NEW! Rootkit 'detection' test

Then I guess it is pointless for me to continue.

Best Regards.

 

im glad you caught on sooo quickly, thanks for your input

 

Its amazing what a bunch of nonsense this thread has produced. Nearly no technical discussion and at the expense of a bunch of fan boy jubilation.

Anyone around notice that gmer did the best of those tools that are still being developed, and does anyone understand why?

 

Interesting, thanks for the test post.

 

your welcome

im not sure why, didnt it score 5.5 on the malware, same as rootkit unhooker?

havnt tried GMER, but i have tried rootkit unhooker, and there is NO WAY an average user would be able to use that, so maybe its the same as that, not really something that would be used on a large scale unless simplified.

 

CSJ,

Clean your glasses, according to the chart at the start of this post, gmer did score 5.5 on malware, it missed the second test by .5 point, but beat everything but rootkit unhooker.

Just because the average guy can't use it is no reason to dismiss this kind of utility, although it may be reason to dismiss some of the resident HIPS and firewalls that are popular around here.

 

clean yours,

i never dismissed it in the slightest.

 

You need to see The Doctor.

 

Is the website where this test was originally published only available in Russian? I don't seem to find a button on in to get access to an English version or so.

I'd like to check if they also tested G DATA, which is a double engine scanner that usually performs very well in comparative tests (using Kaspersky and Avast technology).

 

Just one?

 

Good idea.. drweb is oldschool tool that needs to be replaced or is only useful as secondary scanner.

Most oldschool scanners have the same problem like windows and the universe itself: It is already built, if you want to make fundamental changes you must start by 0.. but that is a hard thing if you are already established. Comodo was fresh thing that "earth-quaked" the whole zombified security scene especially because their products are for free, of High-Q and fast reaction. Loool. Fresh wind always good. Beside Gmer and RkU were fresh too and showed how non-commercial stuff won against all those bolden moneydriven enterprises. In the end the whole story looks like a big comedy scenario.

Hehehe, totally true. exactly my opinion... loool

 

The best line in the entire thread.

I salute you.


Real security on MS PC platforms won't appear until MS releases a new OS environment that says goodbye to backwards compatibility and the default administrator(root) access.

 

For what it's worth, the antivirus and HIPS are awful. Haven't tried the firewall, so I won't comment on it.

 

I realize my comment is OT, but if you haven't tried the firewall, it's hard to understand how you would have an opinion on the HIPS, since they don't make a standalone HIPS...

 

Simple. I ignored the firewall and pretended it didn't exist.

 

I think that during installation there is an option to not "install" the HIPS component.
Since I didn't see an option to not install the firewall component, I don't think that by simply ignoring the firewall you will be able to arrive at a sufficiently objective conclusion regarding its HIPS capabilities.

Of course, since I have been wrong before, I may very well be wrong again.

 

An astute observation. You'll have also observed, of course, that I've already mentioned I have no knowledge of its capabilities and hence refrained from commenting on it.

 

Typo.

Post already edited.

 

So how does the firewall influence the HIPS?

 

I don't know if it does.

I remember reading at matousec that they tried to disable the anti-malware component of Zonealarm just to test the firewall and they couldn't.

Isn't there a possibility that the firewall component can't be fully disabled to test the HIPS?

IAC, some people like the HIPS, and even think it is better than standalone HIPS such as SSM.

Personally I think all currently available HIPS are immature.

 

... nevermind.

It makes more noise. A LOT more, a decent portion of them useless. For some people, that's what it takes to make them happy.

 

I think most likely you came to the correct conclusion, but after seeing some quite inexplicable software designs, I just can't be sure anymore...

IMO you can chalk that up to it still being very much work in progress...

 

Now I understand why the moderators go to such lengths to eliminate "versus" threads.

Since all of these security products do such a shoddy job, the comparison exercise is pointless.

 

True too! At least Comodo brought up a fresh breeze.

Beside something I found incredible was the fact that RkU was the first tool on this planet that showed us Shadow SSDT.. such a shame.. why did that stay in the hidden for so long!! I nearly don't get away about this there. Two years ago I told already about the win32k.sys thing but nobody was concerned about.

True words the whole security story is a shame, we need by far more pro´s.

 

I wonder if anyone can answer a question about any or all of the anti-virus, ant-rootkit, anti-whatever tests that are being done?

It is without question that the malware selected is only a small subset of actual malware in circulation. In any scientific paper that I've read when a subset is used there always is included a section of statistical significance (eg- if there are a total of 100 rootkits in existence, and 4 are used for the test: Product A detects 3/4 or 75%, whereas Product B detects 2/4 or 50%. Although 75% is alot more than 50%, given the small sample size this difference has no significance whatever).

So in the absence of statistical evaluation in this particular test, and the nastiness of some of the posts here, shouldn't this Thread be Closed?