Freeware realtime AS protection- ST versus Ws Defender

Discussion in 'other anti-malware software' started by aigle, Oct 25, 2006.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Just tried to see how well is real time detection of freeware Spyware Terminator and Ws Defender. I ran exe files of soem malware and looked for AS if it warns about maleware instalation or not.
    The results are below.
    In general the results are poor.

    Yes- means that Sntispyware warned about installation of a software while running the exe installer file of spyware( except KillDisk virus- it was scanned in static state), it is irrespective of the fact that how many times AS warned and it warned about how many componenets of it being installed, so just a rough guess about real time detection.

    No -means no warning about spyware installation or warning was there but did not mention is as a spyware just as an unknown program
     

    Attached Files:

  2. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    After that I also did a complete scan of C drivve, memeory and registry with some scanners.
    Scanning of ST.
     

    Attached Files:

    • ST.jpg
      ST.jpg
      File size:
      111.2 KB
      Views:
      325
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Spyware missed by ST
     

    Attached Files:

    • ST2.jpg
      ST2.jpg
      File size:
      52.9 KB
      Views:
      0
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Ws Defender scanning results.
     

    Attached Files:

    • W.jpg
      W.jpg
      File size:
      57.3 KB
      Views:
      315
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Just for interest I scanned with AVG antispyware. I am sure it,s real time detection is much better that the above two as I have noted in the past.
     

    Attached Files:

    • E.jpg
      E.jpg
      File size:
      107.5 KB
      Views:
      318
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Results of scanning with SAS, seems maximum detection( not sure as I did not analyze in detail).
     

    Attached Files:

    • SAS@.jpg
      SAS@.jpg
      File size:
      111.1 KB
      Views:
      327
  7. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I did this play under cover of ShadowSurfer. After all this I rebooted and cleaned my system.

    One nice thing is taht Ewido and SAS both detect KillDisk virus in static scan.
    Ofcourse I did not took the risk to check it in real time.

    Thanks.
     
  8. InfinityAz

    InfinityAz Registered Member

    Joined:
    Jul 23, 2005
    Posts:
    828
    Location:
    Arizona
    Aigle,

    Looks good and thanks for the work. Could you post a summary that shows totals for all the apps you scanned with (e.g., caught & missed, etc.).

    TIA
     
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Also about EliteKeylogger, it is detected by static sacnning by AVG As and SAS as due to the presence of SS I did not reboot my system and Elite Keylogger was not fully installed, during reboot it removes all its visible enteries and can no longer be detected by SAS and AVF AS. It,s detection then remains a job of RootKit scanners.
     
  10. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    The tseting was only about crude real time detection of malware installation as I was curious abourt real time protection offered by ST and Ws Defender.
    The static scanning I did was just as an add on to it. And as I said I rebooted and all the settings are gone due to SS. Besides a detailes analysis need a lot of time and knowlegs and some more tools, all that I am lacking.
    Thanks/
     
  11. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    Was the HIPS feature turned on in Spyware Terminator?
     
  12. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    No. Obviously it was not. HIPS is not part of AS.
     
  13. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    But would HIPS have helped prevent some of what was detected?
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Why not. HIPS can stop the exe from running at all and u will get none of trash on ur system. Bur decision will be urs, not of the AS.
    Personally I never used its HIPS.
    If u want HIPS, go for SSM free. it,s light and very strong.
     
  15. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Aigle,

    Thanks for the real life test. Your findings are in line with the tests of www.malware-test.com The effectivity of anti-spyware programs is decreasing. Compare for instance the last results (best score +/- 35%) with the earlier test (feb this year)

    September test (top 5):

    ‧Sunbelt CounterSpy: 35.71%
    ‧Norton Internet Security: 33.33%
    ‧PC Tools Spyware Doctor: 31.75%
    ‧ZeroSpyware: 30.16%
    ‧McAfee antispyware: 28.57%

    Februari test:

    ‧Trend Micro Anti-Spyware: 78.96%
    ‧PC Tools Spyware Doctor: 70.79%
    ‧McAfee antispyware: 62.62%
    ‧Microsoft AntiSpyware: 53.71%
    ‧Lavasoft Ad-Aware: 52.72%
     
  16. Chubb

    Chubb Registered Member

    Joined:
    Aug 9, 2005
    Posts:
    1,967
    Thanks aigle for the effort to do the testing. :thumb: :thumb: :thumb:

    Good to hear that AVG (Ewido) and SUPERAntispyware are performing better than Defender :thumb: :D , which is what I have expected.

    It is a pitty that Defender will be installed by default by Vista. :'( :mad: :thumbd:
     
  17. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Thanks.
    The (so-called!) tests I did were with common malware. I am sure if I tried them with any good AS like SpySweeper, SAS etc, more or less 80% of them would have been detected in real time.
     
  18. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    nice job aigle (yet again) :thumb:

    avg (ewido) seems freaking awesome! nice results for SAS too.
     
  19. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Thanks.
     
  20. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Good job on a test with interesting results.:thumb:

    It looks like ST has ways to go.It's fairly new so that isn't something I wouldn't expect.

    SAS appears to be improving at a fast rate.Glad to see that.
    AVG AS is no surprise.;)
     
Loading...
Thread Status:
Not open for further replies.