From recent test done by Gizmo. See full report at http://www.techsupportalert.com/security_scanners.htmhttp
The categories in order L -> R are:
Detect Process injection = detect malware hiding inside legitimate programs on your PC
Detect malware at startup= detect an unknown program starting automatically with Windows
Protect from drive-by downloads at three hostile sites
Detect both Hacker Defender and FuTo rootkits
Ad-Aware Pro V1.6 Fail Fail Fail Fail
Avast! Home V4.7 Fail Fail OK Fail
AVG Anti-Virus Free V7.1 Fail Fail OK Fail
BitDefender Pro V9.095 Fail Fail Fail Fail
CounterSpy V1.5 Fail Fail Fail Fail
CounterSpy V2.0.122 beta Fail Fail Fail Fail
Ewido v3.5 Failt Fail Fail Fail
Ewido V4 beta Fail Fail Fail Fail
Kaspersky AV V6.0.0 Fail Fail OK Fail
NOD32 V2.51 Fail Fail OK Fail
Norton Antivirus 2006 Fail Fail OK Fail
SpyBot S&D V1.4 Fail Fail Fail Fail
Spyware Doctor V3.6 Fail Fail Fail OK
Trojan Hunter V4.5 Fail Fail Fail Fail
WebRoot SpySweeper V4.5 Fail Fail OK OK
Windows Defender V1.1.1051Fail Fail Fail Fail
Bad news.
Comments?
Rob
Your link leads to page can't be found.
md usa spybot fan
2006-09-09, 05:39
I think this might be it:
16 Security Scanners Unplugged
http://www.techsupportalert.com/security_scanners.htm
md usa spybot fan got it right. The correct link is: http://www.techsupportalert.com/security_scanners.htm
Sorry.
But check it out. The author sounds knowledgeable, impartial and competent. It looks to me like the tests were well controlled and thorough. The documentation is cleaner than almost anything I've seen since grad school. The results have not been manipulated. I like the structure and tone of how the information is presented.
And the bottom line is not good news. But, interestingly, the author offers a relatively positive conclusion. Fair I think. Made me scratch my head a few times.
Rob
If you're looking for comments relating to the validity of the tests, the results acquired were totally in line with the situation and limitations defined in the testing methodology.
By disabling active protection during the installation of Rootkits, you remove their primary reason for existance and leave nothing but signature detection, the realm of antivirus as a possible defense. Thus most antispyware will fail.
By not installing current Windows Updates, you create an odd situation where someone has ignored the most obvious protection required leaving gaping holes in the OS itself, while still assuming the same individual would maintain their antimalware updates. The result of this will again favor signature based protection since drive-by infections are (indirectly) requested by the browser.
Performing scans of archives or compressed executables is inherently a file scanning function, which as stated can be optionally done by some antispyware when enabled. So the only useful comparison is between those applications which are designed to do this in the first place.
As for termination of the product's processes, since he doesn't state what exactly was 'terminated' I have to assume he meant the GUI portion of the application itself, rather than the real-time portion such as Spybot's 'Teatimer'. This is a completely useless test, since the Spybot GUI has nothing to do with active protection and as an executable would easily be terminated, while Teatimer, though terminated, would automatically restart itself. And Windows Defender has several modules including a service for real-time protection, which also restarts itself if terminated and continues to run even when the user 'turns off' defender.
So though the tests were fairly well described and documented, their criteria and design only lend themselves to describing what antivirus and antispyware do, and don't do respectively. They also prove that things are much more difficult to remove once they've become installed than while attempting to infect, which is a well known fact.
In short, they prove little that isn't either obvious or a well known fact, except possibly for comparison of some minimal number of detections by file scanning applications. This may have some value in helping those who don't understand these basic differences, but I actually think it clearly points up why protection suites have become popular, since most don't understand or don't care and just want complete protection.
Bitman