hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
Full Version: Av Reviews -
GovernmentSecurity.org > System Security > Trojan & Virus Errata
Spookie
Aug 27 2004, 02:48 PM
Different AV vendors will always maintain their own followings. Some will whole heartedly stand by what works best for them, while others will base their judgement on what others say, just to go with the flow.

Granted no AV is perfect, some have an better interface then others, some clean better then others, while some will hog your box to a point where your lucky if you can bring up the task manager.

Either way Virus Bulletin seems to be the one all the AV Vendors want to get a great score from, as they are quick to make note to potential buyers of their VB100% award. Just what exactly is the VB 100 award?
QUOTE
      The VB 100% logo is awarded to anti-virus products that:

          o Detect all In the Wild viruses during both on-demand and on-access scanning in Virus Bulletin's comparative tests.
          o Generate no false positives when scanning a set of clean files.

      Virus Bulletin's aim is to offer subscribers the best impartial advice about anti-virus security and the products on offer. The VB website lists the outcome of comparative tests as follows

          o by vendor
          o by platform
          o a summary of the most recent comparative test


With that in mind one should also keep in mind
QUOTE
A VB 100% award means that a product has passed our tests, no more and no less. The failure to attain a VB 100% award is not a declaration that a product cannot provide adequate protection in the real world if administered by a professional. We would urge any potential customer, when looking at the VB 100% record of any software, not simply to consider passes and fails, but to read the small print in the reviews.


So just how well did your ? AV Score blink.gif

andydis
Aug 27 2004, 03:00 PM
yea i like that site,
good independant AV analysts,
andywhere heres me



Result summary: 24 passes / 11 fails
- Success / Failure / No Entry
Vendor website: http://www.norman.com/
nuorder
Aug 27 2004, 03:05 PM
nice site but i guess a good quality to look for in an AV is how many lesser know virus/trojans/malware it detects
aapje
Aug 27 2004, 03:11 PM
Result summary: 23 passes / 13 fails
Performance graph: - Success / Failure / No Entry
Vendor website: http://www.kaspersky.com/

I used to use trend micro, it looks good in the tests too. Its small and easy
buzzons
Aug 27 2004, 03:28 PM
Result summary: 25 passes / 6 fails
Performance graph: - Success / Failure / No Entry
Vendor website: http://www.symantec.com/
Terminal
Aug 27 2004, 06:12 PM
Result summary: 28 passes / 3 fails
Performance graph: - Success / Failure / No Entry
Vendor website: http://www.nod32.com/


Hmm nod ratings are very good . It seems to be the fastest antivirus (yup very fast scanning) available .
WOrth a try biggrin.gif:D:D
Spookie
Aug 27 2004, 06:29 PM
QUOTE
i guess a good quality to look for in an AV is how many lesser know virus/trojans/malware it detects


Good point nuorder - I would say the best function of any AV would be it's ability to maintain an effective integrity check of the system.

Though if I'm not mistaken Heuristics also plays a function in being able to determine undocumented malware.

With elements such as the "sandbox" in use by an AV as well, there is some sense of safety. But then again sometimes which seems to occur more often then not, the Sandbox concept doesn't work as effectively as one would like. If the concept was extremely effective Bagel/MyDoom/Nimda all would have been controlled instead of making its worldwide debut.

So just what exactly is needed to make an AV effective? Depends on who you ask and if their willing to give you a straight answer or one that would prevent them from having a resume generating moment.

InfoSec mag had a pretty decent article back in
May 2002 regrading some of the myths of AV. The CISO Strategies article The Great AV Myth from InfoSec mag also had some interesting points.

Regarding Integrity Checkers Dmitry Mostovoy wrote an interesting peice as well.

With all the malware being created can one element stay on top? My opinion is no. If there was one AV that did the ultimate job in identifying, removing, cleaning, renaming, or isolating malware there would not be AV Vendors- Trojan Scanners- or Hardware to ride within an enterprise to detect worm anonmolies.

All we can do is the best with what we have before us. Me I use Nod32 and have had pretty good luck with it. Not saying I think it's the best but just haven't had any major issues with it. With the DMON being added to Nod32, I think it packs a good punch.

Result summary: 28 passes / 3 fails
Performance graph: - Success / Failure / No Entry
Vendor website: http://www.nod32.com/
u533m3n0t
Aug 27 2004, 07:07 PM
[QUOTE]From Nuorder:nice site but i guess a good quality to look for in an AV is how many lesser know virus/trojans/malware it detects

Try these to satisfy that urge..Still haven't gotten the balls to buy them yet, but tried them out. Pretty cool and aimed at the new virii, and polymorphic ones..

SurfinGuard from Finjan

Uses a "sandbox" to test apps...

InVircible Software

Doesn't rely on definition updates

Try'em out. cool.gif

Best Regards,
U533m3n0t
andydis
Aug 28 2004, 02:28 AM
Norman uses "sandbox" technology :-)
nuorder
Aug 28 2004, 03:05 AM
pretty good tools U533m3n0t ill try em out
a virtual machine always comes in handy too - just to watch it die hahah
sk3tch
Dec 4 2004, 11:50 PM
QUOTE(andydis @ Aug 28 2004, 02:28 AM)
Norman uses "sandbox" technology :-)
*



To resurrect a dead thread here (but this is a good thread, one I have come back to a few times!) -

Norman does indeed use "sandbox" technology - however, not with realtime scanning. A huge disadvantage.

I've only had their latest product in my honeypot for a couple of nights, but so far their definitions are seriously lacking and there is a lot of stuff getting in.

aelphaeis_mangarae
Dec 5 2004, 12:58 PM
If you ask me i think there website is a load of shit.

They basically making out Kaspersky to be bad, and they rated Norton good.
u533m3n0t
Dec 7 2004, 09:27 PM
I don't think you should trash the site bro. It's "a" source, and pretty good as well. They base it on a series of tests they run to adhere to a "standard". So friend, use it as a benchmark tool. Not as the final word. Best way to come up with what's best for you is to download a demo <which all the good AV's offer>, and do your own testing. Then you decide when to commit the $$. cool.gif
relax
Dec 8 2004, 02:52 PM
Result summary: 26 passes / 11 fails
Performance graph: - Success / Failure / No Entry
Vendor website: http://www.sophos.com/


Really dont care how many tests it works. its simply the best i have ever used. which have included the norton things kav etc.
JaG
Dec 14 2004, 01:35 AM
QUOTE
Result summary: 28 passes / 3 fails
Performance graph: - Success / Failure / No Entry
Vendor website: http://www.nod32.com/


2nd that nod32 rules only 7mb smile.gif
archphase
Dec 17 2004, 12:33 AM
this report is biased, it purposely boasts Symantec products because most people who run Virus Bulletin are either funded directly or indirectly from Symantec, for instance Peter Szor which gives the magazine it's "reputation".
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.