Malwaretestlab 9 Killdisk Virus vs 25 Security Software

Discussion in 'other anti-malware software' started by guest, May 27, 2009.

Thread Status:
Not open for further replies.
  1. guest

    guest Guest

    http://malwaretestlab.com/

    Test Result; Malwaretestlab 9 Killdisk Virus vs 25 Security Software
     
    Last edited by a moderator: May 31, 2009
  2. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    Wish they tested KIS as well. The HIPS is actually quiet strong.
     
  3. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    Thanks for posting that. I am happy to see GeSWall Pro pass all tests. I'm surprised to see Mamutu did not do well. :)

    In the Virus Total scans, Prevx missed 3 of 8. :(
     
    Last edited: May 27, 2009
  4. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    I'm just curioius- what's the conditions to put the award to my website...
     
  5. bman412

    bman412 Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    261
    Typo with Theratfire results?
     
  6. guest

    guest Guest

    yes, thanks. corrected
     
  7. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    nice ! SB pass them all , nice nice!
    u can see Mamutu 1.7.0.28 is total crap like i said and also many ppl here before hehe, now u can see it in your own eye not just on mustec site , it fails all tests lamo
     
  8. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    Now there's a mature approach. Not. :thumbd:
     
  9. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    Let's not forget a-squared -- detected all 9! :thumb:
     
  10. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Actually ... Ikarus detected all 9. ;)

    Well, what bad luck that they have tested with out of the box settings this time. haha. :ouch:
    The same applies to Outpost (and KIS) somehow.
    One mode for the money and one for the show. :p

    Cheers
     
  11. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    Yes...and if the tests involved spyware - A2 would have detected all that too! :D

    Ikarus - the little engine that could.
     
  12. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    Nice test. :)

    Just wondering, does Mamutu at paranoid mode make any difference? ThreatFire nailed them all! :p
     
  13. emsisoft

    emsisoft Security Expert

    Joined:
    Mar 12, 2004
    Posts:
    312
    Location:
    Nelson, New Zealand
    Hehe, one more test that can't draw a real image of the tested products. ;)

    It looks like they have tested 9 different types of malware samples, but in real they tested only 9 variants of one virus. Not a big difference, but an important one.

    As you can see in the results, most products detected all or nothing. Here is the problematic point. If a behavior blocker is not trained to detect that specific behavior of that single virus, it fails on all 9 tested samples. That draws a bad image on the whole product. Same the other side around. If a product had the luck to provide a rule for that specific malicious action, it gets 100% and looks like a shining star compared with the others.

    To say it in mathematics words: There is a 50:50 chance to completely win or completely fail with this testing methodology. ;)

    For a representative result I would love to see 9 completeley different malwares to be tested. The results would be very different.

    But, of course, a security program should always detect all malware, no matter if there are 9 variants or 9 different ones - no excuses. We'll check that malware sample and fix the detection engine of Mamutu for this specific malware action asap.
     
  14. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    Gives me such a warm and fuzzy feeling that the 2 products I use in my Signature both Passed 9/9.

    I'm a bit surprised how Returnil failed on 1 tho.
     
  15. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    I like the results I see for TF. :D Anyone know which sensitivity was set during the testing?
     
  16. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    Christian, I've noticed paranoid mode is much more sensitive than the standard mode. But even if these were not detected (in paranoid mode), if users above state that a-squared/Ikarus detects all 9, than that's somewhat of a positive result.

    But no product will be on top in every test.

    For example, Comodo is a solid program, so is Outpost, and by default (which the majority of users would use), both also missed all 9. Same with G-Data's behaviour blocker.

    You win some, you lose some. No big deal. :)
     
  17. guest

    guest Guest

    @Emsisoft;
    This is absolutely not true, in this samples we used three malwares with different variants. Also C917581C38C3A33C8239D2D819F32494 is not a classic kildisk malware.


    If you want, we can send you all of malwares. But probably you have all of them. If you analyse it in detail, I think you will be the same idea with me. But If you don’t have the same idea with me, I will be the same idea with you because of your advanced technological opportunities.



    This was a pre-test. Number of softwares were too many, we analysed which one have killdisk security. We want to test softwares which one is success with all of the malware we have. But we don’t think that the result will change. Maybe softwares can determine the malware with the other behaviour analysises. (Autorun protection, etc.) But having DDA protection is the most important defence against the killdisk malwares.


    Really, testing is long and exacting task. 500/600 restart, determination malware for three weeks, downloading programs, set up them, testing if it is working in WmWare.



    For testing an additional malware we need 25 software testing+25 verification testing+1 Vmware=51 restart. If we accept 5 minute for a test, you can think how it will be long.




    This is a good new. It shows that our test is useful. And users will be protected with sure touch. If you provide necessary security and give info us, we can reduplicate the test for mamutu.
     
  18. guest

    guest Guest

    Default Settings.
     
  19. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Now THAT is awesome :D - or atleast for me. :p
     
  20. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Respect to you and thanks for donating your time to produce this information:thumb:
     
  21. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    703
    Guest, how was Sandboxie set up - default *out of the box* settings or was it *customised*?
    Very nice test, very informative :)
     
  22. guest

    guest Guest

    We tested every software with default settings.
    After setup, nothing changed.

    (But we tested comodo and outpost, different settings)
     
  23. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    Hi,

    Interisting results

    Great work thank you

    regards,

    MaB
     
  24. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    Good job guest, thanks for your time.
     
  25. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I totally agree. There was no need to test 9 samples. One sample would have been enough, as all of them do the same actiuon. They access the disk n partition table directly and corrupt them. It can be tested with a single killdisk virus or thousands of its variants, results should be same in either case.
     
Loading...
Thread Status:
Not open for further replies.