NEW! Rootkit 'detection' test

Discussion in 'other anti-virus software' started by C.S.J, Jan 4, 2008.

Thread Status:
Not open for further replies.
  1. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    tested via anti-malware.ru, regarding detection of rootkits.

    rookit detection.JPG

    nod32 is once again shocking me, but for the wrong reasons.

    especially as this is their NEW software version.
     
    Last edited: Jan 8, 2008
  2. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    doesnt shock me, at all. Wonder how Avira would do, their rootkit detection is good.
     
  3. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    aviras detection has been good for a while, we all know that jeff.

    they did test the 1.0 rootkit detectio from avira which is currently beta I THINK, it scored well as expected.
     
  4. the_sly_dog

    the_sly_dog Registered Member

    Joined:
    Feb 28, 2006
    Posts:
    297
    Location:
    The Heart Of London
    Way to Goooooooooooo Kaspersky This product never seems to Amaze me It goes from strength to strength :-* :thumb: :thumb: :thumb:

    Well done to the other products -drweb,f-secure, symantec

    Eset isn`t Doing so well neither lol :D :D :D :D :D :D :D Think they might of forgot to put the rootkit detecter in it :p :p :p
     
  5. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Eset has never had great detection, regardless of what others want you to think. It does excel in other areas though.
     
  6. the_sly_dog

    the_sly_dog Registered Member

    Joined:
    Feb 28, 2006
    Posts:
    297
    Location:
    The Heart Of London
    SECOND That 1
     
  7. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Has Eset put some time and effort into rootkit detection?
     
  8. the_sly_dog

    the_sly_dog Registered Member

    Joined:
    Feb 28, 2006
    Posts:
    297
    Location:
    The Heart Of London
    Doesn`t Look like it

    Maybe The rootkit scanner Was drunk from the christmas party or was Just Very tired And Sleepy lol
     
  9. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,741
    Location:
    New York City
    What's the difference between Avira Rootkit Detection and the rootkit detector within Avira AV? Does Avira plan to integrate Avira Rootkit Detection 1.0 within the AV?
     
  10. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    It already is there, when you do a system scan, the rootkit detection runs first then the AV. It is fairly seemless.
     
  11. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    when you click on configuration choose expert, over on the right will be a bx to tick for rootkit scan first.
     
  12. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,741
    Location:
    New York City
    Does it have the same capabilities as the stand alone Rootkit Detection?
    Thanks.
     
  13. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
  14. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Well if they haven't put much effort into it then it wont be expected to be very good. Maybe Eset should have a look into developing an anti-rootkit module.
     
  15. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,741
    Location:
    New York City
    They already have one. It's called 'anti-stealth technology'. According to the test, it can be improved.
     
  16. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Yep thanks, I've found a brief article in their knowledge base describing it.

    Do you mean Eset has had bad detection of rootkits specifically or just in general?
     
  17. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    What happened to rootkit revealer?
     
  18. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    There's a very big difference between detecting a rootkit when it's just a file on a drive, and when it's active and loaded into memory, even when they're the exact same rootkit variant. Doing the former just requires you to have a signature to detect the rootkit, just like any other malware. Detecting the same rootkit when it's active means you need to have advanced technologies to query and obtain low-level uncorrupted information from the OS. Nothing to do with detection rate here.
     
  19. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Also, keep in mind that the score of anti-virus products for the PoC rootkits is essentially meaningless. A PoC is not malware, though some vendors may choose to detect it as riskware. There's no absolute standard that says that anti-virus vendors need to detect PoC code.

    Anti-rootkit utilities, though, should ideally score as high as possible for it. Unlike anti-virus products, they're not designed to distinguish which hidden files/processes/reg entries are real malware, and should ideally be able to report all such hidden data to the user.
     
  20. s4u

    s4u Registered Member

    Joined:
    Oct 24, 2007
    Posts:
    441
    Well done Dr Web.
    They are getting better and better I see
     
  21. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    Drweb always seem to always do well at anti-malware, it puzzles me.

    The last 2 tests have all been positive aswell

    Removal: gold award
    hueristics: silver award
     
  22. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Nice... Avira and Kasperksy are the best antiviruses for these type of threats.
    NOD32 is at the bottom of the list, as they used us in the last period.
     
  23. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    nod32 are very good at marketing, and charge a high price for that.

    i do like nod32, but its completely over-hyped, and its purely because of av-comparatives and VB.

    apart from fantastic hueristics, i dont see anything 'great'

    so i would not label this antivirus as the best antivirus of 2007, or 2006.

    i would have no problems using nod32 myself, but the hype is too much.

    sorry nod fans :)

    ---------
    nod used to be known as a very light, zero bugs kinda program.
    this year, nod have lost all that.
     
  24. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    I am wondering again why Kaspersky's rootkit detection is higher than F-Secure. AFAIK the detection abilities of all products using the Kaspersky engine was supposed to be the same with the exception of the newer, better heuristics on KAV 7.0 compared to the clone AVs. F-Secure isn't bad at all, but still I was not expecting this.

    AVG Anti-Rootkit does a fairly good job as well. This bodes very well for the upcoming AVG 8 products :)
     
  25. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    Thats got to do with strength of the AV (drivers) when detecting live rootkits.
    When the rootkit isn't live (hasn't infected the computer), then F-Secure should detect it.

    Also, I think there's a bit of a time-lapse between when Kaspersky issues signature and F-Secure
     
Loading...
Thread Status:
Not open for further replies.