How good is your antivirus?

[dreamthief]

Since most would like to argue bout what is the best antivirus. I decided to open this thread solely for testing your preferred antivirus. This is a compilation of a group of hackers.

*************WARNING*************

THIS IS NOT FOR THE SCAREDY CATS. THERE ARE ALL VALID VIRUSES. DO NOT OPEN THEM OR EXTRACT THEM TO ANY LOCATION. SAFEST METHOD TO TEST YOUR ANTIVIRUS IS TO SCAN THE COMPRESSED FILE. I WILL NOT TAKE ANY RESPONSIBILITIES FOR YOUR ACTION.

Here's a link to download an archive file containing the viruses. READ THE WARNING BELOW BEFORE CLICKING HERE

TEST THIS AT YOUR OWN RISK

If you dare to take this challenge, do post the screenshots of the antivirus in action and please do not use any Photoshoping skills to manipulate the results.

Try to post at least the following information for others to evaluate

1) Program/scan engine version (Exm NAV 2004, AVG 6 Paid Version, SAV 9.0.0.338 and etc)

2) Any settings you changed

3) Screenshots (Optional as proof)

EDIT: Contrary to the filename which tells you 455 viruses, no it is not. Actual total is 593. If your antivirus detected them all, well done.

Edited June 28, 2004 by dreamthief

[panicswitched]

missed a few but this is with the default definitions that came with the cd so not tooo shabby

and it couldnt delete the files since i just did a scan of the archive instead of extracting them

[ozz109]

eXtendia Antivirus AVK Pro found 587 viruses after extracting the files. It however did not not prevent the download of the file.

http://img28.photobucket.com/albums/v85/ramian/avk.png

AVK managed to clean 518 of the viruses, quarantine 70 and delete the rest.

Did another test with McAfee 7. It detected 588 viruses without extracting the files. It cleaned 393 viruses and deleted 194 after extraction.

Don't know why the original poster said AVK found all 593.

Did you have both the Engines running when you did the scan?

[OptiPlex]

http://www.symantec.com/techsupp/enterpris..._9.0/files.html

Ben

LOL, 1300 to 338? rofl

[ECEGatorTuro]

Norton 2k4 Professional with latest sigs...

[McoreD]

Damn, this is very bad. :(

I thought NOD32 was the best but:

-- it failed to scan the ZIP file

-- it failed to detect 11 files from the total of 593 viruses.

Tried the eTrust Armor which is bundled with Microsoft Security Update 2004 Februaru CD

-- it failed to detect 157 files from teh toal of 593 viruses.

Edited July 4, 2004 by ~*McoreD*~

[xta]

KAPERSKY AVP 3.5 up to date

[ramian]

Did you have both the Engines running when you did the scan?

yes... both engines running having all options ticked. Also with the latest definitions. Or is it because it's only the trial version??

[JJMustang]

Cool. I guess no AV is perfect...

TrendMicro (http://housecall.antivirus.com)

AVG (http://www.grisoft.com)

Norton AV 2004

Panda scan on the web

[Patrick_]

My dad's updated AVG found 1114... lol.

[Kobra]

MKS_Vir 2004, a uber Polish Antivirus, launching in the US this week found 580... Impressive.

[LOC Veteran]

Damn, this is very bad. :(

I thought NOD32 was the best but:

-- it failed to scan the ZIP file

-- it failed to detect 11 files from the total of 593 viruses.

Tried the eTrust Armor which is bundled with Microsoft Security Update 2004 Februaru CD

-- it failed to detect 157 files from teh toal of 593 viruses.

Make sure you have it scanning compressed files, or it won't scan them lol

Mine detected 591 with the latest def update.

On another note, I quite like AVK's approach and everything, but the program just destroys my PC. I have a gig and a half of ram and it slows me down horribly.

[Hypoxiaicon]

UPDATE FOR KASPERSKY ANTIVIRUS

Now detecting 605 Virus's

[Kobra]

Make sure you have it scanning compressed files, or it won't scan them lol

Mine detected 591 with the latest def update.

On another note, I quite like AVK's approach and everything, but the program just destroys my PC. I have a gig and a half of ram and it slows me down horribly.

Use my AVK tweak settings, and you won't notice any performance hit using AVK...

Right Click the AVK tray icon, going into settings, and UNCHECK

the following: (turn them OFF)

"UNCheck Packed Files"

"UNCheck Email Archives"

"UNCheck system areas when changing media"

Then hit "Exceptions" and click "Directory", and then browse to your "Program Files" directory, and exclude the entire thing.

Turn automatic type recognition on - what this does is AVK scans the headers of each file, to ensure it matches the actual file.. So if a COM virus is renamed to a text file, AVK will still find it using this method. Turn engines on "Both engines - performance optimized"..

[jack_canada]

F prot is the best! It usually uses less than 2 mb of ram, doesn't slow down your system. Scanning is very fast, And it's free.

This is when I extrated them to a folder and scanned the folder.

[xta]

Where can i d/l the F-Prot? sure it's free?

[jack_canada]

http://www.f-prot.com/download/home_user/

[LOC Veteran]

The Linux version is free along with every other version EXCEPT for Windows.

Windows version isn't free.

[Kobra]

3 Labs have informed me that 6 files in this archive are "Cleaned" already.. Meaning they are dead viruses... Another 6-10 or so are considered either adware/spyware or Joke programs. Also, some of the threats are horribly old in this archive, dating back 20 years.

So the reason KAV is picking up more is because of the extended databases picking up the extra non-virus types inside it. The real, true number, may never be known, but I suspect somewhere around 580-590 would be considered a perfect hit on this test. But thats just a guess.

[xta]

http://www.f-prot.com/download/home_user/

Tnx.

[Slimy]

3 Labs have informed me that 6 files in this archive are "Cleaned" already.. Meaning they are dead viruses... Another 6-10 or so are considered either adware/spyware or Joke programs. Also, some of the threats are horribly old in this archive, dating back 20 years.

So the reason KAV is picking up more is because of the extended databases picking up the extra non-virus types inside it. The real, true number, may never be known, but I suspect somewhere around 580-590 would be considered a perfect hit on this test. But thats just a guess.

each file should only be considered as 1 threat

[Kobra]

each file should only be considered as 1 threat

Correct.. But then unless we have verification of each and every file, we can't be too sure.

There are 593 individual files in the archive, anything more than 593, I feel should be treated as a "False Alarm". But in addition, 6 of the files are confirmed as "Dead" viruses. So 587 is the *real* number in the archive. I've investigated these 6 cleaned viruses, and have sent them off to a few labs to check out, and came back as dead as well.

A further 6-8ish samples are considered "Jokes" and not real viruses, so thats why I said 580ish is still considered 100% by antivirus standards. AVK which uses the KAV+RAV engines only picks up 587 which is the true number. I'm curious as to why KAV5 would be picking up 605 when there are only 593 files in the friggen archive anyway!

Sounds to me like some false alarms or other issues, and that its detecting dead viruses...

[Slimy]

Correct.. But then unless we have verification of each and every file, we can't be too sure.

There are 593 individual files in the archive, anything more than 593, I feel should be treated as a "False Alarm". But in addition, 6 of the files are confirmed as "Dead" viruses. So 587 is the *real* number in the archive. I've investigated these 6 cleaned viruses, and have sent them off to a few labs to check out, and came back as dead as well.

A further 6-8ish samples are considered "Jokes" and not real viruses, so thats why I said 580ish is still considered 100% by antivirus standards. AVK which uses the KAV+RAV engines only picks up 587 which is the true number. I'm curious as to why KAV5 would be picking up 605 when there are only 593 files in the friggen archive anyway!

Sounds to me like some false alarms or other issues, and that its detecting dead viruses...

i agree

kav isn't all that great

i'm sticking with sav! :D

[iwod]

MKS_Vir 2004, a uber Polish Antivirus, launching in the US this week found 580... Impressive.

But wasn't this the one which said they discontinue??

So in all these test just shown Every one of the is capable. .........

SAV is just too good ^^

[905punk]

Here's PC-Cillin 2003 With Pattern File: 1.929.00 (Scan Engine:6.8.1)

[Patrick_]

I just emailed Avast telling them about this file, so they could add the ones they missed to their database.