dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
15
Kobra007
join:2004-06-15
Longwood, FL

Kobra007 to StraitShoot

Member

to StraitShoot

Re: Kobra's Antivirus SHOWDOWN results.

I tried eScan, and it caused me to reformat. So I tried it again, and had to reformat a second time. That product is an accident waiting to happen! Anyway, I got some updates:

Updated testing results, several additional products tested. Special note to the changes in first place. Notes on the changes:

Discovered and tested MKS-Vir2004, from Poland. Surprisingly, this one with caught every sample perfectly on Medium Heuristics. Specifically, nearly 50 samples were picked up Heuristically giving it a perfect score of 321/321. However, when I increased Heuristics to "Super Deep", it picked up an addition 10 more suspicious files. Upon further investigation, it was found that it was picking up signatures of hacktool utilities left over in some of the archives and flagging those files. Indeed, this is impressive. MKS-Vir2004 exhibits the most advanced detection algorithms i've ever seen, clearly it only had signatures for 271 of my samples, but through code emulation, it was able to pick up all 321 samples!! It clearly labeled the Heuristically found ones as things as "Likely Win32 Trojan" or "Highly Suspicious Acting File". In addition, its scanning speed was incredibly quick, and its memory footprint was quite small. Impressive! Furthermore, this is a full featured and fairly polished product that appears to update at least once per day, and tech support responded to me within 5-15 minutes on my emails. Unfortunately, it appears to not be available in the US for purchase at this time.

Tested other additional products, Antidote, PerAV, Vir.IT, FireAV, and VirusBuster. Results are below.

1a) MKS_Vir 2004 - 321/321 0 Missed - 100%
1b) eXtendia AVK - 321/321 0 Missed - 100%
2a) Kaspersky 5.0 - 320/321 1 Missed - 99.70% (with Extended Database ON)
2b) McAfee VirusScan 8.0 - 319/321 + 2 (2 found as joke programs - heuristically) - 99%
3) F-Secure - 319/321 2 Missed - 99.37%
4) GData AVK - 317/321 4 Missed - 98.75%
5) RAV + Norton (2 way tie) - 315/321 6 Missed - 98.13%
6) Dr.Web - 310/321 11 Missed - 96.57%
7) CommandAV + F-Prot + BitDefender (3 Way Tie) - 309/321 12 Missed - 96.26%
8) ETrust - 301/321 20 Missed - 93.76%
9) Trend - 300/321 21 Missed - 93.45%
10) Avast! Pro - 299/321 22 Missed - 93.14%
11) Panda - 298/321 23 Missed - 92.83%
12) Virus Buster - 290/321 31 Missed - 90.34%
13) KingSoft - 288/321 33 Missed - 89.71%
14) NOD32 - 285/321 36 Missed (results identical with or without advanced heuristics) - 88.78%
15) AVG Pro - 275/321 46 Missed - 85.66%
16) AntiVIR - 268/321 53 Missed - 83.48%
17) Antidote - 252/321 69 Missed - 78.50%
18) ClamWIN - 247/321 74 Missed - 76.94%
19) UNA - 222/321 99 Missed - 69.15%
20) Norman - 215/321 106 Missed - 66.97%
21) Solo - 182/321 139 Missed - 56.69%
22) Fire AV - 179/321 142 Missed - 55.76%
23) V3 Pro - 109/321 212 Missed - 33.95%
24) Per_AV - 75/321 - 246 Missed - 23.36%
25) Proland - 73/321 248 Missed - 22.74%
26) Sophos - 50/321 271 Missed - 15.57%
27) Hauri - 49/321 272 Missed - 15.26%
28) CAT Quickheal - 21/321 300 Missed - 6%
29) Vir_iT - 10/321 311 Missed - 3%
30) Ikarus - Crashed on first virus. - 0%

Keizer
I'M Your Huckleberry
MVM
join:2003-01-20

Keizer

MVM

said by Kobra007:
I tried eScan, and it caused me to reformat. So I tried it again, and had to reformat a second time. That product is an accident waiting to happen!
Wow, I would think that for someone who runs tests like you do, that you would be running imaging software, instead of formatting.

Keizer
Kobra007
join:2004-06-15
Longwood, FL

Kobra007

Member

Ok, re-imaged is what I meant actually. =) You know what I mean.. Either way, eSCAN caused me more headaches than it was worth, so I excluded out. Keep in mind, I don't ALWAYS test this crap, this is more a on-time thing. I probably won't do it again till I get around 10k samples.

Now if we can get some backing behind that MKS-Vir 2004, the most impressive detections i've seen in a AV yet. =)
alien8
join:2004-03-03
UK

alien8 to Kobra007

Member

to Kobra007
Hi,

What options did you use on ClamWin?

If your virus samples were contained in .eml files (for example) it may be worth forcing on the --mbox option.

It might also be worth, downloading the very latest command line build of ClamAV from here:

»clamav.or.id/

Cheers,

Steve

StraitShoot
Who Loves Ya Baby? - Theo Kojak
Premium Member
join:2003-02-08
Clinton, MA

StraitShoot to Kobra007

Premium Member

to Kobra007
I trialed MKS Vir 2004... Pretty strong stuff.. How's ...
1. Tech support?
2. ICSA and other certification?
3. Nothing on Virus Bulletin
4. Not a very well AV...

FF again
join:2003-06-13
Finland

1 edit

FF again

Member

> 3. Nothing on Virus Bulletin

In my understanding after this above, Mks Vir 2004 is very SERIOUS product, no face lift efforts.

Bu seriously, look at my link.

»www.mks.com.pl/english.html

After this what happened, how is the future?

Best regards,
FF again!

John2g
Qui Tacet Consentit
Premium Member
join:2001-08-10
England

John2g to Kobra007

Premium Member

to Kobra007
said by Kobra007:
I tried eScan, and it caused me to reformat. So I tried it again, and had to reformat a second time. That product is an accident waiting to happen!
That is strange, as it comes well recommended by one of the forum's virus experts.

»Can't get rid of Backdoor.Ralpha ...pse help