AV's v/s Licenced AV's Realtime Test

Today I tested AV’s v/s Licenced AV’s on real system XP SP3 32 Bits Eng.

I know the licenced AV may not have all the features of the original AV so to be fair I tested only the signatures, heurstics & any other features of original AV which licenced AV also had.

Roboscan Internet Security Free v/s Bitdefender Antivirus 2012

I tested BD 2012 version coz may be RS may have not upgrade to BD 2013 engine.

18 zeroday malware

BD - 15 detected, 3 missed
RS - 10 detected, 8 missed

RS inhouse engine didn’t detected anything additional.

Kaspersky Antivirus 2012 v/s ZoneAlarm FW + AV Free

Kas - 15 detected, 3 missed
ZA - 12 detected, 6 missed

Dont know if ZA has inhouse engine or not but didn’t detected anything additional.

Vipre AV 2012 v/s AdAware AV + Free

VI - 14 detected, 4 missed
AA - 12 detected, 6 missed

AdAware inhouse didn’t detected anything additional.

Additional AV’s

Comodo - 15 detected, 1 cloud detection, 2 missed (both missed were in trusted lists - dont know if they were malware or safe, forgot to upload at VT)

Kingsoft AV 2012 - 10 detected, 8 missed

Anvisoft Free - 6 detected, 12 missed

Avast Free - 12 detected without PUP, 1 additional detected PUP enabled, 1 autosandboxed, 4 missed

I observed that original AV’s & their licenced AV’s had difference in detection. I would say the difference is huge. And the inhouse engine of the licenced AV’s detected nothing.

The test was realtime i.e all the 18 malware were executed & compressed malware were uncompressed & executed.

To restore the system to the original state sysnew was used & it performed successfully with no probs.

seems like Comodo had the best detection :wink:

Probably it’s a waste of time, but I’m trying to be constructive:

naren writes several times of 18 malware samples, all numbers add to 18, also for the Comodo result - but there naren writes 2 files were in the trusted files list and he didn’t check if the two files are really malware or safe!?

  • My conclusion is, it’s totally unclear how many samples are real malware. This means it’s not known how many samples should be flagged as malware and how many should be flagged as clean.
  • Since heuristics were enabled, I can guarantee you nearly 100% detection rate of CAV by naming the samples “sample#.doc.exe”, because they will at least be flagged as Heur.Dual.Extensions - provided they are not in the exclusion list or trusted files list. I don’t know about the other products…

So “seem” is propably the correct wording, Melih :wink:

  • Since I doubt, that naren added his samples to the trusted files list manually, another conclusion is: Auto populating the trusted files list is a VERY bad idea, since this circumvents all layers of protection, provided by CIS. But sadly, there’s no possibility to disable this “feature”.

It seem the licensed vendor only use Engine, Not the technology and database are a bit follow the original one.

Heyy,

Whenever I have time to waste I do it, its fun, try it :slight_smile:

As far as the tests are concerned, they are simple tests & I do it as mentioned above to waste my waste time thats “FUN”

Sometimes I post the test results here, no agenda, simply I post.

Its ok, you like it or not. Even if I distribute millions of cash some will not like it. But thanxx, you came by, stopped & posted your comments. Think you are learning to waste the waste time fast :wink:

A legend once said “Waste your waste time, even if you dont waste its wasted” :slight_smile:

Thanxx helping me to waste my waste time, I wasted OOPS posted here :wink:

Hav “FUN”

Regards
Naren

Well done to Comodo (:CLP) :-TU

Naren, they say at Wilders that Kingsoft AV is now licenced by Avira. Will you test Kingsoft AV vs Avira?

wow avast just got its ■■■■ whop badly by comodo

Avira is Realtime or Ondemand in Kingsoft?

What all of Avira is in Kingsoft?

That’s interesting question. Can’t get the info, sorry.

hey naren, don’t get BigMike wrong. he wasn’t saying your test was a waste of time, it was his post that might be a waste of time possibly for these reasons:

  1. No one seemed to recognize the inconsistencies he pointed out in his post
  2. No one would pay attention to these inconsistencies
  3. The test has been done.

In any case, I find your reply…ahm. Quite off-topic.

(emphasis added) the waste of time here is self-referential. he was referring to his comment.

Probably referring to this.

(emphasis added)
From this observation, he thus concludes:

I say his comment is legit and non-offensive. It’s not a flame post. It’s a critique.

I didn’t use Kingsoft. But I see this screenshot from Kingsoft forum.

http://pcdoctor.kingsoft.com/forum/download/file.php?id=420&sid=d31b9acaf3c24de8a0cc6d3c3198652b

from this topic: http://pcdoctor.kingsoft.com/forum/viewtopic.php?f=9&t=865&sid=d31b9acaf3c24de8a0cc6d3c3198652b