Maybe the King (NOD) has been beated, second try?!!!

Discussion in 'other anti-virus software' started by Firefighter, Jan 11, 2003.

Thread Status:
Not open for further replies.
  1. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    System winXP Home; Intel Celeron 1 GHz;
    RAM: 512 MB SDRAM; Disk drives space: 19 GB

    If you are looking for the best AV to new undetetermined viruses, the choice is ultimately DrWeb or F-Secure 5.41 (look at the Heureka 2 test).

    If you are looking for the ultimate best in the Zoo scanner, the choice is F-Secure 5.41 or KAV 4.0 (Technodrome sites, 27 scanner av test + AV test.org tests 10-11.2001).

    If you are looking for the best really fast scanner capable to scan 100% in the Wild viruses, and capable to scan enough archives, you can made your own conclusions from this.

    All AV:s under the test were in PC together, all resident scannings disabled! No false positive results from anyone.

    1. made test: Best possible full scanning mode; all files, all archives, full heuristics, etc.

    Exceptions:

    • RAV was tested after 2. test in this 1. test.


    F-Secure 5.40 build 8232:

    Capable to scan [files] 106 018   
    Scanning time [hrs.min:sec] 1.24:50
    Av. scanspeed [files/min] 1 250
    Unable to read [files ÷ ‰ ] 25 ÷ 0,236 ‰
          
    DrWeb32 v.4.29b   

    Capable to scan [files] 93 564   
    Scanning time [hrs.min:sec] 0.49:57
    Av. scanspeed [files/min] 1 873   
    Unable to read [files ÷ ‰ ] 95 ÷ 1,02 ‰

    Avast 4 Professional   

    Capable to scan [files] 98 523   
    Scanning time [hrs.min:sec] 1.14:28
    Av. scanspeed [files/min] 1 323
    Unable to read [files ÷ ‰ ] 49 ÷ 0,497 ‰   

    RAV 8.6.104
       
    Capable to scan [files] 157 600  *  
    Scanning time [hrs.min:sec] 0.40:48
    Av. scanspeed [files/min] 3 863 *
    Unable to read [files ÷ ‰ ] 0 ÷ 0 ‰

    NOD32 v.1344 (eval)   

    Capable to scan [files] 56 854   
    Scanning time [hrs.min:sec] 0.14:01
    Av. scanspeed [files/min] 4 056
    Unable to read [files ÷ ‰ ] 47 ÷ 0,827 ‰


    *) After the finally correction according to my 3. comment below this article.


    2. made test: Default settings; by format, all infectable, unpack executables, no archives etc.

    Exceptions:

    • DrWeb could scan without archives only 12 348 files, so archives mode was enabled.

    • Avast 4 Pro may have not so good heuristics in normal sensitivity settings in standard shield, so it has chanced from normal to high (the conclusion was made from the older program, none knows how good this new program is with totally new kernel? That’s why the high sensitivity standard shield).


    F-Secure 5.40 build 8232

    Capable to scan [files] 28 161
    Scanning time [hrs.min:sec]    0.18:25
    Av. scanspeed [files/min]    1 529
    Unable to read [files ÷ ‰ ] 3 ÷ 0,107 ‰

    DrWeb32 v.4.29b   

    Capable to scan [files] 27 460
    Scanning time [hrs.min:sec]    0.22:08
    Av. scanspeed [files/min]    1 241
    Unable to read [files ÷ ‰ ] 40 ÷ 1,02 ‰   

    Avast 4 Professional
       
    Capable to scan [files] 50 514
    Scanning time [hrs.min:sec]    0.14:32
    Av. scanspeed [files/min]    3 476   
    Unable to read [files ÷ ‰ ] 5 ÷ 0,099 ‰

    RAV 8.6.104
       
    Capable to scan [files] 39 868
    Scanning time [hrs.min:sec]    0.18:13
    Av. scanspeed [files/min]    2 189   
    Unable to read [files ÷ ‰ ] 0 ÷ 0 ‰

    NOD32 v.1344 (eval)

    Capable to scan [files] 26 713
    Scanning time [hrs.min:sec]    0.08:15
    Av. scanspeed [files/min]    3 238   
    Unable to read [files ÷ ‰ ] 3 ÷ 0,112 ‰
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    Re:Maybe the King has been beatened, second try?!!!

    Hi Firefigther,

    Could you give us a little more background? Was this a test you did or is it something reposted from somewhere else (if so, where)? Was this just a speed test or were there real viruses detected? The summaries don't say if all virus scanners caught all viruses. You just say that none had false positives.

    Can you give a summary statement of some sort to clarify it a bit?

    Thanks,
    LowWaterMark
     
  3. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Re:Maybe the King has been beatened, second try?!!!

    To LowWaterMark from Firefighter!

    I made the test in my PC. The purpose was to find out the capability of scanning archives. Secondary target was to measure the average speed of scanning. Third I wanted to know the reading errors of diffent AV:s.

    Avast 4 Pro scanned totally 11.4 GB and without archives scanning 8.6 GB. NOD could find out with full scanning capability a bit more files than Avast did only by default settings.

    There were 0 viruses in my PC in this test. It was interesting, how much "all infectable" settings results varies with different AV:s. What is the real amount (%) of scannig files, to make sure that there are no danger to be infected?

    RAV is yet an open question, can it really archives scanning and how wide?

    :rolleyes:
     
  4. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Re:Maybe the King has been beatened, second try?!!!

    RAV Engine includes modules for scanning inside archives that detect infected files in most common types of archives and can scan archives inside archives no matter how deep they go. RAV Engine also scans inside packed executables(lzexe, pklite, cryptcom, wwpack, aspack, pepack, vgcrypt, upx, etc).

    Regards to your test:
    You should look for "New Files" in statistic panel! That’s the number of scanned items!

    You also should know that RAV includes integrity checker so next time you scan, "new files" number should be smaller!



    Technodrome
     
  5. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Re:Maybe the King has been beatened, second try?!!!

    To Technodrome about yesterday from Firefighter!


    Thanks to Technodrome about RAV advice.

    Unfortunately the number of RAV scanned files with the best scanning settings is’nt so simple you adviced me.

    There may be a bug in RAV’s "Report Panel" interface with the full scanning settings. The "New: 123...789" item in the RAV "Report Panel" may be very near the number of total files of you PC.

    If you want to know the amount of scanned files with best scanning settings, you have to do as follow.

    1.   Choose the RAV "Configuration Center" interface.

    2.   Click with mouse the RAV for Windows "Report Settings" item.

    3.   Click the "View Report File" button in the middle of the screen to open the "ravwin" file.

    4.   Copy the entire file to excel –program and count the rows of the files.

    5.   Subtract the number of scanned folders (in Report Panel) from the number of rows value.


    There you have the total amount of scanned files.

    I made a couple of new scans with RAV and Avast 4, because I have uninstalled some programs and junkfiles after the 2. test.

    No viruses and no false alarms in this scans like in the 1. and 2. tests.

    RAV was now scanned Integrity Checker disabled (done just after installation) and with archive scan. In the "Configuration Settings" interface only the "truncate log larger than" item was disabled.

    Avast was scanned VRDB generation (= Virus Recovery DataBase, the same as Integrity Checker) disabled and the best possible scanning settings (your own settings in the "new task" item, scan all files, content enabled, whole files etc).

    New results:

    RAV 8.6.104 (all files)

    (counted manually as above: new = 157 054; 2080 folders, 6311 archives and 2405 packed)
       
    Capable to scan [files] 95 776
    Scanning time [hrs.min:sec] 0.38:56
    Av. scanspeed [files/min] 2 460
    Unable to read [files ÷ ‰ ] 0 ÷ 0 ‰


    Avast 4 Professional (all files, archives scanning)

    (total amount of scanned files 8.8 GB, 2131 folders, total space of files by SiSoft Sandra = 7.3 GB, probably Avast 4 informs the unpacked space of files!)
       

    Capable to scan [files] 79 701
    Scanning time [hrs.min:sec] 1.04:09
    Av. scanspeed [files/min] 1 242
    Unable to read [files ÷ ‰ ] 7 ÷ 0,088 ‰


    So in the 1. scan the real number of RAV scanned files were aproximately
    (Avast 1. measuremet / Totally new Avast scan) x Totally new RAV scan.

    = (98 523/79 701) x 95 776 = 118 400

    So the aver. full scanning speed was = 2 900 files/min. :rolleyes:

    By the way, RAV's scanning time is processing time, the total scanning time is much bigger.
     
  6. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Re:Maybe the King has been beatened, second try?!!!

    To Technodrome from Firefighter!

    Sorry, you were right, that you wrote. I had a system overflow in my manual counting files with "ravwin" notepad.

    The "New" item in the RAV Report Panel is really the total scanned files, both out- and inside archives. So the NOD was clearly beated in scannig skills (almost 3 times) and very near with -speed using the best possible settings.

    Hopefully RAV corrects the "New" with a word, that could be better understood.

    RAV is very...y go...ood scanner, F-Secure and DrWeb are also very good, but twice the file number than DrWeb's and 1,5 x F-Secure's, that's something!

    When you scan your PC with NOD, there are at least 2/3 left, that you don't know anything about!

    How much could KAV scan files then?

    RAV Summary:

    Total scanned files with RAV = 157 600
    Scanning time: 40 min 48 sec

    Average Scanning Speed: 3 863 files/min


    Regards,
    Firefighter! :cool:
     
Thread Status:
Not open for further replies.