Malware-Test Lab: Antivirus Comparison Report (February 26, 2007)

IBK, how dare you to critize those experts!

Hey, while we are posting screenshots, please post some of the Avira option dialog (which options were enabled) - and one of the NOD32 options. I am sure the guys at ESET want to have a laugh too.

 

It is wrong, you need remove duplicate entries.

 

this should be done by the testers, remove duplicate files, (if they are 100% identical), test for corrupted files (i don't know what those 160.000 warnings are but i assume some are regaring file reading or unpacking errors)

 

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: F:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: I:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Skipped archive types............: BSD Mailbox, Netscape/Mozilla Mailbox, Eudora Mailbox, Squid cache, Pegasus Mailbox, MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: high
Different risk categories........: +GAME,+JOKE,+PCK,+SPR,

 

While waiting for those screenshots, sai7sai, how did you actually test if the samples were functional? I mean, beside the usual "ok, KAV detects it, let's put it into the collection" test.

 

The duplicate files have been removed, all sample fles have different SHA1 values. In here, I meant log file has duplicate entries.

 

All samples are scanned by multiple scanners, if they detect it (it is possible, it is a false positive), we put it into Virus Bank.

 

64 hours to scan Avira??

Over 2 1/2 days to complete a scan, you'll be scanning forever just to keep up with the most recent release of malware.

 

More than 10% difference for one engine, nice.
AOL got tested one week later than KAV. That explains the difference between those two.
By default AOL and KAV scan for AdWare, but not for RiskWare.

The most logical explanation for eScan's results is that it didn't scan for AdWare.

Including an error margin really doesn't make the lack of "fixed" bases any less professional, sorry.

Oh well, if a 15 year old kid which stumbles across some lame XSS can be called a security expert, you guys can be called antivirus/virus/testing experts.

Better luck next time.
Although luck shouldn't have anything to do with it of course.

 

That is why we spent much time to complete this testing. I guess the problem is File heuristic is set to High.

 

Hilarious! I needed a good laugh today.

 

I think the test publisher doesn't even know what scanning engines are being used by AV vendors

 

I aint got no problem with his results. (burp)

 

You must be joking. I´ve scanned 200,000 files (some really big archives/sfx/executables, so lots of unpacking) in a little more than an hour with a Duron 800 MHz.

 

So did anyone interact with the scanner when there was a popup?, or just when they noticed that the timer was running and the scanner was waiting for a reaction.

 

No, I think its the old, Eenie meanie minie moe, method.

 

Or someone produced the settings *after* the test was performed? But then, of course the scan can take 64 hours if someone manually handled the dialogs all the time.

 

I think this is very funny report，because Chinese Rising is very bad.In China，most people can hate it

 

Rising can not clean&Delete most viruses of variety,so Kaspersky is more popular than Rising in China

 

i still think i am correct in saying, they have worked out the detection rates purely on "scanned files minux infected files", which will show kaspersky and nod32 in bad light, thats for sure.

also stefen, i have to agree with "avira is slow scanning.........." extremlely slow, BUT.....when scanning infected malware, the test of the scan was 'obviously' checked on the scanning of 'X malware', and not on a mb scan of clean files, in my own testing ive noticed that avira is, by far... the slowest AV at scanning infected malware.

 

Well, IBK´s numbers are the opposite.
Antivir and NOD 32 are at the top of on-demand scanning speed.

 

Sorry Chris, I just finished testing it against Nod, Dr Web and it beat both, set to scan all files. Didnt include Kav, as I didnt want to wait all year.

 

lucas AND trjam,

you did not read my post properly,

avira is the slowest scanning of infected malware, IBK's scanning speed test is done on a more realistic clean pc or clean set of files, say... 100mb.

if you scan 100mb of clean files with avira, im sure it will be the fastest, but as i said, if you scan 100mb of infected files with avira, by far the slowest, this is why it says this in the test.

 

scanning speed is measured on clean files, not over malware collections.
edit: C.S.J. was faster in replying

 

i understand that IBK, im just stating why the test says avira is slow.....

the test was not done on clean files, therefore avira is the slowest.
-------
and im pretty sure they are working percentages out by scanned files (minus) infected and using that for the percentage, instead of getting the percentage from the files remaining in the test-set.

yayyy, i solved the mystery