new anti-malware test

Interesting test where Comodo did pretty well

And its 3.9 :wink: :frowning:

Why cant people just update the programs before testing?

even kaspersky is an old version, .459 and right now they are at .736

You need to read the comments. This is a long term test which started in July, so that is why several old versions are being used.

This test should convince a few doubters regarding the value of CIS for preventing malware.

Interesting that the .com site in English doesn’t yet have the results, so maybe this will go unnoticed until then.

Good to see Kaspersky referring to AMTSO

Alexander the guests, a global center for research and analysis of threats, Kaspersky Lab:

"This test represents an exceptional value - not only for users of antivirus products, but also for the whole antivirus industry. Such testing in the dynamics of fully reproducing the real situation of the user in the Internet, is, in our view, the most adequate reflection of the ability of different anti-virus solutions meet today’s threats. Such testing is very time consuming and requires a qualitative methodology. It should be noted that such “dynamic tests” until just beginning to enter the arsenal of independent testing laboratories. Other test labs are planning the introduction of such tests in the near future. Conducts work in this direction and organization AMTSO.

I am just wondering why Defense+ did not catch 100% like Defensewall?

This test could be viewed as misleading. Why?. Because the winner in this test was a Hips program,Defensewall.Unless i read things wrong all the other programs bar 1 were avs and the test was to ckeck effectiveness of the av component against zero day malware was it not?.So why throw in a couple of Hips. You may as well have chucked in D+ and others and i reckon i know what the result would have been…100%.

I think personally, Most hips programs including D+ would have performed with the same results as Defensewall if there was a hips test .However Comodo did very well in stopping much more than some other supposed “top drawer” Avs, well done my son!.

Just remember most avs have hips/ behavior blockers, multiple shields, nowadays as well to mop up what the real time av component misses.So it just proves you cannot rely on the av alone, and as we know Comodo has D+ the firewall and shortly behaveior blocking and sandbox, which in my humble opinion should make it bullet proof.

Regards
dave1234.

Most of the contenders are called Security Suites and although they mainly include an av component, they should have whatever is required to prevent malware installing. Many of them fail dismally and that is what shows the value of this test.

Because they used default settings (Internet Security):

It is important to note that all anti-viruses were tested with the standard default settings and with all current updates, obtained in the automatic mode. At its core was simulated situation, as if an ordinary user to have installed itself as one of the tested programs for the defense to use the Internet and passed it on interesting links (obtained one way or another, see above).

And Kaspersky probably would have caught more if they had turned off heuristic analyzer in Application Control, and instead made all unknown applications untrusted…

And F-Secure would have caught more with DeepGuard enabled…

More surprising: Outpost Security Suite 2009 (6.5.5.2535.385.0692): 39 %. :-\ It (at least the latest version) gets CLT Score 320/340 with default settings.

Defense+ in default settings should have caught 100% too I would have thought? Unless they used some sort of “out of the ordinary” malware?

I bet LUA + SRP would have also got 100%…and it’s free, unlike DefenseWall haha. And guess why no one ever uses Sandboxie in these tests? Because the result would be too predictable and boring - 100%!

Anyway, here are a list of programs I bet would have scored 100% along with DefenseWall:

  1. Defense+
  2. Malware Defender
  3. Online Armor’s HIPS component
  4. SRP
  5. Sandboxie
  6. GeSWall
  7. Shadow Defender, Returnil and other light virtualisers
  8. Faronic’s Anti-executable

Anyway, it makes me feel that Ilya (creator of DefenseWall) paid for those tests haha - why else wouldn’t they test other “similar” programs like Sandboxie or GeSWall?

Dead right. Suite(supposed)=all needed protection.

SSj100 said:

“Anyway, it makes me feel that Ilya (creator of DefenseWall) paid for those tests haha - why else wouldn’t they test other “similar” programs like Sandboxie or GeSWall?”

Naw,he has the Wildlers Imprimatur,he does not need tests!! heeheee.

Watch Languy’s videos. :wink:

Also, ssj100, remember this thread? :wink:

Yes indeed. I see what you mean now - default configuration relies too much on Comodo’s white-list, which has proven to be wrong in the past. This could be why Defense+ failed to get 100% in the test mentioned in this thread.

Regardless, like with any classical HIPS, Defense+ can be configured to block “100%” of all malware out there. It can get a bit inconvenient and restrictive however, and is one reason why I’ve stopped using Defense+ for about 2 months now.

That would be the reason the white-list is relied upon in any configuration.

Though as Jowa pointed out in the other topic the default settings do not enable some settings featured in the proactive configuration.

As such it would be rather counterintuitive to assume the white-list as a reason that prevented to achieve 100% . ???

Yes, that was my point. :slight_smile:

Thanks for the clarification. It seems the white-list may not be the reason for Defense+ not achieving “100%”. Rather, as you and Jowa have pointed out, it’s probably solely because of using the default configuration.

However, as I said, Defense+ is highly configurable - setting it in Proactive configuration (and perhaps some other tweaks) is one way to configure Defense+ to achieve “100%” in any test.