Rokop test series

Discussion in 'other anti-virus software' started by meneer, Jan 12, 2004.

Thread Status:
Not open for further replies.
  1. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    The Rokop crew started testing AV tools. So far they reported on GData AntiVirenKit professional 2004 and Norton AntiVirus 2004. I don't know about english translations available, I could summarize a bit if you want it.

    What I do like is their testing resources used. Haven't seen that a lot.

    You can find the Rokop site via this link

    (babelfish.altavista.com is quite effective in translating german to english :) )
     
  2. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    Hi Meneer, That would be really good if you could summarize it for those of us who dont speak german . Thank you kind sir.
     
  3. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    The rokop standard test comprises:
    Windows XP system, with a test set of wild trojans, zoo Backdoors, packed Backdoors, common worms (worms, i-worms, P2P, IRC etc.), macro viruses and Dialers, altogether the test set contains 817 Samples.

    (please no comments to me... about the test setup :) )


    GDATA:
    It's equipped with two scanning engines (Kaspersky and Bitdefender). Kaspersy scanner is very good, almost redering BD useless... almost
    Very good detection rate:
    * Backdoor Zoo - all found (1 missed by Kaspersky but found by BD)
    * wild horses (trojans in this case) - all found
    * Backdoors packed - 3 misses (1 by BD)
    * Macroviren - all found
    * Wild worms – all found
    * Dialers - ca. 15 % (12 % BD, 3 % KAV)
    * False positives - 8 (BD-Engine)
    resources used: 3 processes take 16.6 Mb
    Reference test took 3 min. and 1:19 min CPU time

    Conclusion:
    All in all the program makes a very good impression. A very easy operation, a simple configurability and an excellent detection rate recommend this program.
    The impression is clouded a little by the fact that one gets updates only once per week (excluded Emergency update) and that, depending upon configuration and existing hardware, the system performance can suffer somewhat.
    The problem with the updates can be solved however through to a support extension connected with additional costs.


    Norton 2004:
    Scanner weaknesses in detecting dialers and packed virusses.
    * Backdoor Zoo - missed 2
    * wild trojans, - missed 5
    * Backdoors packed - found 9,3 %
    * Macroviren - found all
    * wild worms – missed 9
    * Dialers - ca. 24 %
    * False positives - severe errors during testing
    Resources used:
    5 processes, using 16 to 23 Mb
    Reference test took 5:22 min. and 3:02 min CPU time

    Conclusion:
    In our case the difficult installation and crashes with the false positive test cloud the general impression. (Rokop are a bit uncertain if the less than positive testresults are due to a testenvironment, although their system contains no exotic components...)
    On the other hand the user interface, the very easy operation and configuration works is appreciated.
    The detection rate and scanning new parasites leaves something to be desired, but at least Norton started implementing of the scanning of packed executables.
     
  4. Bo Derek

    Bo Derek Guest

    Watch out for the third part of our test series which will be available tomorrow!
     
  5. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    Hey Bo , welcome . :)
     
  6. Bo Derek

    Bo Derek Guest

    Thank you solarpowered candle!

    BTW: our new test is online:

    http://www.rokop-security.de/main/article.php?sid=690&mode=thread&order=0
     
  7. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    Thanks Bo and welcome for sure :)
     
  8. Tony

    Tony Registered Member

    Joined:
    Feb 9, 2003
    Posts:
    722
    Location:
    Cumbria, England
    And heres the translated version :)

     
  9. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To everyone from Firefighter!

    When u are looking at those two last comparison tests made by Rokop, u can see that AVK 2004 with KAV and BitDefender engines is superior to scan runtimepackers compared to any other av.

    http://www.rokop-security.de/main/article.php?sid=632

    http://www.rokop-security.de/main/article.php?sid=693

    The former AVK 12 Pro with KAV and RAV was poorer to detect packed trojans in Scheinsicherheit's test last year than McAfee, KAV and F-Secure but now I believe that there isn't any other av that can unpack so well than AVK 2004 (KAV 5.0 beta?).

    Runtimepacked scanning capability according to Rokop last two comparing tests were.

    --1. 97.7 % AVK 2004
    --2. 89.0 % McAfee 8.0
    --3. 87.0 % McAfee 7.0
    --4. 84.8 % F-Secure AV 5.40 PE
    --5. 82.6 % KAV 4.5 Personal
    --6. 60.9 % DrWeb 4.30
    --6. 60.9 % RAV v8.6
    --8. 58.7 % NOD32 v2
    --9. 54.3 % BitDefender v7.1 Pro
    10. 28.3 % AntiVir PE 6.21

    We have to remember that these results are a summary of two different tests made by a same tester, but anyway.

    "The truth is out there, but it hurts!"

    Best regards,
    Firefigter!
     
  10. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    The AVK test is available in English

    There's an overview for the three packages tested sofar: at this link.

    (Hey guys: will you be testing free AV's too? :p)
     
  11. Bo Derek

    Bo Derek Guest

    Well, I thought about including AntiVir in our test series but it depends on my (our) time budget. Do you have any candidates you'd like to see?
     
  12. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O
    go ahead! i'd like to see anti-vir in the rokop test
     
  13. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    Avast please ;)
     
  14. Bo Derek

    Bo Derek Guest

    We published an english review of this antivirus solution about a year ago:

    http://www.rokop-security.de/main/article.php?sid=501

    The detection test is not comparable to the one we use in our actual test series, because of different malware samples in our test sets.
     
  15. swisscoms

    swisscoms Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    96
    Location:
    Sion, VS. Switzerland
    I would like to see McAfee retested again with it's new engine avaialbele :

    http://www.nai.com/us/downloads/updates/engine.asp

    This is a highly regarded improvement apparantly. ;)
     
  16. SMaus

    SMaus Registered Member

    Joined:
    Dec 31, 2003
    Posts:
    34
    Location:
    Hamburg, Germany
    And, of course, NOD32. But Roman promised it would we tested anyway. So I'm looking forward... :)

    Regards

    Stefan
     
  17. Bo Derek

    Bo Derek Guest

    This would be interesting! On the other hand, this engine only is available via manual update. Therefore it is doubtful, whether this comparison would reflect real life situations a regular user is confronted with.
     
  18. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    I would be real interested to see how e trust promo does BO . It has both vet and inoculateIT .
     
  19. StarFox

    StarFox Registered Member

    Joined:
    Jan 14, 2004
    Posts:
    41
    Location:
    Alpha Quadrant
    -Computer Associates EZ AV 6.1.7 ( Vet Engine )
    -eTrust Antivirus 7.0 Promotional ( InoculateIT and Vet on-demand and real-time scan engines )
    -AVG 6 free
    -Trend Micro PC-Cillin
     
  20. Bo Derek

    Bo Derek Guest

    It seems not to be as interesting as I thought it would be!

    I retested the whole program with engine 4260 (because of the changed signature files) and then tested it again with the new and promising engine 4320. It virtually made no difference if I used the old or the new engine, the results were exactly the same! By the way, as McAfee performed very well in our original test, improvements are hard to make. ;)
     
  21. swisscoms

    swisscoms Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    96
    Location:
    Sion, VS. Switzerland
    Thank you Bo for the retest and info! I found the new engine could catch bugs like Java Byte Verify and NO_Cheat in the zipped archive files, and then delete them. But as you say, the programme has done so well in the past. My favorite AV by far (Enterprise v.7.1.0) :)
     
  22. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I have been trying to tell people for years or at least since version 6.0 that mcafee is an excellent AV.
     
  23. Bo Derek

    Bo Derek Guest

  24. Bo Derek

    Bo Derek Guest

  25. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Good job, Bo :cool:

    Gratuliere ;) my compliments

    regards,

    paul
     
Loading...
Thread Status:
Not open for further replies.