PCSL Total Protection Test 2009 July(Sunbelt, Tall Emu, Micro World, S Einstellungen

[pcsl]

Hello everyone, we have finished the latest PCSL Total Protection Test Report. This time, we have added four new vendors: Sunbelt, Tall Emu, Micro World, Sophos into our testing Platform.

Here is the link to download the report
2009 July Report Zip File

In the package there is engilsh report, chinese report and a pdf reader and if you have any questions on the report, I will be here to answer you the questions.

And here is the pdf report link 2009 July PDF Report

Regards
Jeffrey
__________________
Welcome to PC Security Labs http://www.pcsecuritylabs.net/

Der Beitrag wurde von pcsl bearbeitet: 08.08.2009, 07:15

[Joerg]

Danke für den Link.
Sieht so aus, als würde sich Kaspersky teilweise von signaturbasierter Erkennung verabschieden und andere Methoden zum Aufspüren von Malware verwenden (die dann aber erst während des Starts der Malware greifen). Gab ja schon einige Berichte hier im Forum, dass dem so ist.

Thanks for your link.
Seems that Kaspersky is moving away from "detection only by signatures" and is using other methods to detect malware (but these methods only work when malware is being executed).

[maxos]

Lt. dem Report:

Sunbelt nahezu auf dem Niveau von F-Secure...

A-Squared wirklich oben auf u. die Ikarus Engine hat nur einen false positive

[IBK]

hi Jeffrey! did u take maybe an AVC report as template for some sentences in your report (like at the end)? btw, will you visit Europe in the next months?

[blubber]

Hello everyone, we have finished the latest PCSL Total Protection Test Report. This time, we have added four new vendors: Sunbelt, Tall Emu, Micro World, Sophos into our testing Platform.

Thanks a lot, preciate it.

[Solution-Design]

A-Squared wirklich oben auf u. die Ikarus Engine hat nur einen false positive

Das Ergebnis kann sich wirklich sehen lassen, zumal es oft verifiziert wird. Leider sind Angaben in Prozent bei einer geringen Anzahl an Samples immer so ein Problem. Dennoch ist der Test recht sympathisch. Wo sonst findet man dynamische Tests.
Wobei ich bei dynamischen Tests den Aufwand durchaus verstehe.
Windows+Office. Das ganze online-fähig. Image erstellen. AV installieren, wieder ein Image erstellen. Prüfsummen erstellen. Malware ausführen, Prüfsummen vergleichen, Ergebnis vermitteln. Das ganze mit 30 Samples, min-Dauer 48 h ohne Schlaf
Der Test ist aber schon eine Leistung, die erst mal erbracht werden muss. Hut ab pcsl

[Julian]

Did you set Kaspersky IS to interactive mode (automatic mode disabled)? Because otherwise you can't compare it with OA++ (full HIPS enabled).

[Jav.SEC.21]

Danke für den Test, eine Verwendung aller aktuellen Versionen
zeugt von Fairness.

[pcsl]

hi Jeffrey! did u take maybe an AVC report as template for some sentences in your report (like at the end)? btw, will you visit Europe in the next months?

Hi Andreas,
I have plan to visit Europe, while still some matters like the visa, time, study, etc.

[pcsl]

Thanks a lot, preciate it.

Das Ergebnis kann sich wirklich sehen lassen, zumal es oft verifiziert wird. Leider sind Angaben in Prozent bei einer geringen Anzahl an Samples immer so ein Problem. Dennoch ist der Test recht sympathisch. Wo sonst findet man dynamische Tests.
Wobei ich bei dynamischen Tests den Aufwand durchaus verstehe.
Windows+Office. Das ganze online-fähig. Image erstellen. AV installieren, wieder ein Image erstellen. Prüfsummen erstellen. Malware ausführen, Prüfsummen vergleichen, Ergebnis vermitteln. Das ganze mit 30 Samples, min-Dauer 48 h ohne Schlaf
Der Test ist aber schon eine Leistung, die erst mal erbracht werden muss. Hut ab pcsl

Thank you that you like my reports.
For sample number, I only pick the most prevelant numbers and every months the samples will be refreshed and the old samples will not be used again.

Did you set Kaspersky IS to interactive mode (automatic mode disabled)? Because otherwise you can't compare it with OA++ (full HIPS enabled).

Auto mode as recommended, for classic hips combined into security suite, I will find a better methodology to reflect its ability in the next test.

Did you set Kaspersky IS to interactive mode (automatic mode disabled)? Because otherwise you can't compare it with OA++ (full HIPS enabled).

Yes, everytime, when av vendors release a new version, I will update ASAP.

[Solution-Design]

Thank you that you like my reports.
For sample number, I only pick the most prevelant numbers and every months the samples will be refreshed and the old samples will not be used again.

Yes, I like these Reports. Perhaps somewhat more comprehensively in reference to test methodology. But your performance, I must acknowledge this. Thank you!

[Julian]

Auto mode as recommended, for classic hips combined into security suite, I will find a better methodology to reflect its ability in the next test.

Thank you for the info. We need dynamic tests like yours which do not just reflect the static on demand scan detection

Please keep up the great work.

[pcsl]

Yes, I like these Reports. Perhaps somewhat more comprehensively in reference to test methodology. But your performance, I must acknowledge this. Thank you!

There are still some small tips that i have to fix in the new methodology, e.g. dynamic false positive test correspoding to the static false positive test.
While, I have found out the related solution

Thank you for the info. We need dynamic tests like yours which do not just reflect the static on demand scan detection

Please keep up the great work.

PCSL will always simulate the real client's computer environment and so I will continue to combine static dynamic fp test into one regular test, hope it will bring another point of view to the antivirus solutions


Thank for all of your suggestion and I will try my best to improve

[subset]

Auto mode as recommended, for classic hips combined into security suite, I will find a better methodology to reflect its ability in the next test.

Related to the dynamic detection test of Online Armor.
Did you allow the first prompt (A program wants to run) or just block the execution right away?

Cheers

[pcsl]

Related to the dynamic detection test of Online Armor.
Did you allow the first prompt (A program wants to run) or just block the execution right away?

Cheers

There are several kind of hips:
classical, semi-intelligent complete-intelligent

classical is good tool and has best security level, while it need the user's engagement to max its ability, so I choose classical hips Malware Defender to both analyse the malware's malicious behavior and also use it as a tool in test
complete intelligent is more easier to approach, it doesn't need the user to choose the selection.
semi-intelligent is between them both the security level and EOU(easy of use)

In OA test, I use the action as an ordinary user, so I will allow them to run until there is a clear signal that it is indeed a mallious behavior, and I will guard the infection status using Malware Defender's learn mode and then read MD's log to see whether there is a infection after all the steps.

Anyway, to test the security suite with a classical moudle is another challange for me and I will find a solution to balance that problem in the next test.

Thank you for your suggestion, cheer