Jump to content
Rico123

AntiSpyware Programs

Recommended Posts

Hello,

How does SAS respnd to or exlain:

According to "malware-test.com/antispyware.html" testing the best antispyware testing is:

#1 Sunbelt CounterSpy

#2 PDTools SpywareDoctor

#3 Norton Internet Security

Also see: http://www.wilderssecurity.com/showthread.php?t=153759 post #18.

Does SUPERAntiSpyware have or can you reference claims to dispute?

Also very disappointing results for Webroot & AVG!

Take Care

rico

Share this post


Link to post
Share on other sites

Hi Rico123 and welcome :)

Don't get Nick started :lol:

http://superantispyware.blogspot.com/20 ... ology.html

For the last 3 months i have done intensive malware collection(2-8)infections daily for harvesting/submission/product testing.My findings whilst testing a broad range of softwares did not reflect thoes tests.But it most be remembered that my tests were against current infections gained through reallife scenarios(exploit injection,activeX etc) and not archived inert malware files from someones VX archive :wink:

LOL,NIS in 3rd place,someones having a giraffe somewhere :shock:

Share this post


Link to post
Share on other sites

Hi Fatdcuk,

Okay! You disagree with the methodology used by malware-test.com, or are not familiar with their testing procedures. Fair enough! Is there an independent (no company affiliation) testing organization, that all/most anti-malware vendors can agree on for fair results.

I believe many AV vendors would call AVcomparatives.org fair. Anything along those lines for AS's?

I have 3 what I feel top notch AS's (licensed) & one gets to be resident. The three AS's are: SAS, SpySweeper, AVG/AS. Two will join TrojanHunter as on demand scanners.

Ewido now AVG/AS is/was primarly known for trojans, and is new to AS world, plus being bought out by AVG. Presently resident!

SpySweeper has many accolades & champions, this was my long time resident AS, but ver 5.0 was rushed to market & caused way too many problems. Removed from my machine, & toying with the idea of re-installing 5.2x

SAS - Many forums speak highly of SAS, but wheres the independant triumphs. Walt Mossberg Wall St Journal, has talked up recommended SpySweeper for years.

My other resident malware fighters include Process Guard, RegDefend & NOD32, so I'm pretty well protected & I need to choose btwn the three, light weight is important. Geez! SpySweeper 5 sucked up way too much mem.

Anyway I do like SAS & also purchased SuperAD.

Take Care

rico

Share this post


Link to post
Share on other sites

Between disinfecting machines for a living and my work for Castlecops.com I can say without hesitation that SAS is right up there with CounterSpy and SpywareDoctor . I like SpySweeper but it has gone the system slowing route of Symantec's software so I no longer consider it elite . SUPERAntiSpyware has demonstrated to me time and time again the two most important things antimalware can offer : Incredible detection rates and incredible response time to new threats .

As for antivirus Kaspersky , BitDefender and NOD32 are the best of the best and are the only antivirus software apps that I would spend money on . I base this on my endless trips to virustotal.com to scan new malware . Those three are consistently the first to detect new malware and when they miss something they have it by the next day . Norton gets its butt handed to itself in this real world trials . It does not impress me when an app does well in a controlled test .

I fix at least 3 Norton "protected" systems a week . They suck , plain and simple .

Norton is also a huge drag on a system : http://www.thepcspy.com/articles/other/ ... ows_down/5 .

Here are some virustotal logs from research I did for Castlecops :

AntiVir 6.35.1.0 08.13.2006 ADSPY/Hoax.Renos.AG

Authentium 4.93.8 08.13.2006 W32/FakeAlert.BN

Avast 4.7.844.0 08.10.2006 Win32:Hoaxalarm-V

AVG 386 08.11.2006 Generic.SUZ

BitDefender 7.2 08.14.2006 Trojan.Dwnldr.BON

CAT-QuickHeal 8.00 08.13.2006 Hoax.Renos.cn (Not a Virus)

ClamAV devel-20060426 08.14.2006 Trojan.Fakealert-2

DrWeb 4.33 08.13.2006 Trojan.Fakealert

eTrust-InoculateIT 23.72.94 08.14.2006 Win32/Oneraw.32768!Trojan

eTrust-Vet 30.3.3018 08.14.2006 Win32/Oneraw.AY

Ewido 4.0 08.13.2006 Not-A-Virus.Hoax.Win32.Renos.bw

Fortinet 2.77.0.0 08.13.2006 Misc/SpySheriff

F-Prot 3.16f 08.13.2006 security risk named W32/FakeAlert.BN

F-Prot4 4.2.1.29 08.13.2006 W32/FakeAlert.BN

Ikarus 0.2.65.0 08.11.2006 Trojan.Fakealert

Kaspersky 4.0.2.24 08.14.2006 not-virus:Hoax.Win32.Renos.cn

McAfee 4828 08.13.2006 Downloader-AFH

Microsoft 1.1508 08.04.2006 SpySheriff (threat-c)

NOD32v2 1.1704 08.11.2006 Win32/Adware.SpySheriff

Norman 5.90.23 08.11.2006 W32/Renos.EK

Panda 9.0.0.4 08.13.2006 Adware/SpySheriff

Sophos 4.08.0 08.13.2006 Troj/DwnLdr-BON

Symantec 8.0 08.14.2006 no virus found

TheHacker 5.9.8.192 08.14.2006 Aplicacion/Renos.cn

UNA 1.83 08.11.2006 Hoax.Win32.Renos

VBA32 3.11.0 08.13.2006 Trojan.Fakealert

VirusBuster 4.3.7:9 08.13.2006 Trojan.Renos.AH

AntiVir 6.35.1.0 08.13.2006 TR/Dldr.Small.buy.1

Authentium 4.93.8 08.13.2006 W32/Trojan.ABS

Avast 4.7.844.0 08.10.2006 Win32:Trojano-2873

AVG 386 08.11.2006 Downloader.Generic.HGT

BitDefender 7.2 08.14.2006 Trojan.Downloader.Small.BUY

CAT-QuickHeal 8.00 08.13.2006 TrojanDownloader.Small.buy

ClamAV devel-20060426 08.14.2006 Trojan.Downloader.Small-945

DrWeb 4.33 08.13.2006 Trojan.DownLoader.5013

eTrust-InoculateIT 23.72.94 08.14.2006 Win32/SillyDL.25105!Trojan

eTrust-Vet 30.3.3018 08.14.2006 Win32/SillyDl.YQ

Ewido 4.0 08.13.2006 Downloader.Small.buy

Fortinet 2.77.0.0 08.13.2006 W32/Small.BUY!tr

F-Prot 3.16f 08.13.2006 destructive program named W32/Trojan.ABS

F-Prot4 4.2.1.29 08.13.2006 W32/Trojan.ABS

Ikarus 0.2.65.0 08.11.2006 Trojan-Downloader.Win32.Small.BUY

Kaspersky 4.0.2.24 08.14.2006 Trojan-Downloader.Win32.Small.buy

McAfee 4828 08.13.2006 potentially unwanted program Adware-Isearch

Microsoft 1.1508 08.04.2006 Small.136 (threat-c)

NOD32v2 1.1704 08.11.2006 Win32/TrojanDownloader.Small.BUY

Norman 5.90.23 08.11.2006 W32/DLoader.MXM

Panda 9.0.0.4 08.13.2006 Adware/ISearch

Sophos 4.08.0 08.13.2006 no virus found

Symantec 8.0 08.14.2006 no virus found

TheHacker 5.9.8.192 08.14.2006 Trojan/Downloader.Small.buy

UNA 1.83 08.11.2006 TrojanDownloader.Win32.Small.1E44

VBA32 3.11.0 08.13.2006 Trojan.DownLoader.5013

VirusBuster 4.3.7:9 08.13.2006 Trojan.DL.Small.AVF

AntiVir 6.35.1.0 08.13.2006 TR/Killav.DB.2

Authentium 4.93.8 08.13.2006 no virus found

Avast 4.7.844.0 08.10.2006 Win32:Trojan-gen. {Other}

AVG 386 08.11.2006 Collected.Z

BitDefender 7.2 08.14.2006 Trojan.ProcKill.DJ

CAT-QuickHeal 8.00 08.13.2006 Trojan.Killav.DB

ClamAV devel-20060426 08.14.2006 no virus found

DrWeb 4.33 08.13.2006 no virus found

eTrust-InoculateIT 23.72.94 08.14.2006 no virus found

eTrust-Vet 30.3.3018 08.14.2006 no virus found

Ewido 4.0 08.13.2006 Trojan.ProcKill.DJ

Fortinet 2.77.0.0 08.13.2006 W32/KillAV.3B84!tr

F-Prot 3.16f 08.13.2006 no virus found

F-Prot4 4.2.1.29 08.13.2006 no virus found

Ikarus 0.2.65.0 08.11.2006 no virus found

Kaspersky 4.0.2.24 08.14.2006 no virus found

McAfee 4828 08.13.2006 potentially unwanted program ProcKill-DJ

Microsoft 1.1508 08.04.2006 SpySheriff (threat-c)

NOD32v2 1.1704 08.11.2006 Win32/ProcKill.B

Norman 5.90.23 08.11.2006 W32/Tofger.CD

Panda 9.0.0.4 08.13.2006 Application/KillApp.A

Sophos 4.08.0 08.13.2006 no virus found

Symantec 8.0 08.14.2006 no virus found

TheHacker 5.9.8.192 08.14.2006 Downloader/LA

UNA 1.83 08.11.2006 Trojan.Win32.KillAV.5469

VBA32 3.11.0 08.13.2006 TR.Killav.DB.2

VirusBuster 4.3.7:9 08.13.2006 TrojanSpy.Tofger.BD

Rock on Symantec :roll: .

Share this post


Link to post
Share on other sites

Hello Nosirrah,

You've been of great assistance to me at CastleCops. Thank You!!!

My previous post, asks the questions:

1. Is there a mutally respected AS testing org? I use AVcomparatives.org as an example, as respected organization. Do you agree?

2. Your comments about SpySweeper, which version are you talking about? The SS forum at CastleCops, seems to note considerable improvement in mem useage, for SS. I for one have not re-installed SS since ver 5.0.

3. Regarding Symantec NIS. Norton products went south on the user, when Symantec bought Norton. I will not allow any Symantec products on this, or any future machines. I mentioned NIS previously as that's how malware-test.com's, results ended on the elventh round of testing, which was supposed to be real -world test.

4. You fail to mention your thoughts about AVG/AS are you familiar withthis product?

Seeing as how this thread is rangeing all over, what's your opinion of Comodo Firewall?

Thanks & Take Care

rico

ps Like I've said previously, I like SAS, also I have two licenses for same + one for SuperAD.

Share this post


Link to post
Share on other sites
Hello,

How does SAS respnd to or exlain:

According to "malware-test.com/antispyware.html" testing the best antispyware testing is:

#1 Sunbelt CounterSpy

#2 PDTools SpywareDoctor

#3 Norton Internet Security

Also see: http://www.wilderssecurity.com/showthread.php?t=153759 post #18.

Does SUPERAntiSpyware have or can you reference claims to dispute?

Also very disappointing results for Webroot & AVG!

Take Care

rico

Here was my official response to Malware-Test's testing.....

I was asked by several forum members for my my comments on the newly

released Malware-Test.com tests. Here are some initial observations

regarding the tests performed by Malware-Test.com.

1. They listed the infections that they used and inferred that they

derived the list from the urls to vendors' "top threats" lists

which they displayed below the list of infections used. However, only

one infection from ANY of the urls was actually listed on their

"current infection" list.

2. They put out a call/request on their forums for infections and

samples to be submitted. (Presumably vendors were permitted to submit

samples). It is interesting to note that several of the vendors ranked

much higher on the list which raises a question. I wonder if they

actually submitted samples that were used in the test bed ? We declined

to submit samples in an attempt to keep the tests ethical and

legitimate. Why they can't simply go to crack, porn and other well

known sites to install infections is troubling - this shows to me, at

least, that they may not be on top of actual infections and the spyware

"game" in general.

3. The tests performed were NOT real-world tests. In the real-world,

infections are running and installed on the system and thus in their

"native" habitat. The tests they performed, based on their r

reports and from the sample sets they uploaded to us after their last

tests, featured samples that were not actually running/active, and many

of the samples were simply installed in the folder "c:\virus" which

of course is NOT their native habitat. They claimed this was a

"reporting mistake" last time, but the current report shows the

same folder structure. They also renamed the files and folders of the

infections - I am not sure why this was done - but all of the above

are NOT what we see in the thousands of computers we diagnose weekly.

All of this is contrary to the methodology they list in their report.

4. The version of our software used in their testing, 3.2.1026, was

released 6/20/2006 - over two months ago - yet they claim they

check for updates before using and scanning with the products. Our

current version is 3.2.1028 released in late July and features many

enhancements regarding scanning and removal. Interestingly, they had

listed our current Core and Trace database versions, but those were

released on August 25, just before the tests were released. Thus, I am

not sure how they could have downloaded the new definitions, yet

ignored the updates to the product, and had enough time to run the

tests, gather the results and post the findings all within a few hours

of our update. This is troubling even with the time differentials. I

have requested the IP they used so we can check our server logs to see

if current definition updates were even downloaded and used.

5. Malware-Test.com features Google ads all over their site - those

ads are pushing software that they are not even testing, and in fact,

they advertise sites known to sell "shady/rogue" anti-spyware

software. If Malware-Test.com were truly interested in protecting

users, they would be selective in choosing their advertisers. My

concern is that the test site exists to draw traffic and earn money

from users clicking the Google ads.

If Malware-Test.com, or any 3rd party, wants to perform more accurate

tests with real-world samples, they could do the following:

1. Infect a clean system with one or more samples by visiting known

infection sites, or installing software known for installing malware.

2. Disconnect the system from the Internet so that no more samples can

be downloaded and then take a snapshot of the system so that each

anti-spyware software package can be tested against a real-world

infected machine, and each application (package) can be tested against

the same sample group.

3. Install each package and scan the system and see what is left over.

Reset the system to the saved snapshot and repeat for each software

package. There are many tools available for tracking system changes and

taking snapshots, i.e., VMWare, Ghost, etc.

4. List the type of items (registry key, data file, or executable file)

that were removed or missed. This is important because if an

anti-spyware application simply misses non-harmful registry keys and/or

data files, this is not as critical as the anti-spyware application

missing critical and active files. Scoring should be weighted towards

removing the critical components, not simply a global "%". The

fact that data files and errant registry keys, cookies and other

non-critical items are not removed is not relevant as these do not

represent true infections and most of the time present no "threat"

to the users system.

As an anti-spyware vendor, we have a chosen to focus on real-world

infections on real-world systems. We design our rules/definitions to be

able to detect as many variants of the real-world

spyware/malware/adware samples as we can. The testing of various anti-

spyware applications needs to simulate a real world environment. I hope

that this provides forum members some food for thought.

Share this post


Link to post
Share on other sites

Hello SiteAdmin,

Thank You for the excellent reply! The Wilders post (metioned) gives the impression that they are like AVcomparatives.org. Live & learn! SAS will soon join SuperAD in my system tray! Also your SuperAD is wonderful!!

Thanks & Take Care

rico

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×