Interesting Emsisoft Tests

It's common knowledge that MBAM isn't meant to be used as a replacement for a dedicated AV/AS,it's strength is detecting malware that has bypassed this layer and is already installed/running on a system,not detecting inert samples.

 

Is that Wilders common knowledge? Can't find any word on the MBAM homepage that states that it is a complementary tool. If it is one, isn't it highly dangerous to not telling people that? People who think that it can replace their AV for $25 for lifetime..

 

I also think it's overrated, that's just my opinion I remember this test, the results are very similar to the emsisoft test!

 

http://www.malwarebytes.org/forums/lofiversion/index.php/t8068.html
Please read the post by Nosirrah there.

 

Strange how this overrated product is used by so many within the industry,including Symantec and Cyberdefender tech support.

 

I'll just add that working on non-Wilders pc setups MBAM has helped me more than any regular av in wresting back control from some rogue infection and in fact getting the resident av enabled again.

Real world = real deal.

When it comes to rogues MBAM kicks butt!

Quote MBAM author:

 

But that is where the rub comes in, not only with this test but with other like tests where an "overall rating" was given to the public to chew on with very little testing methology given.

1) Was each program tested with what I'll call default settings ?
2) What was the actual numbers when it comes to files tested...."Trojans/Backdoors, Worms and Bots" <snip> "other types of Malware such as Viruses, Spyware, Adware, Rootkits, Keyloggers, Dialers, etc."

Just one small example....anti-malware program AAA does not by default installation detect remote access tools, password-cracking applications, and keyloggers. The test then would paint program AAA as something less than adequate in the eyes of users if default\out of the box was used.

Bottom line, tests such as this with inadequate testing explanation is subject to the negative criticism it generates and does not serve the security community. It's simply a sales pitch.

Bubba

 

Thanks for the explanation. It was even new to me, as I didn't spend much time with MBAM so far.

Why the .... isn't that stated in big capitalized letters on their main page? It's confusing users. But.. from a marketing point of view it's a great strategy of them, not telling the most important fact!

 

Malwarebytes, say even if it has two per cent overall detection, it seems to get those problems files that are running when a user is using a leading AV.

Even if it's just one or two files - those few files are being downloaded by users everywhere (msn etc) but a lot of the time, are not picked up by the leading programs. So it has its place.

So I agree with andyman, it's an add on tool.

But Christian has pointed out a very valid point, MBAM might not be advertising/marketing their product as well as they could.

 

To me, smaller companies have to work harder to win over consumers. Somewhat of a sales pitch I agree, but I still maintain, emsisoft has a valuable product.

So I wouldn't say its false claims by any means, just promotion. It's what smaller companies do.

But there aren't too many tests floating around, so rather than react negatively, I just add this test to the rest of tests which help form some of my own opinion.

 

1) Yes we used default settings. That's the only way to represent real world usage.

2) Didn't count the malware names for category. We simply used all malware samples that we've got during the first 15 days of April, except those who were submitted by virustotal and jotti. There is no special focus on any specific category, it's real life malware. But if you want I can provide a scan log of a-squared that shows all names.

 

That's a fair point,it should be made crystal clear the intended useage to avoid misunderstandings.

 

Without going off-topic, if a company feels they are doing well against new threats, whether that be Dr.Web, Prevx, Avira, MBAM, I don't see any harm in publishing results.

End of the day, many of the products we all use here don't have the same luxury of being pre-installed on users machines like others, on company and government systems, and earning the mega bucks.

 

Special thanks to T3.

 

So a-squared Anti-Malware is AV/AS/BB and Malwarebytes Anti-Malware is just a pure AS?

 

From my understanding, yes.

 

So maybe it should be better called Malwarebytes Anti-Spyware or Malwarebytes Anti-Rogueware, I also thought that Malwarebytes Anti-Malware is a full package like A² Anti-Malware

 

I think rogue software is definitely its specialty. And its thorough removal of rogue threats. I do think MBAM's website should show screenshots, list the types of rogue programs it finds, overall, should promote its product more than it currently does.

 

Agree 100%

 

That's what it was intended to be - marketing.

The page doesn't claim that it is an objective or independent 'test'. But of course, it might be interesting for some of us here.

 

I wouldn't classify it as a standard AS,the developers say it targets a wide range of malware (rogues etc) that bypass traditional security products.Therefore I suppose a targetted AM tool would be a fair description.It contains 81410 'fingerprints' used for detection,this relatively small database implies to me it picks up malware traces by a forensic type analysis,not limited to just standard Spyware traces.

Quote by Nosirrah.

"The reasons are many but the critical ones are the "rules" AV software is bound by . AV software is forced to detect malware by examining file contents alone and while this usually works there is a lot of malware that rotates their obfuscation tricks so often that the AVs simply cant keep up . AV software also often does not work to undo system damage left behind by malware , an area that MBAM is very good in . MBAM does look at file contents but that is only one of many ways we can detect a file and this is why we can hit a lot of malware that the AVs miss . Lets say we detect an infection by 6 points of contact . If 5 of those were to change we would still detect that infection completely . If any of those 5 were file contents AV software would fail to detect the changed malware . MBAM also has many family specific checks it does to heuristically detect common but poorly detected malware that AV software cant even come close to matching ."

 

Of course it was.

 

Just a company test. No more no less.

Come on fellas, last I checked, marketing isn't an offence. Otherwise they'd shut down the net, tv and radio.

Yeah it has some false positives, but their programs are solid. Their free programs alone, hijackfree and a-squared free, are awesome tools. I could remove most malware with just the free tool hijackfree. Try it and you'll most likely agree.

Some people are paying big money for security, while this company is giving this stuff for free. I can't complain. Happy free and paid customer here.

Lastly, the point of this test to me is, a-squared free version, which is free for anyone, can remove a lot of threats. Probably more than programs people are paying for.

 

also, wouldnt the settings for each product play into its ability.

 

I just can't believe that Sophos got only 33.2% detection rate.