Huge samples collection

Burillo · January 6, 2008, 8:40pm

retested NOD32 v2.7 (ditched v3.0) and finally got absolutely clear results. These were most current definitions available.

`threats: Signatures Extended Heuristics detected/total (rate)

Not-a-virus 41 0 1 42/116 (36%)
virus 8599 2 2754 11355/23573 (48%)
worm 1927 0 240 2167/2350 (92%)
trojan 8548 1 208 8757/9346 (93%)
malware 1489 190 17 1696/2035 (83%)

overall 24017/37420 (64%)
`
note: NOD32 detected additional 27 infections when having ALL detection features enabled (seems like heuristics act better in conjunction with ordinary signatures)

Burillo · January 6, 2008, 9:08pm

few days ago i did offline testing with outdated definitions (read previous posts), now i updated and rerun test. CAVS 2.0 detected:

1 more “other malware”
1 more worm
16 more trojans

no more “not-a-viruses” and viruses were detected.

BTW “undetected” archive for NOD32 is 82Mb, for CAVS is 755Mb…

Burillo · January 8, 2008, 5:20pm

Dr. Web results:
`threats: Signatures Heuristics detected/total (rate)

Not-a-virus 38 0 38/116 (32%)
virus 21294 0 21294/23573 (90%)
worm 2318 0 2318/2350 (98%)
trojan 8069 3 8072/9346 (86%)
malware 1549 0 1549/2035 (76%)

overall 33271/37420 (89%)
`

Ragwing · January 8, 2008, 6:55pm

Here’s Avira AntiVir 7 Free Edition with high heuristic:

Not-a-viruses

Detected using signatures: 93/116, around 80%
Detected using heuristic: 0/116

Other malwares

Detected using signatures: 2172/2674, around 81%
Detected using heuristic: 3/2674

Viruses

Detected using signatures: 23009/24884, around 92%
Detected using heuristic: 165/24884

Worms

Now this is the interesting part. Avira seems to shutdown when scanning a certain file, haven’t found out which one tho.

Trojans

Detected using signatures: 9483/10173, around 92%
Detected using heuristic: 13/10173

Total (NOTE: NOT INCLUDING WORMS)

Detection rate (signatures): 34757/37847, giving a detection rate of around 92%
Detection rate (heuristic): 181/37847, giving a detection rate of around 0,5%
Total detection rate: 92,5%

Summary
The results is actually pretty good for a free antivirus, it even beats NOD32 that you have to pay for. It would be interesting to know why Avira shutdown itself when it scans one of the worms, and get it fixed, so that I can fullfill the test.

Cheers,
Ragwing

Burillo · January 8, 2008, 7:32pm

interesting… very interesting… Avira is quickly gaining my respect :-))) might even give it a try :-)))) apart from that worms problem - very, very good! but hey, isn’t this COMODO forum?))))

Ragwing · January 8, 2008, 7:38pm

Yes it is, but you’re allowed to speak good of all products not made by Symantec ;D
And I think I might try to find out which one that causes the problem, not by scanning them one by one tho. Instead I’ll record the whole process, then see which file it’s scanning when it closes.
Then send it to Avira and see if they respond what caused the problem if they find any.

Burillo · January 8, 2008, 7:49pm

yeah, could be just a bug… try to send it to jotti/virustotal first :-))))))))) and see what avira engine says :-))))))))

ganda · January 9, 2008, 12:46am

new policy ??? ;D

panic · January 10, 2008, 2:46pm

Of course you can mention Symantec products. Every spectrum has to have two ends.

Burillo · January 10, 2008, 11:15pm

Symantec rulez! :BNC :BNC :BNC :BNC :BNC

Burillo · January 11, 2008, 9:11am

a little offtopic at first sight, but… just check this out :-)))) should i kill myself? :-)))))

Burillo · January 11, 2008, 10:58pm

got another collection recently. It’s from different source and therefore contains duplicates when compared to that huge collection. And also it’s rather small, only 248 samples.

Results for NOD32:
`SIGNATURES
221/248 (~89%)
EXTENDED
1/27 (~3%)
HEURISTICS
2/26 (~7%)

OVERALL
224/248 (~90%)
`

results for CAVS:
170/248 (~68%)

results for KAV:
`SIGNATURES
242/248 (~97%)
HEURISTICS
2/6 (~33%)

OVERALL
244/248 (~98%)
`

sorry, no results for Dr. Web this time :-)))

PS of course latest updates, definitions etc.

ganda · January 12, 2008, 2:32am

so, KAV is better than NOD32?

Burillo · January 12, 2008, 5:36am

i always knew KAV had better detection rates :-)))))))))) but BETTER… no way!

ganda · January 12, 2008, 5:56am

really? hmm, i always think AV with the “best” detection rate is NOD32, that’s what i heard, never use it.
for me, the free one is the better one ;D long live Avira-antivir & CAVS (B)

Ragwing · January 12, 2008, 2:06pm

Well, since all people use different malware collections for testing ,and there’s released like 1000s of new malware each day (sorry to scare you ganda), there’s none that can provide a true detection rate.
Only way would be to update the AV, freeze time and then gather ALL existing malware on the planet and do a test.

Burillo · January 13, 2008, 11:37am

if it was possible - everyone would do that already :-)))

Huge samples collection

Not-a-virus 41 0 1 42/116 (36%) virus 8599 2 2754 11355/23573 (48%) worm 1927 0 240 2167/2350 (92%) trojan 8548 1 208 8757/9346 (93%) malware 1489 190 17 1696/2035 (83%)

Not-a-virus 38 0 38/116 (32%) virus 21294 0 21294/23573 (90%) worm 2318 0 2318/2350 (98%) trojan 8069 3 8072/9346 (86%) malware 1549 0 1549/2035 (76%)

Results for NOD32: `SIGNATURES 221/248 (~89%) EXTENDED 1/27 (~3%) HEURISTICS 2/26 (~7%)

results for KAV: `SIGNATURES 242/248 (~97%) HEURISTICS 2/6 (~33%)

Not-a-virus 41 0 1 42/116 (36%)
virus 8599 2 2754 11355/23573 (48%)
worm 1927 0 240 2167/2350 (92%)
trojan 8548 1 208 8757/9346 (93%)
malware 1489 190 17 1696/2035 (83%)

Not-a-virus 38 0 38/116 (32%)
virus 21294 0 21294/23573 (90%)
worm 2318 0 2318/2350 (98%)
trojan 8069 3 8072/9346 (86%)
malware 1549 0 1549/2035 (76%)

Results for NOD32:
`SIGNATURES
221/248 (~89%)
EXTENDED
1/27 (~3%)
HEURISTICS
2/26 (~7%)

results for KAV:
`SIGNATURES
242/248 (~97%)
HEURISTICS
2/6 (~33%)