dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
10971
share rss forum feed
Expand your moderator at work


Keizer
I'M Your Huckleberry
Premium,MVM
join:2003-01-20

1 edit
reply to dos9

Re: Kobra's Antivirus SHOWDOWN results.

said by dos9:
I don't trust amateur testing. You don't even know if the viruses used for testing are ITW or zoo or whatever. The results are completely meaningless.

Maybe Kobra should have put on one of those white doctor robes when he did the test, to make it more proffessional??

Keizer


Khaine

join:2003-03-03
Australia
reply to Kobra007
Nice review Kobra, perhaps to silence the critics you could post the list of malware samples you used and the definitions of each AV (if possible).

Thanks


Randy Bell
Premium
join:2002-02-24
Santa Clara, CA

2 edits
reply to Anon
said by Keizer:
And this is something Norton missed before?
That sounds like spyware -- only NAV 2004 detects expanded threats so if he had 2003, it wouldn't detect it.

Edit: r_u_stuck2 See Profile provided this writeup, it is adware/spyware - »www.pchell.com/support/twaintec.shtml
--
"But now abide faith, hope, love, these three; but the greatest of these is love." (1 Cor. 13:13)


Keizer
I'M Your Huckleberry
Premium,MVM
join:2003-01-20
said by Randy Bell:

Edit: r_u_stuck2 See Profile provided this writeup, it is adware/spyware - »www.pchell.com/support/twaintec.shtml

Good! Thats re-assuring to hear.

Keizer

Kobra007

join:2004-06-15
Longwood, FL

1 edit

1 recommendation

reply to Kobra007
Greetings folks. There have been some updates to the test results. I've re-tested a few products with different switches and settings on the prodding of the users of those products.

* CAT Quickheal was retested, and yielded the same results, the developer is investigating.

* Avast was retested with different command line switches, and improved to 299 Detections. Bumping Panda down one notch.

* Kaspersky5.0 was re-tested with "Extended Database" downloaded and in place, and was upgraded with only 1 miss.

*Ahn V3 Pro was requested to be tested, I tested it, and it detected only 109 out of the 321 samples for a 33.95% rating. (although the options and interface rocked. Heh)

1) eXtendia AVK - 321/321 0 Missed - 100%
2) Kaspersky 5.0 - 320/321 1 Missed - 99.70% (with Extended Database ON)
2) McAfee VirusScan 8.0 - 319/321 + 2 (2 found as joke programs - heuristically) - 99%
3) F-Secure - 319/321 2 Missed - 99.37%
4) GData AVK - 317/321 4 Missed - 98.75%
5) RAV + Norton (2 way tie) - 315/321 6 Missed - 98.13%
6) Dr.Web - 310/321 11 Missed - 96.57%
7) CommandAV + F-Prot + BitDefender (3 Way Tie) - 309/321 12 Missed - 96.26%
8) ETrust - 301/321 20 Missed - 93.76%
9) Trend - 300/321 21 Missed - 93.45%
10) Avast! Pro - 299/321 22 Missed - 93.14%
11) Panda - 298/321 23 Missed - 92.83%
12) KingSoft - 288/321 33 Missed - 89.71%
13) NOD32 - 285/321 36 Missed (results identical with or without advanced heuristics) - 88.78%
14) AVG Pro - 275/321 46 Missed - 85.66%
15) AntiVIR - 268/321 53 Missed - 83.48%
16) ClamWIN - 247/321 74 Missed - 76.94%
17) UNA - 222/321 99 Missed - 69.15%
18) Norman - 215/321 106 Missed - 66.97%
19) Solo - 182/321 139 Missed - 56.69%
20) V3 Pro - 109/321 212 Missed - 33.95%
21) Proland - 73/321 248 Missed - 22.74%
22) Sophos - 50/321 271 Missed - 15.57%
23) Hauri - 49/321 272 Missed - 15.26%
24) CAT Quickheal - 21/321 300 Missed - 6%
25) Ikarus - Crashed on first virus. - 0%

Ironically, since doing this test, i've checked around, and my results aren't really all that different than some of the independant test houses. What *IS* very different, are how places like Virus Bulletin can rate something like CAT Quickheal at having 90% range detection, when it can't find the most simplest bug I throw at it. Ironically, the most recent test of NOD32 scored it in the 80 percentile range, exactly where it fell in my testing.

As for eXtendia AVK, its quite a feature rich and configurable product, and probably offers the only true 100% detection ability out there. Both engines cranking away, sweeping everything, and with each engine having its own 100,000ish definition database comparing with each other, double heuristics doing comparatives.. I think its pretty safe to say, your chances of infection are zero? I've personally run into a couple of bugs that Kaspersky missed, and the RAV side of AVK picked it up. So I do believe the product works, and provides an incredible level of layered protection for its price.

Keeping in mind though, AVK does use the KAV+RAV engine, and you can run either/or in any configuration you want, so for example you could run RAV for on-access to get the speed, and run KAV+RAV Double-Mode for on-demand to get the incredible depth of scans. Also, my testing showed AVK updates directly from their sources, i've seen it update 8-10 times per day if you set it to "Hourly" in the configurations. But I will tell you this, after running NOD32 for 3 months, I installed AVK and found 5 trojans - so don't be surprised if it finds something on your box if you were running one of the other AV's.

I'd say my personal choices are KAV5.0 or AVK. I can't wait to see what KAV5-Pro looks like, its not due till September though.

Regards

PS: I don't test for a living, this was done to satisfy my OWN curiosity about which AV product would be best for me to run. I got tired of paying cash for products like Norton and NOD32 and being horribly dissappointed - and in fact being left to reformat due to infections! Also, i'm a bit sick of magazines and websites talking really lousy products. So much misleading information out there its quite annoying. Agree with my test results or not, its up to you, but its strictly done to satisfy my own curiosity, and was posted merely because I thought others might benefit.
Expand your moderator at work

Kobra007

join:2004-06-15
Longwood, FL

Re: Kobra's Antivirus SHOWDOWN results.

Yea, eXtendia AVK support definately needs work. They *DO* have a voice phone number, and i've heard registered users are responded to within 1-24 hours via email. The times i've emailed, i've usually recieved a reply back the same day, a couple times its dragged on and on.

Kaspersky has one of the best support of any AV product out there IMHO. I've recieved responses back in minutes at times, and usually by someone that knows what they are talking about, even if i'm not registered. Avast has similar levels of support.

So you really have to weigh it out.. If you really need fast support, get Kaspersky. If you can deal with off and on support, then maybe eXtendia would be fine for you. Theres *ALOT* to consider when buying an antivirus, and I don't pretend to have the answers.

Oh, I actually logged my support responses from AV companies over the last couple months.. Heres what I logged. =)

Kaspersky – Generally within 1-2 hours, seldom more than 12 hours.
Panda – 1-2 days
F-Secure – 7 Days (WTF?)
NOD32 – Varies between 3-5 days or NO RESPONSE (More common)
BitDefender – 6 Days!
Norman – 1-2 Hours, never more than 12 hours.
AVK – Varies, sometimes hours, sometimes days, sometimes never.
RAV – No more than 5 hours delay. (too bad their product isn’t sold anymore)
BOClean – 1-2 Hours, sometimes LESS, never more than 5 hours.
McAfee – I've yet to get a response whatsoever, its been 3 weeks.
Dr.Web – 4-7 Days Wait, usually a Russian response, never helpful. Last response I got, a guy said "Who u? say self or no help)
Avast – 1-12 hours usually, they even reply to virus submittals!


StraitShoot
Who Loves Ya Baby? - Theo Kojak
Premium
join:2003-02-08
Clinton, MA
kudos:1

1 edit
Kobra, Download the zipped and double zipped eicar test virus, and when it downloads, have it delete the virus AS it's downloading.. Will it delete JUST the virus, or the virus and archive? Please let me know... This seems like a deal TOO good to pass, and I need to do something with my desktop.. KAV 5 is killing it...LOL.. Also, I wonder if they are using KAV's extended bases (adware, spyware, pornware, LOL)
--
"In Every Revolution, There's One Man ... With a Vision!


Keizer
I'M Your Huckleberry
Premium,MVM
join:2003-01-20

1 edit
said by StraitShoot:
Kobra, Download the zipped and double zipped eicar test virus, and when it downloads, have it delete the virus AS it's downloading.. Will it delete JUST the virus, or the virus and archive? Please let me know... This seems like a deal TOO good to pass, and I need to do something with my desktop.. KAV 5 is killing it...LOL..

You know StraightShoot, Kobra considers Avast as a pretty good AV. It would definately help your desktop on resources! Also, I thought you were using NAV on your desktop.

Keizer


StraitShoot
Who Loves Ya Baby? - Theo Kojak
Premium
join:2003-02-08
Clinton, MA
kudos:1

1 edit
NAV on the laptop, KAV, for now, on the desktop...
Besides, my ZAPro is expiring next month, and this suite may just take care of everything...
$30 is tooo good of a deal to pass..


gt7697c
Premium
join:2001-02-16
The Hive
reply to Kobra007
I am confused.

1. Why would EXtendia AVK sell all their products for only $30? (If they are really that good shouldn't they be higher.)

2. Didn't M$ buy RAV, and EXtendia AVK uses the RAV engine, so who is going to be further developing this engine? If I should purchase this software package are there going to be any updates, will it have the same quality or lack thereof.

3. You say Double Engines is the way go....Doesn't F-Secure use 3 engines??? Seems three engines would be better than 2...but I still use just one.;)

4. Why was McAfee rated 100% in the prior test and now is only rated at 99%?

Sorry for any newb sounding questions, I guess I am in the newb mood tonight.:)
--
Just my 2 bits.


StraitShoot
Who Loves Ya Baby? - Theo Kojak
Premium
join:2003-02-08
Clinton, MA
kudos:1
That's why I'm not taking out my wallet JUST yet..LOL...

Yes, I'm concerned about the RAV updates too..
--
"In Every Revolution, There's One Man ... With a Vision!

Kobra007

join:2004-06-15
Longwood, FL

1 edit
reply to StraitShoot
Ok bro, I did the archive test. Under both engines, it wouldn't delete the baddie inside the archive. Under the RAV engine, it didn't flag the archive as containing a virus - since by default, RAV engine doesn't on-access unarchive. Anyway, needless to say, you are right, it doesn't "Clean out" archives of the engine infected file, it wants to delete the whole archive or quarantine it, etc. It does tell me though, this is the KAV engine doing this. So likely its a fault of the KAV engine.

As for the rest of the eXtendia Security Suite, people have posted on the Wilders forum that bought it. Not surprisingly, most of the stuff in it is pretty cheesy. The AVK-PRO is really what you pay for. But i've had 3-4 people tell me the encryption program in the suite is very good and they use it. So they consider it a real bargin, even if they only use a couple things out of it.

As for the updates for RAV engine side of AVK. I've contacted RAV, eXtendia and GDATA about this very topic.

RAV tells me they have contractual commitments to continue daily updates for about another 3 years or so. Contracts with people that bought their products, and people using their engines.

GDATA and eXtendia tell me they will continue using the RAV engine for US/English customers for the forseeable future. If the updates stop flowing, they are ready to make the switch to the BitDefender+KAV setup. Apparently they took a poll from their paying customers and everyone wanted to continue the RAV engine for now.

Your $29 buys 1 year of updates and definitions, the way I figure it, is at the end of the subscription, re-evaluate whats going on in the business?


Keizer
I'M Your Huckleberry
Premium,MVM
join:2003-01-20
said by Kobra007:

As for the rest of the eXtendia Security Suite, people have posted on the Wilders forum that bought it. Not surprisingly, most of the stuff in it is pretty cheesy. The AVK-PRO is really what you pay for.
If I did purchase AVK, I would only get the AV. I have spent months hand selecting other software to accomidate me on other tasks needed on my PC.

Keizer


markwp2001
Spreadhead
Premium
join:2002-05-25
Long Beach, MS

1 recommendation

reply to markwp2001
said by markwp2001:
"(and i've verified they are real as each sample must be detected by at least 4 AV's for me to consider it)."

Could you explain this part of your selection process? Do you use 4 specific AV's to pick the samples; if so, which ones?

Still hoping for an answer to these questions?
--
Widespread Panic - when only the best will do ...


StraitShoot
Who Loves Ya Baby? - Theo Kojak
Premium
join:2003-02-08
Clinton, MA
kudos:1
reply to Kobra007
said by Kobra007:
Anyway, needless to say, you are right, it doesn't "Clean out" archives of the engine infected file, it wants to delete the whole archive or quarantine it, etc. It does tell me though, this is the KAV engine doing this. So likely its a fault of the KAV engine.
KAV all the way up to 4.5 had this deficiency.. Version 5 doesn't ... However, like I said, I am one of those unfortunate ones who are having problems with ver 5.. I thought my desktop could take it, but alas, no...

said by Kobra007:

As for the rest of the eXtendia Security Suite, people have posted on the Wilders forum that bought it. Not surprisingly, most of the stuff in it is pretty cheesy. The AVK-PRO is really what you pay for. But i've had 3-4 people tell me the encryption program in the suite is very good and they use it. So they consider it a real bargin, even if they only use a couple things out of it.
How good can the firewall be? or the pop up blocker?
--
"In Every Revolution, There's One Man ... With a Vision!


Keizer
I'M Your Huckleberry
Premium,MVM
join:2003-01-20
said by StraitShoot:

How good can the firewall be? or the pop up blocker?

Heres a quote from one member from the Wilders forum on the firewall.

"I purchased AVK pro extendia Security Suite. and I bought this at 29$ from BoomerangSoftware. The suite implements a firewall (totally outdated, with no configuration and simple on or off tabs of the programs outbounding)",
Expand your moderator at work


Keizer
I'M Your Huckleberry
Premium,MVM
join:2003-01-20
reply to gt7697c

Re: Kobra's Antivirus SHOWDOWN results.

said by gt7697c:
I am confused.

2. Didn't M$ buy RAV, and EXtendia AVK uses the RAV engine, so who is going to be further developing this engine? If I should purchase this software package are there going to be any updates, will it have the same quality or lack thereof.


Exactly what I was wondering as well. Even at their website, they ask the question is this Microsofts future anti virus technology? (See screeny)

Its like the scan engine, or in this case one of them, is in limbo.

Keizer


Martinus
Premium
join:2001-08-06
EU

2 edits
reply to Kobra007
Kobra007 See Profile, that mem usage shown in your screenshots is very interesting.

Can you expand more on that? For instance:
- Is that with the two engines active in the RTM?
- Is that inmediately after boot or after a while of normal computer use?
- Any exclusions in the RTM?

It is also worth noticing that the service is using much less memory than the UI which normally would be minimized to a tray icon.

--
From the GSV "Ethics Gradient"


Wildcatboy
Invisible
Premium,Mod
join:2000-10-30
Toronto, ON
kudos:3
reply to Kobra007

OK folks, get back to the subject. This thread started as an AV test report and a bunch of you turned it into a useless and off topic discussion of what you bought and how much.
--
You can catch the Devil, but you can't hold him long.


squatpuke
Premium
join:2004-04-15
Flagstaff, AZ
reply to Kobra007
said by Kobra007:
Keeping in mind though, AVK does use the KAV+RAV engine, and you can run either/or in any configuration you want, so for example you could run RAV for on-access to get the speed, and run KAV+RAV Double-Mode for on-demand to get the incredible depth of scans.
This seems almost too good to be true...

Why hasn't this product been more hyped?

and finally, I guess I don't understand how it can use two engines of two different products for less than those actual products themselves...again, seems to good be true...like getting two AV's for the price of 1/2 of one.


dp
Premium,MVM
join:2000-12-08
Greensburg, PA
kudos:7
said by squatpuke:
This seems almost too good to be true...

Why hasn't this product been more hyped?

and finally, I guess I don't understand how it can use two engines of two different products for less than those actual products themselves...again, seems to good be true...like getting two AV's for the price of 1/2 of one.

Good question You even have the option to disable either of the 2 engines and use only one of them if that's your pleasure
--
Write your questions down on the back of a $20 dollar bill and send them to me


Martinus
Premium
join:2001-08-06
EU
reply to squatpuke
said by squatpuke:
...I guess I don't understand how it can use two engines of two different products for less than those actual products themselves...
Buying a licensing scheme of an engine is much cheaper than having a R&D team developing and maintaining it. So, actually the engine final cost is much less for eXtendia than for KAV. And if the licensing scheme is per units sold basis - as most are -, the more they sell, the more they pay and everybody's happy.
--
From the GSV "Ethics Gradient"


FF again

join:2003-06-13
Finland

2 edits
reply to Kobra007
To banana_man from FF again!

> Why hasn't this product been more hyped?

Obviously u have not visited at German language security web sites, almost every German security site had something about AntiVirenKit Pro (same as eXtendia AVK Pro) less than a year ago. There is not so much about F-secure either, both of those have excellent detecting rates.

The world isn't yet pure English only.

Best regards,
FF again!


Randy Bell
Premium
join:2002-02-24
Santa Clara, CA

1 edit

1 recommendation

FF again See Profile, I have often thought it a shame that excellent products like KAV and F-Secure have not penetrated the Western English-speaking markets -- Norton and McAfee still dominate, and probably will do so for some time to come. I guess it takes a lot of $$ investment to penetrate with effective marketing of your product, even if you have a comparable or superior product from a technical standpoint ..

.. Back on track, to Kobra: I think the next step in your testing is to try a much larger testbed than 321 samples. I would also be careful to leave out spyware {adware} -- confine the test to "classic" malware -- trojans, viruses, worms -- since not all AVs detect these expanded threats. One has to be careful because most AVs give a "trojan" name to spyware {adware} even though such samples are not true trojans in a classic sense: we run into that all the time at TrojanHunter Forum, as TH only detects trojans {and trojan-like code} that meets the old classic definition of a trojan. Good Luck with your testing ..
--
"But now abide faith, hope, love, these three; but the greatest of these is love." (1 Cor. 13:13)