little roque av test

I was thinking like how much of the newest roque av’s can comodo actualy detect? so i thought let’s make a little test :slight_smile: I collected 60 samples, only the newest roque’s like rapid av, malware catcher and so on…

Comodo was fully updated, and heuristics on medium. I also tested other av’s like kaspersky and trend micro + superantispyware and mbam.


comodo 14 - 60
f-secure 10 - 60
bitdefender 20 - 60
kaspersky 28 - 60
trendmicro 8 - 60

superantispyware 9 - 60
Mbam 21 - 60

Comodo did pretty oke. I also did a test on keyloggers, some dangerous toolbars, and rats.
In total i hade 36 samples

comodo 33 - 36
f-secure 30 - 36
bitdefender 9-36
kaspersky 36 - 36
trendmicro 22 - 36

superantispyware 0 - 36
Mbam 2 - 36

Comodo did realy good in this test ;D
There just soo many roque av’s that it’s hard to detect em all, but with the CIMA heuristics the detection reate will only get better ;D

Please submit the files for analysis as per this link. Thank you.

Hard to find your results credible when we have no idea where you got the samples or how you tested each program. So what you are saying is that you installed CIS and tested it. Then completely uninstalled CIS and then installed F-Secure. Then you completely uninstalled F-Secure and installed BitDefender. So on and so forth.

I got the samples from various sites. They are coming from searches for free av’s trough google, p2p downloads, redirects, and i got a few links on Sunbelt’s blog also post various new liinks to malware sites every week.
Too test each i av i used there online scanners, bitdefender hase a free scanner though.

i submitted the sampels

Keep Up Comodo :-TU
Note : Fraud tools are growing as fast as trojan.

OMG. You cannot expect an online scanner to do as good as a installed scanner. BTW MBAM and SAS do not have online scanners.

damn i feel like this now
You can’t realy call comodo’s current heuristics like something that will catch a lot. I just tested with heuristics on low and i catched the same amount of sampels. Those online scan probably only use signatures, and maby some heuristics so the difference can’t be to big. I didin’t executed the files so no behavious is involved. I think it’s a pretty fair test.

I would say the test is VOID… :-TD


Epic faill let this topic die in peace :-TD

Though I personally have no interest in doing this on my own, I do value and like to read threads like this done by average joe people. Is there or has there been any talk of setting up a member driven guide on how to set up, test, and report findings like this? I’ve seen a lot of people with the drive to help out but get torn apart when trying to actually conduct/report their findings. Just an idea/question.

Ah well some good has come from this, we now can catch 60 more rouge av’s :slight_smile:


Now we have more malware that we detect thanks to webbie146.
Pls keep the samples coming and pls tell us places where we can find them as well so that we can add it to our list of sites to watch.

thank you


pls tell us places where we can find them as well so that we can add it to our list of sites to watch.
Melih, I'll PM you in a few days on this, I might be able to give you a nice source :-TU



The problem with testing Comodo or any other security product against ‘rogues’ in this way is that by their structure there’s often nothing to differentiate a rogue product from a legitimate one such as SAS.
Unless a specific blacklist signature exists,heuristics etc. will offer very little help in determining the intentions behind a program (ie removing malware or removing £££ from wallet).

Rogues are entirely different from traditional malware in many cases and this is why they’re so popular (and successful) with wrong doers.

I sent you some urls via PM.