Results of Russian Spyware/Malware tests

Further to Mrkvonics request for Ilya Rabinovich to provide this test, he has done thanks. But it's in russian as he stated in here

https://www.wilderssecurity.com/showthread.php?p=705640#post705640

I thought it would reach more people if i posted in a new thread here, as it tests for a lot more than just AntiSpyware, and it does say "and system protection software" Translated from rusky by babelfish.

. . .

Testing AntiSpyware- programs

Procedure of the testing


Ad-Aware SE Personal

Microsoft AntiSpyware

CA PestPatrol Corporate Edition

McAfee AntiSpyware

Spy Sweeper

A2 (a -squared personal)

Spy Emergency 2005

Spyware Nuker 2005

TauScan

Overall deficiencies in the thoroughly tested specialized products

Testing the antiviruses, which support removal AdWare/SpyWare

avast! 4 home

Eset NOD32

BitDefender

DrWEB CureIT


In the testing a number of the products did not participate: in particular in the test there is no antivirus AVP (it detects 100% of this collection, since collection is classified according to its protocol), VBA, UNA, Stop! (with the developers of data of antiviruses the author it conducts exchange ITW- models; therefore their testing it cannot be correct); there is no in the test and author's utility AVZ. Were not tested the products of the type Spybot — Search & Destroy and of its analogs: them lacks file scanner as such and the principles of their operation are based on the study of list and the "immunization" PK.

Furthermore, from the testing was taken a number of products, in particular Disspy from H -Desk software and CounterSpy from Sunbelt Software. Reason is simple: these products search for files on the disk and processes in the memory on the names, and verdict about the harmfulness will be carried only on the basis of the name of file, which, naturally, is incorrect and very dangerously, since the random coincidence of name will lead to the detection allegedly of harmful program where conveniently.

( how many people realise that CounterSpy, and i presume it's clones, only check on names ? )

I think you'll be very surprised to see comes out on top, i was !


StevieO

 

Wow the one that detects the most is Dr.Web (sorry to spoil it)

 

Odd that Kaspersky wasn't included. As this is widely known for it's broad range of malware detection's i would have thought it was a must. I use NOD32 so was pleased with how it did in this test. But, why no KAV?

muf

 

i thought some people may find it handy, so heres the image showing the results of the programs. the site also has individual graphs for each product, showing how much of each malware it detected/removed.

 

I agree, muf. I really don't like tests that take seemingly "random" programs while blatantly leaving out and omitting some of the most popular and widely used programs.

For example...

Testing AVs....but leaving out the two most widely used (Norton and McAfee) and arguably the most effective (Kaspersky).

Also.....testing anti-spyware apps, but leaving out two of the more popular and widely used (Spyware Doctor and CounterSpy) and one of the apparent up-and-comers (ZeroSpyware), while including apps like "Spy Emergency", "Tauscan" and "Syware Nuker".

 

Why wasn't Ewido put to that test too?

 

Muf, Jrcates

?

AVP is of course the former name of KAV, apparantly it is still known as AVP in russia. So I can tell you if KAV was tested it would score 100%, since the malware base was chosen from samples detected by KAV!

Did you guys miss reading this, or simply are too new to the 'scene' to realise AVP=KAV?

Yes Zerospyware has become promising ever since reading
https://www.wilderssecurity.com/showthread.php?t=122993 about 1-2 weeks ago! How dare all the testers who did the tests months ago not keep up with what is "popular" in Wilders!!!

As for not testing Counterspy it was explained here

Not sure about the allegation that they just check for file names, though it would be trival to check. Funny, I could have sworen that the same charge was made against ad-aware..... Anyway..

Interestingly enough, I always wondered how such "antispyware" programs figured out if a registry entry (not file) is good or bad. I notice a lot of FPs relates to registry entries set by legimate software. If I didn't know better, i would say the badguys look at what registry entries are added by legimate software, and then choose their malware to use the same entries (if apprioate) to create confusion and sow mistrust.

 

Yep, I missed it (but then again, I just looked at the list of products tested, without reading the article ). I'm lazy that way at times.

Of course, that explains KAV...but it doesn't explain why Spyware Doctor, CounterSpy, ewido, and others weren't tested

 

What article? The information was in the post!!

I guess you don't read my posts either. I already quoted the part where they explain why they don't use Counterspy! Agree or disagree as you like, but a reason was given.

 

Were the samples tested to see if they are working?

 

I was actually referring to the specific link, DA, which was in the post (but admittedly, I did skim over much of the post ) As for AVP, yep, it was mentioned in the post (but not by the more widely known, popular and current-day name of KAV) so no, I was not familiar with it. Contrary to some in these forums, I have a life outside of computers and security software, and I don't do this stuff for a living (which neither do many of the "enthusiasts", BTW...this IS their life outside of work). I am simply here to learn and gain a little more knowledge and help in what limited opportunities that I can, nothing more. And regarding CounterSpy, yes, you are right....it was mentioned as well, so I missed that one (knew about it, though, even it's former "Giant AS" name).....but there was still no mention of Norton, McAfee, Spyware Doctor, ewido, etc., - the "other" products I mentioned. My post didn't just pertain SOLELY to KAV and CounterSpy.....

 

DA,

Yes, i was familiar with the name AVP. I used KAV for many years, even when it was always called AVP. But tbh i had not seen it called that for at least two years and it simply did not register. Thank you for the reminder. In fact, i used to use avp3 and still have the installation file for it, and do have it installed(not updated for many years) on my spare pc which uses Win95. All good fun!

muf

 

No offense, but why all the hand-wringing about what wasn't covered? A lot of major antispy programs WERE covered, & I found the results *interesting*.

I have yet to see any tests that cover EVERY security program within a given category. Some programs don't have trial versions available, or refuse to be tested. For instance, AV-comparatives doesn't cover EVERY antivirus. It covers many of the *major* AVs -- not all. So also did the tests herein discussed cover many Antispy programs -- many, not all.

 

Heh, I think the first time i heard of AVP was in 1994ish or maybe it was 95 .Some guy was telling me some unknown russian AV was the best antivirus in the world , I told him he was crazy. I never understood why and i refused to use it even today.

When did they change the name anyway, it doesn't feel that long time ago for me.

PS The "too new on the scene" comment was to JCrates, the "misread" comment was to you.

 

It looks like an interesting test. Though I'm a bit curious about the sample set used and the methodology. It also looks like the sample set didn't include keystroke loggers, Rogue antispyware, and commercial spying tools.

While I agree that there is a general convergence between anti-spyware, anti-trojan, and anti-virus tools I think that there is still so much ground to cover out there that it makes it difficult for one company or product to "do it all".

In the chart on the russian test I think that the spywseeper results versus the A2 results illustrate this pretty well. Spysweeper seems to concentrate on adware spyware and dialers, while A2 is much stronger in e-mail worms, and net worms.

This is pretty much what you would expect given the focus areas for each product. So it really comes down to the sample set used how these products fare is almost purely a result of this.

I believe anti-spyware companies need to focus on their target market before expending effort in other other areas of malware (ofcourse bundling a highly rated AV engine from another vendor in a combination suite is an exception to this). From where we sit it seems like most AS companies still have their hands full keeping up with spyware varients.

From analyzing the incomming reports of unknown processes from our customer base.. Spyware, adware, and Spyware-trojans are always in our top 100 reported unknown apps. Most of these customers actively run multiple anti-spyware applications and a single anti-virus. Malware leaning toward the trojan and virus spectrum almost never makes the top 100. This may be because they are simply less prevalent in the wild, or because anti-virus applications cover the their space pretty well. Hard to tell.

http://www.compress.ru/Archive/CP/2005/10/43/

It may be intresting to compare these two tests. (click on the performance tests link in the pc mag review) as they cover a couple of the same applications (SpySweeper and Nod32)
http://www.pcmag.com/article2/0,1895,1916828,00.asp

-David

 

Hi bellgamin,

I understand what you're saying....and my comment was certainly not meant to disparage the test and/or the results...I appreciate tests like this taking place! My comment was meant more to simply exhibit disappointment that some of the more widely used products were omitted, that's all. When products like Norton, McAfee, Spyware Doctor and ewido are so widely used.....comparing them would benefit and/or affect many more users than the "Spyware Nuker" and "Spy Emergency" type programs that are not only much less known, but especially much less used.

Aloha, and Shalom....