Anti-Malware Test by SSUpdater.com

[Zeus_Hunt]

This is the first Anti-Malware test performed by SSUpdter.com in 2009.

In this test they used a total of 754.650 malware samples, and they concentrated only on the samples from the past 16 months.

In this test they wanted to use as many known variants of all the famous names in the world of malware as possible, to name a few: Zlob, Monder, Conficker, Virtumonde, FraudPack, Renos, TDSS, AutoRun, Virut, Delf, FraudLoad, AutoIt, Inject, Kolab, Kolabc, Buzus, Poison, Bifrose, Palevo, Obfuscated, Adload, Zbot, Rbot, IFrame, Small, FakeAV, KillAV, Hupigon, Rukap, MyDNS, DNSChanger, Sinowal, Banker, Monderb, Sality, Midgare, Cinmus, Vanti, Stuh, Iksmas, Iroffer, OneStep, BlackHole, Magania, OnLineGames, Swizzor, Singu, Mudrop, Ciadoor, Qhost ........................

The malware categories used in this test: Windows Viruses, Trojans, Backdoors, Worms, Spyware, Adware, Rootkits, Exploits, Keyloggers, Hacking Tools, Malicious Scripts and other malware

No unknown malware samples were used in this test.

The test was conducted in virtual environment using Microsoft's Windows XP SP3 with all the latest updates. We used a total of 25 programs.

All the programs used in this test were set to their maximum detection capabilities which include heuristic detection of unknown variants.

The Results:

(Program name, Detection Rate)

1. Avira AntiVir Personal Edition Premium – 99.43%

2. a-squared Anti-Malware – 99.37%

3. G DATA Antivirus – 99.18%

4. avast! Professional Edition – 98.95%

5. Kaspersky Antivirus – 98.64%

6. Norton Antivirus – 98.58%

7. BitDefender Antivirus – 98.49%

8. ZoneAlarm Security Suite – 98.36%

9. F-Secure Antivirus – 98.16%

10. Nod32 Antivirus – 97.83%

11. McAfee Antivirus Plus – 97.51%

12. Comodo Internet Security – 96.93%

13. AVG Antivirus – 96.65%

14. Panda Antivirus – 96.22%

15. Rising Antivirus – 95.78%

16. Sophos Antivirus – 94.86%

17. F-Prot Antivirus – 93.47%

18. Outpost Security Suite – 92.58%

19. VIPRE Antivirus + Antispyware – 92.49%

20. VirusKeeper – 91.31%

21. Spy Emergency – 73.62%

22. Dr.Web – 71.05%

23. CA Antivirus – 68.84%

24. BullGuard Internet Security - DNF

25. Malwarebytes Anti-Malware – DNF

*Note: Both BullGuard and Malwarebytes were unable to complete the scan therefore they classified as Did Not Finish.

Top rated programs:

(This is their opinion based on the performance and detection ratios as well as programs behavior during the testing)

1. AntiVir

2. a-squared

3. Avast

4. G DATA

5. Kaspersky

*Note: All of these programs are known to produce False Positives.

Most improved program:

(Based on the improvement in the past few months on both detection rates and overall program improvement)

Comodo Internet Security

*Note: They only evaluated the Antivirus part of Comodo Internet Security and not all of its components.

Programs that disappointed the most:

(The programs that showed no improvements since the last test)

1. Sophos Antivirus

2. Spy Emergency

3. Dr.Web

4. CA Antivirus

*Note: BullGuard and Malwarebytes are not on this list as they didn’t finish the test, therefore talking about any improvements is pointless.

Program versions/builds

Avira AntiVir Premium 9.0.0.420

a-squared Anti-Malware 4.0.0.79

avast! Professional Edition 4.8.1335

AVG Anti-Virus 8.5.287 Build 1483

COMODO Internet Security 3.8.65951.477

BitDefender AntiVirus 2009 Build 12.0.12.0

Dr.Web 5.00.1.04130 for Windows

Norton AntiVirus 2009 16.5.0.134

Malwarebytes Anti-Malware 1.36

Sophos Anti-Virus 7.6.0

McAfee VirusScan Plus 2009

Nod32 Antivirus 4.0.417

F-Secure Antivirus 2009 9.00.149

G GATA Antivirus 2010 20.0.1.1

Kaspersky Antivirus 2009 8.0.0.506

VIPRE Antivirus + Antispyware 3.1.2710

Agnitum Outpost Security Suite Pro 2009 6.5 (2525.381.687.328)

ZoneAlarm Internet Security Suite 8.0.298.035

VirusKeeper 2009 Professional 9.0.17

F-Prot Antivirus for Windows 6.0.9.1

Spy Emergency 2009 6.0.305

Rising Antivirus 2009 21.22.30

Panda Antivirus Pro 2009 8.0

BullGuard Internet Security 8.5.0.17

CA Antivirus 2009 10.0.0.177

*Note: The program versions presented were the latest builds and versions when the preparations for this test took place.

Additional information:

Detection ratios were determined by counting the undeleted files as all the programs were set to delete all detected files.

All the programs were updated on the same day within the 3 hour time span.

For all the programs separate image was created containing the same malware package, OS....

One can find the Test details at SSUpdater.com

[LoKz]

wOw... thanks for the info :)

[SacredCultivator]

Yeah that's wher ei check some times for testing purposes, and using the Number 1 ranker, Avira, pretty good program ^^

[wakker]

The best independent Anti Malware test on the web :smartass:

[PsychoticxBloodxLust]

i love yet hate avira i hate becaus it bitch about all my keygens and patches, kaspersky has downfall with doing that as, eset nod32 has only complain of one so far which got a 25 out 40 at virustotal.com which was a patch for a certain emulation program which i won't mention. besides windows defender does a smart scan everyday at 5PM wella ctaully my whole system runs everything at 5pm quick scans, defrag, updates. lol 6 computers doing that network tends to go to shit for about 15 mins

[Rock Lee]

Thanks for the info. I see I'll have to update FKv3 because of these. Never tried Avira but it looks enticing...

[Infinite_Vision]

I think the test is pretty good and it matches other tests done by other sites. This test (assuming) is conducted on the assumption of detection rate. What I would like to know or would like them go in-depth is their testing methodology. Furthermore, I would like them to post about the false positives on these 25 programs that were used.

Overall, this test is very consistent with other tests on other sites in achieving the same result in terms of detection rate. I look forward in reading more about their tests in the future.

[harpua]

Very sorry to see Eset doing so relatively poorly. Maybe I should switch to Avira?

[Zeus_Hunt]

Very sorry to see Eset doing so relatively poorly. Maybe I should switch to Avira?

I believe ESET was at its best with NOD32 v2.7 at that time.

All that changed after v3 ... just like WinAmp's v3

[irefay]

Very sorry to see Eset doing so relatively poorly. Maybe I should switch to Avira?

I believe ESET was at its best with NOD32 v2.7 at that time.

All that changed after v3 ... just like WinAmp's v3

Oddly enough... a GREAT comparison. I am still looking for a winamp replacement.

[LeetPirate]

Very sorry to see Eset doing so relatively poorly. Maybe I should switch to Avira?

I believe ESET was at its best with NOD32 v2.7 at that time.

All that changed after v3 ... just like WinAmp's v3

Oddly enough... a GREAT comparison. I am still looking for a winamp replacement.

Wow me too. LOL thread jacking now but I really detest all the stupid adware and bloatware that comes with Winamp, even the Lite version is crap loaded.

Back to topic now, I used to use NOD32 2.7 up till I upgraded to new PC with 4GB RAM and noticed that nod 2.7 only said I had 2048MB RAM in the information page. I have no confirmation but I did not want to take the chance if NOD 2.7 could not address more than 2GB of RAM that would be bad for protection. NOD32 v3 was an EPIC FAILURE and NOD32 v4 is only slightly improved, the protection monitor still does not show what the document scanner module is scanning, and the entire retarded thing still scans useless files like .TXT even though I specified which extensions to scan. This sort of makes the entire feature moot. That in addition to the fact that when I was beta testing v4 I urged eset to start using whitelisting to compete with NAV2009 but those arrogant bastards refused and now NOD v4 is using a glorious 50MB of RAM which is almost double from v2.7. I wonder at what point they will conclude that NOD32 needs whitelisting to keep the mem usage down. Personally I don't care about my desktop because 4GB of RAM does not get filled easily but for slower computers and netbooks this is a concern.

[harpua]

I'm not sure what you mean by whitelisting but perhaps you could use exclusions as a form of "whitelisting." But I'm probably not correctly understanding what whitelisting is.

[LeetPirate]

I'm not sure what you mean by whitelisting but perhaps you could use exclusions as a form of "whitelisting." But I'm probably not correctly understanding what whitelisting is.

Ok I will try to explain it as best I know how. Whitelisting is basically the opposite of blacklisting which is what AV software has been doing for the past eternity. They read certain characteristic about a virus code and flag it as bad. However norton 2009 has introduced whitelisting where it marks known good files as clean and has them on a whitelist to exclude it from being scanned. I don't know the exact algorithm that allows it to be an optimised feature but NAV2009 hit the spot with the technology. It means you could basically not have to scan known windows files like notepad.exe and explorer.exe each time they are executed which results in less cpu cycles wasting scanning over and over the same clean file. All I know for sure is that NAV2009 does not just whitelist files just like that, it checks them against an online database probably by calculation of some hash values to ensure that they are clean. Similar to what threatfire and Norton Antibot do.

My initial thinking was that a white list and a black list (virus defs) would take up more space because it has to load 2 definition lists but after testing NAV2009 I realised I was wrong in that thinking and since I have no data on the actual internal workings used by Norton for this I can only comment that it seems to be working. I was really hoping ESET would incorporate it as well because I didn't want my favourite AV to get beaten up by NAV but they didn't listen so now they will pay the price as I am sure they are losing market share to NAV2009 based products as we speak. You really can't win a customer by having 50MB ram usage when the competition uses 5MB and has similar performance speed. :welcome:

[harpua]

Just add the paths to any files you don't want ESET to scan to the "exclusions" panel and ESET will no longer scan them, either in realtime or with an on demand scan. Isn't that what you are talking about?

[LeetPirate]

Just add the paths to any files you don't want ESET to scan to the "exclusions" panel and ESET will no longer scan them, either in realtime or with an on demand scan. Isn't that what you are talking about?

No this is something different, exclusion will never flag the file if it becomes infected in future. Like I said I don't know the exact algorithm NAV uses for their whitelisting technology but you could Google around for more details.

[ESET Freak]

Yay, Norton beat ESET! You all should try it guys, the 2009 version is very fast and lite, and I think it has smaller footprint than ESET, doesn't lags my 512MB RAM PC at all. On the hand, I use Kaspersky on my notebook, good protection but I don't like it. Why? Lags even I got 2GB RAM and dual core, can't multitask at all during full scan, my notebook just freezes. I used Avira before, dun like it because TOO MANY false positives.

[LeetPirate]

Yay, Norton beat ESET! You all should try it guys, the 2009 version is very fast and lite, and I think it has smaller footprint than ESET, doesn't lags my 512MB RAM PC at all. On the hand, I use Kaspersky on my notebook, good protection but I don't like it. Why? Lags even I got 2GB RAM and dual core, can't multitask at all during full scan, my notebook just freezes. I used Avira before, dun like it because TOO MANY false positives.

I like your screen name btw. ;) At the moment kotaxor has me considering whether I should replace EAV with Symantec Endpoint across my LAN. Usually I stick with NOD32 for this because I can easily import the settings I want via an XML file which avoids having to configure it on each machine, however endpoint looks like it could do some good things to make the job easier. I haven't had the time to mess around with endpoint as yet to see what it can do but I expect good results. Also I have to agree with you on the Kaspersky thing, it seems like it wants to take complete control over your pc, like what quicktime and real player, and the kingpin adobe try to do, LOL. I still don't know why NAV2009 flags WinRAR Pro setup file as a virus, NOD32 and MBAM say it's clean and of course I know it's clean. Hopefully I will get some time to try out endpoint soon.

[ESET Freak]

Yay, Norton beat ESET! You all should try it guys, the 2009 version is very fast and lite, and I think it has smaller footprint than ESET, doesn't lags my 512MB RAM PC at all. On the hand, I use Kaspersky on my notebook, good protection but I don't like it. Why? Lags even I got 2GB RAM and dual core, can't multitask at all during full scan, my notebook just freezes. I used Avira before, dun like it because TOO MANY false positives.

I like your screen name btw. :lol: At the moment kotaxor has me considering whether I should replace EAV with Symantec Endpoint across my LAN. Usually I stick with NOD32 for this because I can easily import the settings I want via an XML file which avoids having to configure it on each machine, however endpoint looks like it could do some good things to make the job easier. I haven't had the time to mess around with endpoint as yet to see what it can do but I expect good results. Also I have to agree with you on the Kaspersky thing, it seems like it wants to take complete control over your pc, like what quicktime and real player, and the kingpin adobe try to do, LOL. I still don't know why NAV2009 flags WinRAR Pro setup file as a virus, NOD32 and MBAM say it's clean and of course I know it's clean. Hopefully I will get some time to try out endpoint soon.

Haha... I know my name is funny lol, that's because I USED to like ESET due to its small footprint, but not anymore, ever since I used NIS2009 (don't think I can change my display name in this forum). But I still use KIS8.0 on my notebook because I dun wanna waste the 54 days of subscription left. About Quicktime and Adobe (Reader I presume), you can use Quicktime Alternative and Reader SpeedUp, I used them and I'm very satisfied, fast and lite. And about Norton flagging WinRAR setup as a virus, I nvr had that problem.

[Zeus_Hunt]

All that changed after v3 ... just like WinAmp's v3

Oddly enough... a GREAT comparison. I am still looking for a winamp replacement.

I use AIMP v2.60 Public Beta 1, Build 472

I'm not sure what you mean by whitelisting but perhaps you could use exclusions as a form of "whitelisting." But I'm probably not correctly understanding what whitelisting is.

Here is a detailed explanation of Norton Insight

I believe this is what makes NIS 2009 work so fast :lol:

[harpua]

I see now. Thanks.

[LeetPirate]

Haha... I know my name is funny lol, that's because I USED to like ESET due to its small footprint, but not anymore, ever since I used NIS2009 (don't think I can change my display name in this forum). But I still use KIS8.0 on my notebook because I dun wanna waste the 54 days of subscription left. About Quicktime and Adobe (Reader I presume), you can use Quicktime Alternative and Reader SpeedUp, I used them and I'm very satisfied, fast and lite. And about Norton flagging WinRAR setup as a virus, I nvr had that problem.

Yea I can relate a little to how you feel :rolleyes:. Don't worry about the quicktime stuff etc, I have been using K-Lite Mega and QT Lite for the longest while, and I completely got rid of Adobe reader, I use Foxit for reading pdf and Nitro for editing. Foxit loads as fast as notepad would, so it is very good for reading pdf. About the WinRAR thing, it's not the regular winrar setup file but the pro version. The pro version does not need any cracks or serial, it comes pre-registered. I think it could just be the type of packer or script used by the Winrar pro setup that flags it. I could send you a copy if you want to check it out.

All that changed after v3 ... just like WinAmp's v3

Oddly enough... a GREAT comparison. I am still looking for a winamp replacement.

I use AIMP v2.60 Public Beta 1, Build 472

Thanks, downloading it as we speak.