Discussion in 'other anti-malware software' started by Page42, Jun 9, 2008.
When you see how well the top AVs do, you really wonder whether AS programs are worth the bother.
Agreed- With a quality AV installed about the only thing the dedicated malware scanners will find will be Cookies. I haven't found one worth the RAM it uses.
According to my calculations, after all phases of testing for detections were added together, the order of finish (on a percentage of total detections basis) is as follows:
1. MalwareBytes' Anti-Malware Free (MBAM) 31.8%
2. A-squared Free by Emsisoft (A2) 31.4%
3. SUPERAntispyware Free by SUPERAntispyware.com (SAS) 23.2%
4. Spyware Doctor Starter Edition by PC Tools (SD) 19.2%
5. Ad-Aware 2008 Free by Lavasoft (AAW) 17.4%
6. Windows Defender by Microsoft (WD) 9%
7. Spybot Search & Destroy by Safer Networking (SSD) 7%
Malware bytes was new to me.
Unfortunately, the problem with all of these tests is that they test on a given day, a given set of samples and not over the long haul - meaning what really matters is how a product does over a long period of time. Any product can be on "top" for a given day, and a given set of samples.
Are You Wasting Your Money Buying Antispyware Software?
Days of stand alone AS products are numbered for sure!
Actually, in my opinion, I think that is far from the truth - remember the phrase/saying "Jack of all trades, master of none" - there will always need to be specialists in the field (products) - no single product, suite, etc. will ever be able to get everything - suites and all in one products have trouble co-existing on the same system, thus there will need to be standalone products to be able to remove items that are not removed by the suites.
I had actually written a blog about this subject last year:
Ok, let us wait a year or two and we will see the truth.
You really think that the general (uneducated in malware prevention/removal) public will stop using/purchasing signature scanners in a year or two? The truth is they aren't going anywhere anytime soon.
Ofcourse people will continue buying and they will not be extinct but I guess they will be getting less n less revenue with time and that might be a good reason to collapse small vendors relying only upon a single consumer product.
In the above calculation, I used the percentage rate of detection for each separate test, added the percentages all together, then divided by the number of tests. For example, through 5 tests, A-squared Free by Emsisoft detected 13 of 20 (65%), 78 of 127 (61%), 1 of 11 (9%), 7 of 74 (9%) and 4 of 31 (13%) for a total average percentage of 31.4%. I think that this might be a skewed approach.
A better way of looking at the numbers is to simply add the total number of threats (263) and the total number of detections (103) and compile a success rate (39%).
This results in a test ranking as follows:
1. A-squared Free (39%)
2. Ad-Aware 2008 Free (32%)
3. MalwareBytes' Anti-Malware Free (29%)
4. SUPERAntispyware Free (16%)
5. Spyware Doctor Starter Edition (12%)
6. Spybot Search & Destroy (7%)
7. Windows Defender by Microsoft (5%)
(Exactly the same order Donna had them in listed until I started messing around with percentages. )
BTW DrWeb flags Malwarebytes as possible backdoor.
Unfortunately it is not allowed to post Virustotal results here, otherwise you would see only Dr.Web
1 outta 33 that is hyper paranoid fp generator, they still use oldschool string based detection, all unpacked,
unprotected and/or uncrypted anti-malware will go in their radar.
Again absolutely my opinion.
The vast majority of people in those logs that are asking for help and then being told to use MBAM or SAS to remove the malware , had and AV installed .
The defs I make for MBAM are intentionally targeted at what the AVs are not detecting well . MBAM has no intention of replacing any AV , only to fill in the gaps .
I think Nic will agree that between what the pure AVs miss and the fact that most all-in-one suites are bloated to hell and back there is plenty of room for a good , light standalone AS .
Off Topic, but this is duiscussed here.
Quite the contrary, what really matters is how a product does right now, the moment there is malware on a computer, and your software is asked to find it. Your product missed 221 out of 263 threats.
Well, I am simply going off my professional experience with our 8 million+ users, it matters that we stay on top of the threats on a continuous basis. We see the zero-day threats through our diagnostics and research center so we focus on what's actually on systems, not what a tester pulls up on a random test.
Remember, we see of 50,000 unique new computer diagnostics a day, and have a good pulse on what's on our users systems as far as infections, and those are our top priority.
We have heard it all before. The only pattern I have seen over "the long haul" is that SAS never does well in these tests and every time you or some other SAS fan comes up with some criticisms of the test. Clearly, no test can be perfect, but given this, how is it that "on a given day, a given set of samples " SAS performs so badly?
Dedicated AM scanners are not needed now as most of the major AVs do the job as they have better and greater resources at their disposal and better technology.
You talk of the "millions" of SAS users - but I think what you mean is "millions of downloads" The only thing that matters is how many paid users you have - as this defines your income and thetefore the resources you can afford to analyse threats and develop new technologies. Tha major AV developers are worth hundreds of millions and have huge numbers of staff, can afford the best developers - so their products are more likley to perform better.
I would like to see an AM test of all the major AM software against Kaspersky, F-Secure and Norton etc. My prediction would be that the AVs would be in the 95-99% detection rate and the AMs about 20-30%
It could even be the case that running a dedicated AM app with an AV will reduce security as the AM app could imped the AV detection....
There's only one test - and that's the reality test.
I can tell you, from my experience:
- SAS never detected a FP on any one of the systems I scanned, which I cannot say for any other anti-X product. On the contrary, they usually detect too many false positives, includes some really horrendous mistakes.
For example, A2 detected CDBurnerXP Pro as something malicious ... And they did not fix this for more than a year. Still haven't! I have sent them an email about this ...
Command-line scanners are also often flagged by various products. Not so with SAS.
- SAS has quite a great cleanup record. I do not spend much time cleaning people's systems these days, but on those occasions that I had to use without opting for format, it performed well. Better than quite a few others.
Testing in lab bad ... real experience good!
All these scanner tests have no value. The test environment is always as incomplete as it can be. They always give the wrong picture to average users, who often choose the one with the highest score. They are unfair towards developpers, because all scanners are different and that makes each scanner special. In fact these tests cause more problems, than anything else.
SUPERAntiSpyware performs well on real world infected systems with real infections - that's what I am basing my statements on
Really? Is that why major AV vendors recommend SUPERAntiSpyware and other dedicated anti-malware/spyware products to clean up what they can't? Better technology? You mean like all the other products with true, native Direct Disk Access to bypass rootkit infections and clean them - oh wait, hardly anyone in the industry has that - but we do.
Interesting how you think you know more about our business than we do. You are wrong in assuming what we mean. We mean MILLIONS of USERS Not DOWNLOADS.
You seem very concerned about our following. Our research, development and marketing teams all work very hard and we have earned the respect shown to us and our products. You certainly are entitled to your opinion.
You have absolutely no real data how much "major developers are worth, nor the size of their staff's or how their developers perform yet you reach the conclusion that "their products are more likely to perform better."
Often times having thousands of developers and huge resources actually slows down the process and in fact makes the company less agile to react against new infections and new technologies are slower to appear.
I've only been developing professional software for over 25 years, what do I know!
Well, considering every major computer vendor pre-bundles one of the "Major" products such as McAfee, Norton, Kaspersky, etc. on their systems and every major ISP provides the same, yet we continue to gaining tens of thousands of users per day shows that something must not be working or users would not be seeking out other solutions to cure their problems.
Do you have some technical data and facts to back up this statement?
Millions of users? How many paid users do you have? How many have paid the lifetime subscription and therefore wont be paying any more?
The fact is, it the above test, your product missed 221 out of 263 threats.
you say you are concerned about real world threats or zero day threats but I have seen no evidence that your or any other AM product is better at dealing with these than any AV - the only evidence I have seen is from tests, which shows yours and others perform badly.
You state that "you no real data how much "major developers are worth, nor the size of their staff's or how their developers perform" - not sure how you come to this conclusion - for instance, I know in the UK, Symantecs audited accounts showed they turned over more then £24 Million last year, have 800 employees in the UK - and in terms of how their developers perform - I would guesss very well since their detection of nasties is better than yours.
This discussion could go on for ages and will lead nowhere as I feel you have too much emotional investment in your product to see that you are in a shrinking market and your business model is flawed. I give you 24 months.
Realizing it's inevitable with subject matters such as this to have pros and cons, let's see if We can do it with a little more cooth. There's no need for all the personal bantering back and forth that was displayed in the posts now removed.
Separate names with a comma.