Whole Product Dynamic Test May 2012

Discussion in 'other anti-virus software' started by Thankful, Jun 15, 2012.

Thread Status:
Not open for further replies.
  1. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    Probably just an inactive left over or false positive. Next time keep in quarantine so it can be checked. Relax, sit back and enjoy. :)
     
  2. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,770

    If you are concerned, do weekly scan with an extra program like Hitman Pro, Malwarebytes, Comodo Cleaning Essentials, etc... If Webroot is missing something, one of the on-demand scanners would most likely catch it.
     
  3. LunarWolf

    LunarWolf Registered Member

    Joined:
    Jan 4, 2011
    Posts:
    203
    Location:
    Malaysia
    My friend told me Qihoo is using 4 engines and is very light. Avira, Kaspersky and I don't know.
     
  4. cupcrazy19

    cupcrazy19 Registered Member

    Joined:
    Aug 10, 2008
    Posts:
    21
    I just did a scan with superantispyware, it shows I have two trojans on my system.

    Here is what the log says:

    Trojan.Agent/Gen-Decay
    C:\PROGRAM FILES\ADOBE\READER 10.0\READER\READER_SL.EXE
    C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA73301B744AA0100000010\10.1.0\READER_SL.EXE

    How do I know if these are indeed trojans, or FP?
     
  5. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,770

    You can upload to virustotal.com to verify.
     
  6. cupcrazy19

    cupcrazy19 Registered Member

    Joined:
    Aug 10, 2008
    Posts:
    21
    How do I do that?

    Downloading a free trial of NIS 2012 to see if it picks up the so called trojans. I did not remove them from the superantispyware scan because I want to test other products to see if they can catch it. If norton catches it and I figure out how to check it on the site you gave me and it's a trojan WSA is gone, but if it's a FP or Norton doesn't catch it either than I don't know.
     
    Last edited: Jun 16, 2012
  7. cupcrazy19

    cupcrazy19 Registered Member

    Joined:
    Aug 10, 2008
    Posts:
    21
    I have two computers, desktop, and a laptop, I just installed superantispyware on my laptop, so far it had claimed to have found the same trojan on the laptop. What are the odds I have the same virus on both computers.

    At this point I'm now thinking false positive, also norton didn't pick it up either on the laptop if it is indeed a real trojan.
     
  8. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,770

    Go to virustotal.com. The site is easy to use.

    Also, instead of installing the full suite of NIS, just download Norton power eraser. It can be run without an install.
     
  9. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,304
    Avira continues to disappoint me. Although not terrible I would not choose it at this time.
    As for SAS results, I suspect they are FP.

    Jerry
     
  10. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    dont fret it Jerry, Avira is getting ready to start gaining ground again. They will make us both proud again.;)
     
  11. cupcrazy19

    cupcrazy19 Registered Member

    Joined:
    Aug 10, 2008
    Posts:
    21
    I can't find the file to scan on that site, but after searching it seems the file:
    C:\PROGRAM FILES\ADOBE\READER 10.0\READER\READER_SL.EXE is a FP after looking on superantispywares forums, not sure about the other yet, but i assume it's also a FP.

    I have to assume at this point WSA must be working as Norton also just ran a clean full system scan...
     
  12. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    If you have any doubts, feel free to write into our customer support inbox and they'll check your logs for you. From what you've posted, it looks like you have FPs from SAS rather than missed infections.

    The same issue applied to both tests - I posted about it one week ago which was after AV-C ran their monthy tests: https://www.wilderssecurity.com/showpost.php?p=2069649&postcount=202
     
  13. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,304
    OK, I am resting in your confidence, and inside information.;)
    Thanks,
    Jerry
     
  14. cupcrazy19

    cupcrazy19 Registered Member

    Joined:
    Aug 10, 2008
    Posts:
    21
    I feel pretty good they were all FP, I used 5 different products today and only SAS picked up the files as a trojan. Since the other 4 didn't pick up any issues either WSA has done it's job protecting me, or all the products don't work either, I'll go with the first

    I used NIS 2012, WSA Complete, Bitdefener online scanner, SAS, AMWB, again only SAS picked up anything other than cookies. I would say of the 5 I used today I would depend on SAS the least.

    I know you can't always depend on these test results, and most of us would never run across most of the stuff used in the testing process, but you can't help but feel better about a product with better scores.

    My one complaint about WSA complete would be the lack of email protection with windows mail, and outlook the other suits offer.
     
  15. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    Its not visible but WSA also check your e-mail channels. ;)
     
  16. cupcrazy19

    cupcrazy19 Registered Member

    Joined:
    Aug 10, 2008
    Posts:
    21
    That's good to know, it doesn't state that on the website, and there are no setting for spam/email, so I just assumed it did nothing! Thanks fax, nice to know I'm fully protected :D
     
  17. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,305
    Location:
    Milan and Seoul
    Many people describe the "Whole Product Dynamic Test" as being the real veritable test. Let me just state some of my thoughts about it. We are talking about 464 malicious URLs being tested which have been culled among known websites distributing malware.

    My first question would be, what are the odds of landing on one of such infected URL? In 4 years I've only run once into one of these infected website, and one should consider the built in security of say Chrome and IE9 which is quite effective.

    In the last 3 weeks in my work environment, Avira and MBAM (mostly Avira though) caught more than 30 real malware from around 120 USB flashdrives, my computer was without a connection during these operations, can you imagine what would have happened using an AV that relies heavily on cloud scanning?

    Back to the results of the "real test". Let's take 2 examples Avira (my choice) and BitDefender which has had excellent results lately.

    Avira caught 97.8 % of 464 malware items, that is 453 out of 464
    BitDefender caught 99.1 % of 464, that is 459 out of 464
    We are talking about a difference of 6 pieces of malware in one month looking specifically for malware. BitDefender caught 6 pieces of malware more than Avira.

    Let's take a look at the last "On demand Detection test" March 2012.
    Avira caught 99.4% of 300,000 malware items, that is 298,200 out of 300,000
    BitDefender caught 98.6% of 300,000, that is 295,800 out 300,000

    Avira caught 2400 pieces of malware more than BitDefender. Readers should draw their conclusions about these tests.

    I'd like to point out that I'm comparing results of two companies as an example to comment on the methodology of tests. It is not intended as A versus B, as a matter of fact most companies had better results than Avira.
     
  18. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    As others have pointed out it's nice to see ESET above 99%, wich afaik is the first time in the dynamic tests.

    And the other 99% performers are going strong as usual :thumb:

    Webroot...I know it's a great product. And I hope so much that the June testing will finally show that, now when the quirks have been fixed.
     
  19. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    702
    Osaban, still the real world/dynamic testing is more relevant than the static on-demand tests.

    Of course it is good to catch as many samples as possible, but is a user really better protected when you add detection days, weeks later after the initial deployment of the malware?

    Also the on-demand tests don't include all protection features modern AV software has to offer. You can block the URL the malware is coming from, you can catch the exploit that does the download, you can use behaviour blocking to catch the malware during installation in your system, you can combine all this information and add global statistics from your cloud to have reputation based protection.

    For me, the most important question is: Can the AV solution detect/block the malware when it is new and the sample was not yet processed by the AV company (= pro-active protection)? If not, how fast can the AV company process the sample and update/deploy it's detection and protection components? But the later means that the first 10, 100, 1000 users with this malware would get infected.

    That being said, I think that the real-world tests from AV-Test and AV-Comparatives are still too "slow", the used URLs and samples are already too old and the AV companies had already too much time to react. The malware went from zero-day to zero-minute. >= 90% protection with real zero-minute malware? Hmmm...
     
  20. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,641
    Location:
    Sneffels volcano
    The most wise comment in this thread :thumb:

    Exactly my thoughts. I find funny how the "dynamic" (name says it all? :rolleyes:) results vary from month to month. Only god knows which "malicious links" are being used for these tests. We all know an av vendor which has been beaten heavily enough by av-c lately so... was this the time to pay them back their "credibility"?

    As far as I'm concerned, and I've noticed it from years ago, av-c got tired of the "eternal" winners and decided to spice up their tests with these "well balanced" 'dynamic', 'real world', you name it... reviews. This is just MHO.
    .
     
  21. Legendkiller

    Legendkiller Registered Member

    Joined:
    Jun 29, 2006
    Posts:
    1,053
    @cupcrazy19,
    I must begin by saying that i am too more of a learner than expert.

    What i have learn though is that test are indicator of how a product has faired against a test sample...and

    that the user is most important part of his security setup.

    WSA still has 95%+ detection rate, which should be good enough for a safe operator.
     
  22. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    You're welcome! :thumb:
     
  23. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,305
    Location:
    Milan and Seoul
    Thank you Stefan for clarifying the issue, my post was based mainly on the type of exposure to malware that my computers are usually facing in a working environment, without an internet connection. I wonder whether there are statistics about the life expectancy of malware, in other words how long does malware remain in circulation?
     
  24. mturmel

    mturmel Registered Member

    Joined:
    Jun 17, 2012
    Posts:
    2
    I have been a loyal user of Avira for the past 3-4 years.

    When I submit a false positive sample they say: "Detection will not be removed due to the fact that the file does not belong to a regular piece of software...In case AntiVir can detect this file we will not change or remove our detection."

    An example is
    Code:
    SHA256: 0b93e5752c96fef445ff90a51c614769c4255252eaf3f454744b6c875ece5513
    or
    Code:
    MD5: e4572447b6bd0e32e258dea2148b1d23
    When I submitted the file to F-Secure, Kaspersky, and Panda they were removed from their virus definitions, after confirming that it was a false positive.

    When I submitted the file to Symantec I got an email stating that it was a false positive; but, they never removed the detection.

    When submitted to Comodo and Sophos they responded in a similar fashion to Avira.

    Now files like above most probably don't go to AV-Comparatives, AV-Test, or VB100; or if they do, they ignore them. I doubt AV-Comparatives, AV-Test, or VB100 use 'keygens', 'cracks', or 'patches' in their tests.

    The comparatives test assume you are a good boy, and not using Quickbooks registration cracks etc. etc.

    The AV companies like Avira, Comodo, Sophos, and Symantec don't want to remove their detections to either scare users, or they just don't have the manpower to do it.
     
  25. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,305
    Location:
    Milan and Seoul
    I have tested Emisoft Anti-Malware for a few days while I had Rollback Rx installed on my computer. After scanning my machine it detected Rollback Rx as a rootkit. When I reported the obvious FP to Emisoft they replied that they won't change their signature as Rollback Rx uses code that is used by malware. In other words to ignore Rollback Rx would basically make the OS vulnerable to some malware. Best thing to do would be to exclude the FP with the antivirus.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.