Freeware realtime AS protection- ST versus Ws Defender

Just tried to see how well is real time detection of freeware Spyware Terminator and Ws Defender. I ran exe files of soem malware and looked for AS if it warns about maleware instalation or not.
The results are below.
In general the results are poor.

Yes- means that Sntispyware warned about installation of a software while running the exe installer file of spyware( except KillDisk virus- it was scanned in static state), it is irrespective of the fact that how many times AS warned and it warned about how many componenets of it being installed, so just a rough guess about real time detection.

No -means no warning about spyware installation or warning was there but did not mention is as a spyware just as an unknown program

 

After that I also did a complete scan of C drivve, memeory and registry with some scanners.
Scanning of ST.

 

Spyware missed by ST

 

Ws Defender scanning results.

 

Just for interest I scanned with AVG antispyware. I am sure it,s real time detection is much better that the above two as I have noted in the past.

 

Results of scanning with SAS, seems maximum detection( not sure as I did not analyze in detail).

 

I did this play under cover of ShadowSurfer. After all this I rebooted and cleaned my system.

One nice thing is taht Ewido and SAS both detect KillDisk virus in static scan.
Ofcourse I did not took the risk to check it in real time.

Thanks.

 

Aigle,

Looks good and thanks for the work. Could you post a summary that shows totals for all the apps you scanned with (e.g., caught & missed, etc.).

TIA

 

Also about EliteKeylogger, it is detected by static sacnning by AVG As and SAS as due to the presence of SS I did not reboot my system and Elite Keylogger was not fully installed, during reboot it removes all its visible enteries and can no longer be detected by SAS and AVF AS. It,s detection then remains a job of RootKit scanners.

 

The tseting was only about crude real time detection of malware installation as I was curious abourt real time protection offered by ST and Ws Defender.
The static scanning I did was just as an add on to it. And as I said I rebooted and all the settings are gone due to SS. Besides a detailes analysis need a lot of time and knowlegs and some more tools, all that I am lacking.
Thanks/

 

Was the HIPS feature turned on in Spyware Terminator?

 

No. Obviously it was not. HIPS is not part of AS.

 

But would HIPS have helped prevent some of what was detected?

 

Why not. HIPS can stop the exe from running at all and u will get none of trash on ur system. Bur decision will be urs, not of the AS.
Personally I never used its HIPS.
If u want HIPS, go for SSM free. it,s light and very strong.

 

Aigle,

Thanks for the real life test. Your findings are in line with the tests of www.malware-test.com The effectivity of anti-spyware programs is decreasing. Compare for instance the last results (best score +/- 35%) with the earlier test (feb this year)

September test (top 5):

‧Sunbelt CounterSpy: 35.71%
‧Norton Internet Security: 33.33%
‧PC Tools Spyware Doctor: 31.75%
‧ZeroSpyware: 30.16%
‧McAfee antispyware: 28.57%

Februari test:

‧Trend Micro Anti-Spyware: 78.96%
‧PC Tools Spyware Doctor: 70.79%
‧McAfee antispyware: 62.62%
‧Microsoft AntiSpyware: 53.71%
‧Lavasoft Ad-Aware: 52.72%

 

Thanks aigle for the effort to do the testing.

Good to hear that AVG (Ewido) and SUPERAntispyware are performing better than Defender , which is what I have expected.

It is a pitty that Defender will be installed by default by Vista.

 

Thanks.
The (so-called!) tests I did were with common malware. I am sure if I tried them with any good AS like SpySweeper, SAS etc, more or less 80% of them would have been detected in real time.

 

nice job aigle (yet again)

avg (ewido) seems freaking awesome! nice results for SAS too.

 

Thanks.

 

Good job on a test with interesting results.

It looks like ST has ways to go.It's fairly new so that isn't something I wouldn't expect.

SAS appears to be improving at a fast rate.Glad to see that.
AVG AS is no surprise.