Check this out....Antivirus Malware-Test Lab Dec 11, 2006

Discussion in 'other anti-virus software' started by trjam, Dec 11, 2006.

Thread Status:
Not open for further replies.
  1. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Posted by Malware test lab.

    Antivirus Detection Rate (Dec 11, 2006):

    ‧Fortinet FortiClient Host Security 3.0: 94.33%
    ‧GRISOFT AVG Internet Security 7.5: 92.75%
    ‧Dr.Web Antivirus 4.33: 87.44%
    ‧AVIRA AntiVir ProfessionalEdition 7.0: 87.01%
    ‧Kaspersky Internet Security 6.0: 83.45%
    ‧Rising Antivirus 2006: 82.40%
    ‧ALWIL avast Professional 4.7: 79.16%
    ‧MicroWorld eScan Internet Security 8.0: 76.31%
    ‧McAfee Internet Security 2007: 71.55%
    ‧Symantec Internet Security 2007: 69.96%
    ‧F-Secure Internet Security 2007: 57.89%
    ‧CA Internet Security 2007: 55.74%
    ‧AhnLab V3 Internet Security 2007: 53.78%
    ‧Trend Micro Internet Security 2007: 53.71%
    ‧ESET NOD32 2.5: 49.51%
    ‧Kingsoft Internet Security 2007: 47.21%
     
  2. Netherlands

    Netherlands Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    159
    Re: Check this out.....

    First off all give us the source.

    I don't trust this test. AVG above kaspersky :eek: F-secure that is using same signatures as kaspersky scores 25,56% lower, Eset almost at the bottum :blink:

    There must be something wrong here o_O

    Ok found it:

    http://www.malware-test.com/antivirus.html
     
  3. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
  4. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    Re: Check this out.....

    not only AVG is doing good, but Dr. Web too.

    NOD32 did poor but at least KAV made the top five.
     
  5. EsoxLucius

    EsoxLucius Registered Member

    Joined:
    Oct 27, 2006
    Posts:
    125
    Location:
    Bucharest, Romania
    Re: Check this out.....

    It's very interesting how some software didn't manage to enter the tests:
    The reason that some software haven't manage to complete this test seem a little exaggerated. But good job for the av softwares on the top 5.

    Ohhh... and BitDefender IS hasn't reached the 2007th version, it's only at the 10th :p
     
  6. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Re: Check this out.....

    Seriously, NOD32 is either 95,6% or 45%, DrWeb 58-87, AVG the same, Avast!....

    :D
     
  7. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Re: Check this out.....

    Do you really think that these tests are trustworthy?
     
  8. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Re: Check this out....Malware-Test Lab Dec 11, 2006

    As it is with their Antispyware Comparison Report....it helps to read their pdf report to understand or grasp their method used. Asking my AV to be robust at adware or spyware is not an item of concern to me.

    http://www.malware-test.com/attachment/sha1_for_antivirus_testing_200612.zip.

     
  9. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Re: Check this out.....

    Despite of the detection rankings, I'll believe that those detection rates are far closer that I have met, when some nasties occured to my sight. :p Maybe I just met those odd nasty ones! :rolleyes:

    Best regards,
    Firefighter!
     
  10. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    Re: Check this out....Malware-Test Lab Dec 11, 2006

    note that the AV's were probably tested using the trial versions, so some AV may had some features disabled (like scanning in archives) while other not (=different settings).
     
  11. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    Re: Check this out....Malware-Test Lab Dec 11, 2006

    interesting test :)

    yayyy for my avg and dr.web *hehe* :eek:
     
  12. Londonbeat

    Londonbeat Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    350
    Re: Check this out....Malware-Test Lab Dec 11, 2006

    Bizarre results.... :ninja:
     
  13. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Re: Check this out....Malware-Test Lab Dec 11, 2006

    AVG Anti-Spyware module (former Ewido) in the suite is quite good in detecting other than common av stuff nasties, maybe so AVG suite scored so well. :doubt:

    Best regards,
    Firefighter!
     
  14. FRug

    FRug Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    309
    Re: Check this out....Malware-Test Lab Dec 11, 2006

    Looking at the sparse info about the test I want to point out a few things:

    1) The tested files come from a honeynet system. This means that unless they have done very thorough checks on the collected malware, it is likely to contain thosands of corrupted samples. This will cause issues for AVs that massively use generic detection, checksum based detection, unpacking and so on. On the other hand, some AVs may benefit from their sloppy approach (fortinet is pretty likely to flag any corrupted UPX file)

    2) The testset does not contain files with their original filename, instead they have been renamed by the honeynet to extensionless "honeynet_number" file names. This will cause issues with many AVs if you are scanning with their default settings, which usually are extension based.

    3) There is not mentioning of configuration settings, it is however likely that they have used default settings for all applications, which would explain some of the bad results. This would mean extreme detection losses especially for NOD32(no advanced heuristics iirc) and Avira(deactivated heuristics, deactivated modified/strange crypter detection/deactivated SPR category). Also it's not mentioned whether KAV has been using extended or standard databases.

    4) The various virus databases have different dates (see screenshots)

    5) They have used free/trial versions which may not include support for certain detection categories (i.E. ADSPY and AntiVir Classic)


    Now you may decide yourself whether there is any value in this test. IMHO there is none.
     
  15. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Re: Check this out....Malware-Test Lab Dec 11, 2006

    I agree.
    What's in the testbed would explain the results.
     
  16. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    Re: Check this out....Malware-Test Lab Dec 11, 2006

    deleted
     
    Last edited: Dec 11, 2006
  17. FRug

    FRug Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    309
    Re: Check this out....Malware-Test Lab Dec 11, 2006

    C.S.J:
    You are wrong, because his does not reflect their detection rate in real situations. Many AVs by default use extension based scanning, because files without executable extensions cannot be executed, and as such pose no harm to the user. A testbed without extensions is generally frowned upon, ask IBK, Stefan Kurtzhals or The Inspector if you want to. All respected AV tests including IBK, AV-Test.org, Virus Bulletin, West Coast Labs, ICSA Labs use original file extensions for that very reason.

    And corrupted malware is corrupted, it cannot be run, and depending on the sample and the AVs detections method it CANNOT be detected (or will be detected by sheer luck depending on where they made a signature). Imagine for example a file with only a remaining UPX packed pe header, fortinet will flag it, becaus it's obviously not a normal UPX file. Most of the other AVs won't make a sound, because simply put, there is nothing malicious in a completely corrupted file. Corrupted samples are the death of a good testbed, ask IBK how much effort he has put in weeding out corrupted samples, i am certain he will agree. An AV is there to detect threats to a users system, not to detect his aborted browser downloads because the file has only arrived 30%...
     
  18. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    Re: Check this out....Malware-Test Lab Dec 11, 2006

    deleted
     
    Last edited: Dec 11, 2006
  19. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    Re: Check this out....Malware-Test Lab Dec 11, 2006

    they may not do that, but they can not do anything against detecting malware even if it is corrupted.
     
  20. FRug

    FRug Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    309
    Re: Check this out....Malware-Test Lab Dec 11, 2006

    Not intentionally, noone does that intentionally.
    Well to drive my point home even for you:
    Malware evil_malware.exe is 2MB in size
    AV A creates a signature at offset 990KB
    AV B creates signature at offset 1100KB
    AV C doesn't add a signature at all
    AV D adds a signature for the unpacked UPX because they can unpack very well, and to detect possible future variants.

    Honeynet downloads 1MB of the file, then the connection/download is interrupted/aborted.

    AV A detects the file although it is corrupted and not a threat to the user.
    AV B doesn't detect the file anymore
    AV C notices there is a UPX header in the file, and the pe header is not matching the file physique -> flag as generic UPX modified evil malware
    AV D can't unpack the file because it is corrupted

    Neither AV A not AV B has added a corrupted sample, both have added a working sample, by sheer luck AV A still detects the file while AV B doesn't.
    AV C will not detect the real threat, but detects a corrupted, non-threatening sample. AV D will also not detect the corrupted file, but will protect against the real threat.

    Got the idea now?
     
  21. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    Re: Check this out....Malware-Test Lab Dec 11, 2006

    deleted
     
    Last edited: Dec 11, 2006
  22. FRug

    FRug Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    309
    Re: Check this out....Malware-Test Lab Dec 11, 2006

    No, the test sucks because of its testing methods, not because of the results.

    Just look at F-Secure results vs. KAV, they use the same engine, but not the same default settings. You have virtually the same AV here in both cases, yet very different results.

    You might want to ask someone at Dr.Web if you don't believe me, but they will certainly tell you the same issues as I did.
     
  23. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Re: Check this out....Malware-Test Lab Dec 11, 2006

    Yes, if entertainment is the critiria, if an objective result that reflect a realworld scenario is what you are looking for, then .....................:rolleyes:
    Yes, you do, you're just annoyed that someone like FRug, who unlike you actually have some knowledge about this is disputing the methods in this silly test.
    Thats true, but comparing the AV-Comparatives to this, is like saying Rosie O'Donnell is as hot as Angelina Jolie....................................somehow it just doesn't compute......:D
     
  24. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    Re: Check this out....Malware-Test Lab Dec 11, 2006

    deleted
     
    Last edited: Dec 11, 2006
  25. Londonbeat

    Londonbeat Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    350
    Re: Check this out....Malware-Test Lab Dec 11, 2006

    :thumb: :D
     
Loading...
Thread Status:
Not open for further replies.