Testing of Infected computers

Discussion in 'other anti-virus software' started by C.S.J, Sep 18, 2007.

Thread Status:
Not open for further replies.
  1. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    ..... for 'that most complicated' malware.

    Test

    Results

    Methodology

    Discuss

    your thoughts?

     
    Last edited: Sep 18, 2007
  2. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,726
    Location:
    localhost
    Very interesting.... but is it enough a test with just 17 sample?
    Were sample choosen randomly? It does not look like they were....

    At least they should have tried a random selection of sample in more rounds following the criteria they describe just to be a bit more robust...

    Cheers,
    Fax
     
  3. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    hi fax,

    read this, it explains why each threat was selected.
    im happy to see a massive improvement on removal for drweb, between the versions. :)
     
  4. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,726
    Location:
    localhost
    Hi C.S.J.
    Indeed I have read it... of course its an interesting test however I doubt that it is really rappresentative. We have seen many examples in the past about tests with limited samples . But this is more for virus experts to judge...

    Regardless the number and kind of malware choosen, an antivirus main function is to prevent infection not to clean it afterwards. Of course, users that cleans PC for work, for hobby or for friends will find this test most useful.

    Most interesting information I can extract from this test is that generic antivirus products have evolved very much recently and are able to deal with spyware and adware as good as mainstream dedicated spyware scanners (though they were not included in the test).

    Cheers,
    Fax
     
  5. kinwolf

    kinwolf Registered Member

    Joined:
    Oct 19, 2006
    Posts:
    271
    I concur that 17 samples is far from enough. It is too easy to pick up 17 samples that would make antivirus X looks good.

    Kasperskogo.. lol, funny translation
     
  6. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    but this is removal, not detection, its alot harder to test against,

    detection is simple numbers, and work out a percentage, removal is much harder to do, which is why there is not many removal tests around.

    I know, and 'doctor the web' i thought was quite good aswell, never heard of it like that before :)
     
  7. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    I agree. 17 samples is not enough.
     
  8. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    For some reason I feel like I am looking at a malware-test review. :doubt:
     
  9. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    i remember when IBK once posted a link to an interesting self protection test, with 'not many checks' or whatever, and he is a professional :)

    and yes, this removal test is from the same people.
     
    Last edited: Sep 18, 2007
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,040
    What a shocker. Dr. Web came out on top. Honestly test like these are almost meaningless.

    First is the problem of the samples, then the test methodology, etc. What does it really mean for the average user. Probably not much. My hunch is that the safe surfer won't get in trouble with the worst AV, and the person who does all the foolish things with the computer, probably wouldn't be protected by the best AV, which ever that might actually be.
     
  11. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    But you are not. ;) These guys are well respected testers (in Russia at least).


    tD
     
  12. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    yeah, i must have wrote it all then. :thumbd:

    thanks TD.
     
  13. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Every single test is meaningless! Period. But once a while we get a chance to look at these tests from a different angle with different prospective. :cool:


    tD
     
  14. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    It would be interesting to see Dr.Web 4.44 tested in one of AV-test's removal efficiency tests.

    This one is definitely interesting to look at though! Indeed, Dr.Web 4.44 is a significant step forward for Dr.Web in some respects. :)

    Maybe I'll post some more thoughts later, currently I am in the middle of studying for an important exam! :)
     
  15. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    The result is meaningless to me, but the differences from 4.33 and 4.44 is quite amazing from a removal point-of-view.

    i know, but they seem to only do these removal tests for the big players like norton etc etc.
     
  16. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    It's good PR for Dr.Web.
    Dr.Web is the only program that had two versions tested.
    It reads like an advertisement for Dr.Web.The headline for the test should read "Look how much Dr.Web has improved!" And I'm sure that they have had some improvement between versions.
    But this test has little value unless you like Dr.Web.
     
  17. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    good, cos drweb never gets good PR, especially not in this place. ;)

    others did well aswell like the nortons and kasperskys of the world, they got the awards, but loads failed, and its an interesting read into removal.

    since when does removal ever get tested, not v.often.
     
  18. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    I am wondering why F-Secure is so much worse than Kaspersky. Are the differences between KAV 6.0 and 7.0 that significant (F-Secure uses KAV 6 engine)?
     
  19. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    Hi chris,
    the link IBK posted to was showing how good the self protection of the antiviruses are. not 7 samples.
    lodore
     
  20. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    I think this test is not meaningless. It shows something.
    Esp. the difference between two versions of the same product.
    And most cleaning tests are done on a very limited number of samples. The selection of samples seems to make sense.

    Greetz from Vienna!
     
  21. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    edit:

    yeah lodore, i just meant it doesnt test much but is still a very good test.

    this time, its removal not self protection.
     
    Last edited: Sep 18, 2007
  22. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Then by all means, this is interesting. I have been preaching a long time that detection is only part of the equation. That if a AV cant clean, it is crap. Eset, Avira and a hosts of others fall into the crap of cleaning catagory. Dr. Web has always been know for its cleaning ability as Kaspersky, Norton.

    Now on the flip side Chris is, you also have to be able to detect it, before you can clean it.:cautious:
     
  23. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Norton and Kaspersky still rule the cleaning and detecting group. But I think Eset, maybe Avira and others are going to start closing the gap. Dr.Web just needs to go in the other direction, detection and it willb e fine to.
     
  24. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    i think ive made my arguments on that already and we aint going down this road again trjam.

    i hope bitdefender 2008 improved its cleaning though on v.10

    its also shocking that nobody recieved the platinum award, it just shows that all talk of detections and features dont mean everything.

    i knew 4.44 improved its removal compared to 4.33, but seeing it in this test has eased my mind a little bit.
    its also nice to see 4.44 being the only one to remove the rootkit, i was never sure about the rootkit thing, but again... eased my mind.

    -------------
    @jeff

    sure removal means nothing if it isnt detected ;)

    but, the same applies to detected threats that cant be removed, right? :D

    it is a shame it doesnt mention what these threats actually did, would have been nice to know, and what the product tried to do against it, even if not completing cleaning it.
     
    Last edited: Sep 18, 2007
  25. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    That is one of the reasons behind my previous post. ;)
     
Loading...
Thread Status:
Not open for further replies.