Virus test

Discussion in 'other anti-virus software' started by Oleg, Mar 30, 2005.

Thread Status:
Not open for further replies.
  1. Oleg

    Oleg Registered Member

    Joined:
    Mar 24, 2005
    Posts:
    406
    Location:
    USA
    Well I have tested 3 anti-virus products so here Is my results

    Dr Web - Fail 3 viruses
    NOD32 - Fail 1
    MicroWorld - Fail 0
     
  2. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    How many viruses in total? MicroWorld passed b'coz of KAV engine.

    Please state testing conditions and samples used along with product versions too :)

    regards,
    Firecat
     
  3. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
  4. Oleg

    Oleg Registered Member

    Joined:
    Mar 24, 2005
    Posts:
    406
    Location:
    USA
    Number of Viruses: 5
    Viruses names: agent_bg, Bagle_BA, InstaFinder_inst, small_aio, SRG1
     
  5. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    eScan fails in VB due to scan restrictions at default settings and slower updates ;)
     
  6. Oleg

    Oleg Registered Member

    Joined:
    Mar 24, 2005
    Posts:
    406
    Location:
    USA
    I see.
     
  7. Oleg

    Oleg Registered Member

    Joined:
    Mar 24, 2005
    Posts:
    406
    Location:
    USA
    How come McAfee passed?
     
  8. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Is that all you used for your testbed o_O The first one looks like [nonviral] adware. :cool:
     
  9. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    So is the third, and possibly the fourth as well...
     
  10. Oleg

    Oleg Registered Member

    Joined:
    Mar 24, 2005
    Posts:
    406
    Location:
    USA
    Well those are trojans.
     
  11. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Hehe,5 samples to test. You must be kidding right? Even 100 doesn't mean anything.
     
  12. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    They're still adware... Instafind is a rather basic browser hijacker using mainly a browser plugin (BHO) to do its thing, incredibly far removed from a "real" (remote control) trojan, although that's indeed hpw most antiviruses that target spy/adware prefer to tag them ...
     
  13. Oleg

    Oleg Registered Member

    Joined:
    Mar 24, 2005
    Posts:
    406
    Location:
    USA
    Well I am still looking for more viruses,but no luck In finding some. I forget to tell I have also tested: W32.HLLW.Veedna.C and W32/Winur.worm.b
     
  14. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    It's worthless testing with just few samples.
    Database of 10.000 verified samples is another story. But there is so many more malware and almost the same number of so called tests. Just check av-comparatives.org for such tests. They seem to have the most trustworthy test far around. And they also perform it using 30.000+ samples as far as i know.
    Thats a really huge number.
    But it's fun collecting malware thats for sure. Some collect badges and stamps,we collect viruses and worms :)
     
  15. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    You mean 300.000+
    In August it will maybe be 400.000+
     
  16. SDS909

    SDS909 Guest

    Not to be rude, but this "test" serves to mislead people and nothing more. Not only is the method, settings, and samples not posted, but the amount is probably miniscule and questionable. Without a broad and comprehensively verified test set, its quite pointless, as every AV has things they miss. The mere fact that most virus download sites use KAV to verify their samples, will instantly skew your results.

    Testing is a tricky thing, that should be left to the professionals. I recomend this thread be locked so it falls off the front page.
     
  17. Happy Bytes

    Happy Bytes Guest

    I second that. In the most cases such threads ending up in insultings and a lot of waves around nothing.
     
  18. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Did you mean really 300.000+ DIFFERENT infected Win32 viruses, worms, trojans, macros and scripts etc. names or variants?

    Within last 60 weeks DrWeb has got only 23 315 new signatures. Let's suppose that DrWeb is able to catch about 85 % of all NEW nasties, so in your 300.000+ sample collection you have all possible nasties dating back to spring 1994, quite impressive.

    PS. Actually your collection is dating back more far away, because the speed of new signatures is accelerating all the time.

    Best regards,
    Firefighter!
     
    Last edited: Mar 30, 2005
  19. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    I think it is better if I do not jump into a number discussion, as I tried in past to explain in detail that they are all different in their way - but showing/prove it does cost me time for something that should be clear.
    But I make another example: lets assume e.g. Kaspersky has a own collection which consist of ~500.000 samples (+ all the other various collections; but this is not of interest now) - I guess 500k is currently their size. They have 124.000+ known viruses (virus records) and do use about 70.000+ different names for them. Other AV's have 40.000 different names, other 80.000 different names, etc. In total, we have about 96% of all virus names of every AV in our collections; but this does not mean much, as those are just the names; as you see, the collection of the AV's are even bigger. So it is not complete, but nearly - those we still do not have are mainly old samples or samples that really for sure never saw a byte outside a lab.
     
    Last edited: Mar 30, 2005
Loading...
Thread Status:
Not open for further replies.