How good is your antivirus?

[dreamthief]

Since most would like to argue bout what is the best antivirus. I decided to open this thread solely for testing your preferred antivirus. This is a compilation of a group of hackers.

*************WARNING*************

THIS IS NOT FOR THE SCAREDY CATS. THERE ARE ALL VALID VIRUSES. DO NOT OPEN THEM OR EXTRACT THEM TO ANY LOCATION. SAFEST METHOD TO TEST YOUR ANTIVIRUS IS TO SCAN THE COMPRESSED FILE. I WILL NOT TAKE ANY RESPONSIBILITIES FOR YOUR ACTION.

Here's a link to download an archive file containing the viruses. READ THE WARNING BELOW BEFORE CLICKING HERE

TEST THIS AT YOUR OWN RISK

If you dare to take this challenge, do post the screenshots of the antivirus in action and please do not use any Photoshoping skills to manipulate the results.

Try to post at least the following information for others to evaluate

1) Program/scan engine version (Exm NAV 2004, AVG 6 Paid Version, SAV 9.0.0.338 and etc)

2) Any settings you changed

3) Screenshots (Optional as proof)

EDIT: Contrary to the filename which tells you 455 viruses, no it is not. Actual total is 593. If your antivirus detected them all, well done.

Edited June 28, 2004 by dreamthief

[54622_1437839486]

using vet antivirus

Number of infections: 582

looks like im below standard :(

[uniacidz]

This is really a bad idea.

[Rahul]

dont do this guys, i know he said that he is not responsible, but after deleting the file , somehow the virus managed to infect mah pc & i had to do a whole reformat ( cmon who likes being infected with 588 viruses at the same time ) so i guess its best to say that we are not safe from any kinda viruses no matter how good we think we are & what we use . but please for gods sake dont do this coz i belive that there are 600 files in that zip so all of em are viruses if we detect 595 or whatever number ,it still means that we didnt find the remaining 5 or 10 or whatever number of viruses , so please dont do this ,it may well screw up your pc ( though im not blaming the original poster of those files )

[mAcOdIn Veteran]

I'm kinda curiouse about the validity of these virii as well.

I.e. are they all valid win.32. infecting viruses?

Are they all actual viruses and not just left over viral code from an actual infection?

Are they all completeviruses in the first place and not broken ones that can't infect?

Are they actual viruses and not juse certain things classified by some companies so they look better in tests?

I don't buy it at the moment and without a full list I can't find out what the files my virus scanner missed actually are. For what it's worth I use McAfee VS 8 and it only detected around 200(not going to run it again because I have to click yes/no for every file so you have to settle for that rough estimation).

If I had a full list of what McAfee missed than I could see if they're all valid but at te moment I think alot of them are failures, "hacker tools" as Kasperky calls them, or remnants.

[jimbo11883]

Here's my results.

[ramian]

@Rahul?

I don't believe that these virii can actually infect your computer by just having them on your harddisk. Then should only infect your computer if you actually run them. So, if you got infected, it's probably something else or you could have accidently opened one of the files. If you had one of the "better" AV apps installed and duly updated, even running the virus would not have gotten you infected unless you're unlucky enough to have double clicked on one of the 6 or 8 virii that most AV apps seem to miss.

@mAcOdIn

If they weren't "valid win.32. infecting viruses" AV apps in Windows won't be able to identify them. As shown by the guy who tried accessing them in Linux and didn't get infected by a single one, these virri only affect win32 systems, i.e. Windows.

I don't know much about virii, but whether or not they are actual viruses and not just left over viral code from an actual infection doesn't really bother me. As long my AV app can recognise both and can clean/delete/quarantine everything, I'm a satisfied customer. Also, if a virus is not "complete" and cannot infect a computer, is it considered a virus?

Even if you had a full list, are you going to go through every single virus which your AV app did not catch and identify it? If you did do that, I'd say I admire you for your patience.

From what other users have posted here and from personal experience, only Kaspersky has a history of false positives (despite it's very good detection rate). Moreover as the original poster mentioned, the virii are "quite "famous" used to test antivirus". If you really want to find out, search google or Viruslist.com and try to identify whatever virus you want.

Everyone should actually send the zip file to the AV companies so that they can improve their detection rate. One down side is that, this will end up being like the eicar test file (which every AV app should easily detect) which is basically pointless.

[reisio]

this test doesn't mean much

It's obvious the archive wasn't assembled by a professional, so each file might contain more than one virus or no virus at all - or non-Windows viruses. Also, without a full list of the viruses it's supposed to contain, we can't know if each AV is doing a perfect job or not, because all AV's do it differently. Just because it says it detected less than expected doesn't mean your computer is at risk - just because it detected more than expected doesn't mean your computer is safe.

Anyways, here's my screenie from my old AV.

McAfee VirusScan v4.5.1 SP1:

[.Kompressor]

Ok, this is scary. My results were not very good. Using the latest dat files with Norton AV 2004 Pro. Should I change to some other AV software?

In actuality Norton Detected 589 files.

289 of which have not been quarantined. And if you noticed when you completed the download of the file norton alerted of a load of viruses of which some were instantly Removed and others Quarantined immediately.

So i wouldn't doubt all 594 were found. It so happens that norton removed some before the file could finalize it's download and then quarantined 300...and warned of the additional 289 suspicious files.

I got the same as alert as you with 289 but then go into your Quarantine section you will see 300 more and don't forget some have now been deleted from the zip file by norton already.

[kitteny_berk]

virii - a word used by people who arn't very smart to try to sound clever.

the word you are looking for is viruses

[JustGeorge]

Got newer defs for AVG 7 Pro this morning. No change in detection.

If AV companies are removing older virus definitions to save space or for whatever reason, this is a bad idea. I'm sure these viruses are lurking somewhere on the net.

Edited June 27, 2004 by denzilla

[Biohazord]

Got newer defs for AVG 7 Pro this morning. No change in detection.

If AV companies are removing older virus definitions to save space or for whatever reason, this is a bad idea. I'm sure these viruses are lurking somewhere on the net.

Of course they are on the net were do you think we are DLing them from :rolleyes:

[JustGeorge]

I mean in places where they aren't packaged for download.

[puma1]

guys mine detected 1!!!!!!! i am using mcafee 7.1!!!!!

[JustGeorge]

guys mine detected 1!!!!!!! i am using mcafee 7.1!!!!!

HELL YEA!!!!!!!!!!!! WOOOOOOOOOOOHOOOOOOOOOOOOOOO!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! :devil:

[Kobra]

I guess I win. Mine detected 615 viruses... eXtendia AVK, using the Kaspersky AND RAV engines in duel engine double-scan mode. I noticed many were missed by Kaspersky engine, but since RAV backs it up, they picked them up.

Guess 2 in 1 is better than 1 after all. :D

Edit: Here is what i'm talking about.. AVK tells you which engine found what, if they both find the threat, then it tells you both.. In this case, Kaspersky missed several, which the RAV backup engine detected.

Edited June 27, 2004 by Kobra

[JustGeorge]

Thats an interesting AV app. Some questions though:

1. What amount of system resources does this AV place on your PC? I would think running 2 AV engines would slow the PC down a fair bit.

2. I've never heard of this AV before. How well is it supported and how ofter are the definitions updated?

[Flyte]

Using Rising AntiVirus (virus scanner bought from China):

Although you can't see it in the screenshot, Rising either cleaned or deleted all of them (so the .zip file became smaller in size in the end...).

Edited June 27, 2004 by Flyte

[John S. Veteran]

Norton Antivirus 2004 found 588 virii in 588 files and repaired 295 of them. I'm satisfied

[JustGeorge]

Here are the results from SAV Corp 8.1 fully updated. By the way, does anyone know if you can slipstream the latest updates into the disc? It is a real pain to load this on a computer at work that has a dialup connection. I immediately have 5 meg of updates waiting on me.

[PCDania]

Strange. I tested and counted the number of virus in the zip-file twice and found 597 virus in it...

Virus scanner is Panda Titanium v 2.05.05 updated 27th of June 2004.

Edit: Virus were either deleted (desinfected) or renamed.

[treidus]

Wait a minunte...

If ZSS scores better than etrust AV 7, that means the person

who did testing with EAV7 was using InoculateIT engine.

That person may wanna do it again after switching to VET engine

( same one used by ZSS).

yes, i was using inoculateIT for local scanning. VET was much better. ;)

[Kobra]

Thats an interesting AV app. Some questions though:

1. What amount of system resources does this AV place on your PC? I would think running 2 AV engines would slow the PC down a fair bit.

2. I've never heard of this AV before. How well is it supported and how ofter are the definitions updated?

Resource use with eXtendia AVK is very small its one of the smaller AV's out there. About 8,000k ram or so, this varies a tiny bit. Depending on configuration, and system, it can be fully configured to match any system. I've installed it on 500mhz machines, and 3.6ghz machines to great effect, but it took a few options tweaks on the 500mhz machine. Heres a shot of its memory usage after about 5 hours:

As for updates, they come fast and furious, usually 10-20 definition updates per 24 hour period. Lookng at my logs, i've recieved about 15 KAV updates(approx), and 1 RAV update in the last 24 hours.

Begin Internet update (virus database)

Start time: 27/06/2004 14:01

KAV-Engine: Update transferred... OK!

RAV-Engine: Update transferred... OK!

KAV-Engine: Internet update transferred successfully.

RAV-Engine: Internet update transferred successfully.

Quit: 27/06/2004 14:02

[Mike Frett]

So by all this info, would someone be kind enough to make a list saying what one is better?

[JustGeorge]

I'm starting to warm up to the AVK with Trend Micro running second. The only thing I don't like about Trend is all the other crap that comes with it. Its a security suite with firewall, spam blocking,etc. I just want the AV part.

[Xor van Dorf]

Using Kaspersky 5.0.