PCSL Total Protection Test 2009 July(Sunbelt, Tall Emu, Micro World, S Einstellungen

[pcsl]

Hello everyone, we have finished the latest PCSL Total Protection Test Report. This time, we have added four new vendors: Sunbelt, Tall Emu, Micro World, Sophos into our testing Platform.

Here is the link to download the report
2009 July Report Zip File

In the package there is engilsh report, chinese report and a pdf reader and if you have any questions on the report, I will be here to answer you the questions.

And here is the pdf report link 2009 July PDF Report

Regards
Jeffrey
__________________
Welcome to PC Security Labs http://www.pcsecuritylabs.net/

Der Beitrag wurde von pcsl bearbeitet: 08.08.2009, 07:15

[blubber]

Hello everyone, we have finished the latest PCSL Total Protection Test Report. This time, we have added four new vendors: Sunbelt, Tall Emu, Micro World, Sophos into our testing Platform.

Thanks a lot, preciate it.

[pcsl]

Thanks a lot, preciate it.

Das Ergebnis kann sich wirklich sehen lassen, zumal es oft verifiziert wird. Leider sind Angaben in Prozent bei einer geringen Anzahl an Samples immer so ein Problem. Dennoch ist der Test recht sympathisch. Wo sonst findet man dynamische Tests.
Wobei ich bei dynamischen Tests den Aufwand durchaus verstehe.
Windows+Office. Das ganze online-fähig. Image erstellen. AV installieren, wieder ein Image erstellen. Prüfsummen erstellen. Malware ausführen, Prüfsummen vergleichen, Ergebnis vermitteln. Das ganze mit 30 Samples, min-Dauer 48 h ohne Schlaf
Der Test ist aber schon eine Leistung, die erst mal erbracht werden muss. Hut ab pcsl

Thank you that you like my reports.
For sample number, I only pick the most prevelant numbers and every months the samples will be refreshed and the old samples will not be used again.

Did you set Kaspersky IS to interactive mode (automatic mode disabled)? Because otherwise you can't compare it with OA++ (full HIPS enabled).

Auto mode as recommended, for classic hips combined into security suite, I will find a better methodology to reflect its ability in the next test.

Did you set Kaspersky IS to interactive mode (automatic mode disabled)? Because otherwise you can't compare it with OA++ (full HIPS enabled).

Yes, everytime, when av vendors release a new version, I will update ASAP.

[subset]

Auto mode as recommended, for classic hips combined into security suite, I will find a better methodology to reflect its ability in the next test.

Related to the dynamic detection test of Online Armor.
Did you allow the first prompt (A program wants to run) or just block the execution right away?

Cheers

[pcsl]

Related to the dynamic detection test of Online Armor.
Did you allow the first prompt (A program wants to run) or just block the execution right away?

Cheers

There are several kind of hips:
classical, semi-intelligent complete-intelligent

classical is good tool and has best security level, while it need the user's engagement to max its ability, so I choose classical hips Malware Defender to both analyse the malware's malicious behavior and also use it as a tool in test
complete intelligent is more easier to approach, it doesn't need the user to choose the selection.
semi-intelligent is between them both the security level and EOU(easy of use)

In OA test, I use the action as an ordinary user, so I will allow them to run until there is a clear signal that it is indeed a mallious behavior, and I will guard the infection status using Malware Defender's learn mode and then read MD's log to see whether there is a infection after all the steps.

Anyway, to test the security suite with a classical moudle is another challange for me and I will find a solution to balance that problem in the next test.

Thank you for your suggestion, cheer