuts.
     
  24. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    but that is not an antivirus scan o_O

    my RollbackRX can restore to a clean system in just 47 seconds, nevermind the 10 minutes.
     
  25. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I ran already KAV, NOD32, BitDefender and a bunch of other scanners with the same results.
    I don't even understand why you are still running scanners in your system partition with RollbackRx on board.
     
Loading...
Thread Status:
Not open for further replies.