Druckversion des Themas

Geschrieben von: pcsl 08.08.2009, 07:14

Hello everyone, we have finished the latest PCSL Total Protection Test Report. This time, we have added four new vendors: Sunbelt, Tall Emu, Micro World, Sophos into our testing Platform.

Here is the link to download the report
http://www.pcsecuritylabs.net/document/PCSL%20Total%20Protection%20Test%202009%20July.zip

In the package there is engilsh report, chinese report and a pdf reader and if you have any questions on the report, I will be here to answer you the questions.

And here is the pdf report link http://www.pcsecuritylabs.net/document/PCSL%20Total%20Protection%20Test%202009%20July.pdf

Regards
Jeffrey
__________________
Welcome to PC Security Labs http://www.pcsecuritylabs.net/

Geschrieben von: Joerg 08.08.2009, 08:20

Danke für den Link.
Sieht so aus, als würde sich Kaspersky teilweise von signaturbasierter Erkennung verabschieden und andere Methoden zum Aufspüren von Malware verwenden (die dann aber erst während des Starts der Malware greifen). Gab ja schon einige Berichte hier im Forum, dass dem so ist.

Thanks for your link.
Seems that Kaspersky is moving away from "detection only by signatures" and is using other methods to detect malware (but these methods only work when malware is being executed).

Geschrieben von: maxos 08.08.2009, 08:25

Lt. dem Report:

Sunbelt nahezu auf dem Niveau von F-Secure...

A-Squared wirklich oben auf u. die Ikarus Engine hat nur einen false positive

Geschrieben von: IBK 08.08.2009, 11:00

hi Jeffrey! did u take maybe an AVC report as template for some sentences in your report (like at the end)? btw, will you visit Europe in the next months?

Geschrieben von: blubber 08.08.2009, 13:16

Thanks a lot, preciate it.

Geschrieben von: Solution-Design 08.08.2009, 14:23

Das Ergebnis kann sich wirklich sehen lassen, zumal es oft verifiziert wird. Leider sind Angaben in Prozent bei einer geringen Anzahl an Samples immer so ein Problem. Dennoch ist der Test recht sympathisch. Wo sonst findet man dynamische Tests.
Wobei ich bei dynamischen Tests den Aufwand durchaus verstehe.
Windows+Office. Das ganze online-fähig. Image erstellen. AV installieren, wieder ein Image erstellen. Prüfsummen erstellen. Malware ausführen, Prüfsummen vergleichen, Ergebnis vermitteln. Das ganze mit 30 Samples, min-Dauer 48 h ohne Schlaf
Der Test ist aber schon eine Leistung, die erst mal erbracht werden muss. Hut ab pcsl

Geschrieben von: Julian 08.08.2009, 17:55

Did you set Kaspersky IS to interactive mode (automatic mode disabled)? Because otherwise you can't compare it with OA++ (full HIPS enabled).

Geschrieben von: Jav.SEC.21 08.08.2009, 18:42

Danke für den Test, eine Verwendung aller aktuellen Versionen
zeugt von Fairness.

Geschrieben von: pcsl 09.08.2009, 13:26

Hi Andreas,
I have plan to visit Europe, while still some matters like the visa, time, study, etc.

Geschrieben von: pcsl 09.08.2009, 17:49

Thank you that you like my reports.
For sample number, I only pick the most prevelant numbers and every months the samples will be refreshed and the old samples will not be used again.



Auto mode as recommended, for classic hips combined into security suite, I will find a better methodology to reflect its ability in the next test.



Yes, everytime, when av vendors release a new version, I will update ASAP.

Geschrieben von: Solution-Design 09.08.2009, 17:59

Yes, I like these Reports. Perhaps somewhat more comprehensively in reference to test methodology. But your performance, I must acknowledge this. Thank you!

Geschrieben von: Julian 09.08.2009, 18:13

Thank you for the info. We need dynamic tests like yours which do not just reflect the static on demand scan detection

Please keep up the great work.

Geschrieben von: pcsl 09.08.2009, 18:59

There are still some small tips that i have to fix in the new methodology, e.g. dynamic false positive test correspoding to the static false positive test.
While, I have found out the related solution


PCSL will always simulate the real client's computer environment and so I will continue to combine static dynamic fp test into one regular test, hope it will bring another point of view to the antivirus solutions


Thank for all of your suggestion and I will try my best to improve

Geschrieben von: subset 09.08.2009, 19:01

Related to the dynamic detection test of Online Armor.
Did you allow the first prompt (A program wants to run) or just block the execution right away?

Cheers

Geschrieben von: pcsl 09.08.2009, 19:17

There are several kind of hips:
classical, semi-intelligent complete-intelligent

classical is good tool and has best security level, while it need the user's engagement to max its ability, so I choose classical hips Malware Defender to both analyse the malware's malicious behavior and also use it as a tool in test
complete intelligent is more easier to approach, it doesn't need the user to choose the selection.
semi-intelligent is between them both the security level and EOU(easy of use)

In OA test, I use the action as an ordinary user, so I will allow them to run until there is a clear signal that it is indeed a mallious behavior, and I will guard the infection status using Malware Defender's learn mode and then read MD's log to see whether there is a infection after all the steps.

Anyway, to test the security suite with a classical moudle is another challange for me and I will find a solution to balance that problem in the next test.

Thank you for your suggestion, cheer