MKS-Vir2005

Any comments thanks.?? MD



REPORT:
mks antivirus 2005

Product Description:
Antivirus monitor
Antivirus monitor, deeply embedded in the core of the Windows system, controls in the real time all the file operations. For that reason it is able to stop the activation of a virus in course of executing operations on the hard disk, floppy disk, CD/DVD or other carriers.

The monitor, at the activation, checks whether in the computer memory there is a virus installed. If this is the case, the virus is removed.

Disk and file scanner
Disk and file scanner is a traditional element of antivirus software. During one quick run it can scan many physical and network drives. It detects viruses, Trojan horses and Internet worms. Moreover, beside the standard scanner operating in the Windows environment, mks_vir package contains also a 32-bit DOS scanner (fully compatible with the Windows version). This scanner allows to delete viruses from files used by the Windows system, and also to delete viruses located in the boot sector and the partition table of the hard drive. Under special circumstances, it is possible to disinfect the computer after starting it from the installation CD or from the start-up floppy disk of mks_vir package.

Email scanner
mks_mail module allows to use the electronic mail safely. mks_mail is compatible with all the mail programs, e.g. Outlook, The Bat, Eudora, Pegasus. By means of scanning the dataflow between the server and the mail client, it removes all the threats, among others Internet worms that have become one of the most serious threats throughout the last two years. Thanks to those functions, the user does not have to remember about the necessity to scan files attached to messages.

Automatic updater
The function of mks_update automatic update module is to provide the computer with the most recent virus definitions and mks_vir package elements on current basis. The program reacts to alerts published by the manufacturer the moment new threats emerge.

After the Internet connection has been detected, the update process of the package starts.

mks_update program allows to minimise the costs of Internet connections thanks to the mechanism of repository. In small networks only one workstation has to connect to the Internet in order to download the update elements. Other stations update the program through the local network from that station.

After installing mks_update, the user can forget about the necessity of updating mks_vir software, since mks_update remembers about it.

Administration system
mks_administrator is an advanced administration system allowing to centrally control the update process and the operation of mks_vir program in corporate w networks.

This system allows to undertake the following actions:
automatic update of the most recent version of antivirus software,
central management of monitor configurations on the client stations (directly on individual stations or in groups),
possibility to disable the monitor deactivation option by the user working on one of the stations,
possibility to disable the option to change configuration by the user,
task scheduling,
update of the software at any time, as many times as wanted,
scanning of the stations in search of viruses, e.g. out of the business hours,
access to the central base of logs and reports on the activity of viruses,
access to central information on software installed on workstations, including:
data related to the monitor status,
dates of the software versions,
version of the operating system,
management of the group of servers with the use of one console.

Additional benefits
The specialists of the Antivirus Laboratory constantly control threats appearing in the Internet and prepare cures against new viruses in the shortest possible time (2-3 hours)

Advantages related to mks_vir package:
complex protection of the computer thanks to the complementary activity of all the modules,
detection with the use of heuristic methods of new unknown threats,
blocking viruses in course of the process of receiving electronic mail, browsing floppy disks and CDs, as well as all other data carriers,
quick operation, low use of the system resources and low hardware requirements,
reliable (based on thorough analyses) virus definitions allowing to evaluate the level of danger and potential losses that could result from the activity of a detected virus.




Discovered and tested MKS-Vir2004, from Poland. Surprisingly, this one with caught every sample perfectly on Medium Heuristics. Specifically, nearly 50 samples were picked up Heuristically giving it a perfect score of 321/321. However, when I increased Heuristics to "Super Deep", it picked up an addition 10 more suspicious files. Upon further investigation, it was found that it was picking up signatures of hacktool utilities left over in some of the archives and flagging those files. Indeed, this is impressive. MKS-Vir2004 exhibits the most advanced detection algorithms i've ever seen, clearly it only had signatures for 271 of my samples, but through code emulation, it was able to pick up all 321 samples!! It clearly labeled the Heuristically found ones as things as "Likely Win32 Trojan" or "Highly Suspicious Acting File". In addition, its scanning speed was incredibly quick, and its memory footprint was quite small. Impressive! Furthermore, this is a full featured and fairly polished product that appears to update at least once per day, and tech support responded to me within 5-15 minutes on my emails. Unfortunately, it appears to not be available in the US for purchase at this time.

1a MKS_Vir 2004 - 321/321 0 Missed - 100%
1b eXtendia AV
K - 321/321 0 Missed - 100%
2a Kaspersky 5.0 - 320/321 1 Missed - 99.70% (with Extended Database ON
2b McAfee VirusScan 8.0 - 319/321 + 2 (2 found as joke programs - heuristically - 99%
3 F-Secure - 319/321 2 Missed - 99.37%
4 GData AVK - 317/321 4 Missed - 98.75%
5 RAV + Norton (2 way tie - 315/321 6 Missed - 98.13%
6 Dr.Web - 310/321 11 Missed - 96.57%
7 CommandAV + F-Prot + BitDefender (3 Way Tie - 309/321 12 Missed - 96.26%
8 ETrust - 301/321 20 Missed - 93.76%
9 Trend - 300/321 21 Missed - 93.45%
10 Avast! Pro - 299/321 22 Missed - 93.14%
11 Panda - 298/321 23 Missed - 92.83%
12 Virus Buster - 290/321 31 Missed - 90.34%
13 KingSoft - 288/321 33 Missed - 89.71%
14 NOD32 - 285/321 36 Missed (results identical with or without advanced heuristics - 88.78%
15 AVG Pro - 275/321 46 Missed - 85.66%
16 AntiVIR - 268/321 53 Missed - 83.48%
17 Antidote - 252/321 69 Missed - 78.50%
18 ClamWIN - 247/321 74 Missed - 76.94%
19 UNA - 222/321 99 Missed - 69.15%
20 Norman - 215/321 106 Missed - 66.97%
21 Solo - 182/321 139 Missed - 56.69%
22 Fire AV - 179/321 142 Missed - 55.76%
23 V3 Pro - 109/321 212 Missed - 33.95%
24 Per_AV - 75/321 - 246 Missed - 23.36%
25 Proland - 73/321 248 Missed - 22.74%
26 Sophos - 50/321 271 Missed - 15.57%
27 Hauri - 49/321 272 Missed - 15.26%
28 CAT Quickheal - 21/321 300 Missed - 6%
29 Vir_iT - 10/321 311 Missed - 3%
30 Ikarus - Crashed on first virus. - 0%

 

This AV and the limited test-bed results on the older version of mks_vir have been discussed in previous posts. And most of the discussion on the 2004 edition is still relevant to the new one.

See for example here.

While ArcaVir 2005 , the 'Americanized' version of mks_vir 2005 has already been discussed.

So my overall comment would be nothing really new here.

 

Ahem....arent those test results the very same as the ones released by Kobra sometime in 2004?