Antimalware-test with 5000 2-year OLD samples, MBAM detects only 3% !?

[hackerman1]

hi !

i found this on Anti-Malware Reviews - A collection of reviews, tests, awards and personal opinions of anti-malware software.

"PC help and news website raymond.cc has published an amateur test which results we do not want to keep quiet about. For the test two sets of first 500 and then 5000 samples consisting of almost two years old Malware files were created and 93 different products had to prove how many pests they could detect. The 500 samples strong first set’s winner is Emsisoft Anti-Malware with a clean 100% detection – just Avira was able to detect all the threats aswell, while all the other products detected 9x% or even less.

Obviously the 5000 samples strong set 2 was more difficult for the security programs, as none was able to detect 100% here.
But again Emsisoft Anti-Malware achieved the best result with 99.72%, in front of Avira Premium (99.22%), Twister (99%) and Kaspersky (98.48%).

Surprisingly some very well known programs showed really bad performances like Malwarebytes’ Anti-Malware (3%) or Ad-Aware (58.44%)."


MBAM (3%) detection on almost 2-year old samples ?
oh...:huh:

read the whole story here: http://www.raymond.cc/forum/spyware...ection-of-different-av-with-old-malwares.html

 

[Wallonn7]

( ... )
MBAM (3%) detection on almost 2-year old samples ?
oh...:huh:
( ... )

That is very worrying ... Mainly because it's anti-malware usually indicated here on the forum on issues involving malware at its root ... Hopefully these "loopholes" in detections are urgently remedied!
Congratulations for this thread!

 

[jav]

Just a quick note:
http://www.raymond.cc/blog/ didn't published this results.
It was published on it's forums by Sujay (regular poster but as far I know he is not a writer in raymond blog)

So, as far as I can remember It was never published on raymond.cc and it is in no way officially connected with their testing.
It is an independent test done by their forum poster.

 

[hackerman1]

Just a quick note:
http://www.raymond.cc/blog/ didn't published this results.

who said that "raymond.cc/blog" published it ?

but perhaps you are referring to the first line in the post:
"PC help and news website raymond.cc has published an amateur test... " ?

It is an independent test done by their forum poster.

yes, and you can see that in the first line: "...amateur test..."

also look at the URL i posted:

"http://www.raymond.cc/forum/spyware-viruses/21574-testing-the-on-demand-detection-of-different-av-with-old-malwares.html"

 

[jav]

I am not criticizing you.
I am just pointing out at misleading information posted by Emsisoft press group:

"PC help and news website raymond.cc has published an amateur test which results we do not want to keep quiet about.

As you can see it misleads reader to think it is an official test processed and published by www.raymond.cc (which is wrong)
And next statement was just to justify my previous one

EDIT: ok, I see actually thier title was more clear (which I haven't noticed before):
"Raymond.cc user test with old Malware"

 

[hackerman1]

I am not criticizing you.
I am just pointing out at misleading information posted by Emsisoft press group:

"PC help and news website raymond.cc has published an amateur test which results we do not want to keep quiet about.

As you can see it misleads reader to think it is an official test processed and published by www.raymond.cc (which is wrong)
And next statement was just to justify my previous one

EDIT: ok, I see actually thier title was more clear (which I haven't noticed before):
"Raymond.cc user test with old Malware"

jav: no worries, i did not take it as any critic against me.
and please read my previous post again, as i edited while you replied.
yes, i agree that the present expression IS misleading.
i also first read it as an "Official" test by raymond.cc, only when i read the "full" story i realized it was a forum-post.

anyway, if those results for MBAM is correct, it once again shows that EAM has better detection-rate than MBAM...

EDIT: you are right, the title says "...user test...", but i didn´t see it, i just read the text below.

 

[malexous]

"Malwarebytes policy on including malware sample detections:
If it is detected by a majority of the AV companies, we do not include the detection in our product.
We specialize in detecting and removing what others do not."

 

[Corrine]

"Malwarebytes policy on including malware sample detections:
If it is detected by a majority of the AV companies, we do not include the detection in our product.
We specialize in detecting and removing what others do not."

The above was credited to nosirrah, who is Bruce Harrison, Vice President of Research, Malwarebytes' Anti-Malware.

 

[malexous]

Thank you, Corrine. Unfortunately, where I found that quote, no credit was given.

 

[Corrine]

The Wilders thread merely indicated nosirrah. Anyone not familiar with MBAM wouldn't know who he is.

Personally, I don't put much credence in user tests. It is also sometimes difficult to put much credence in many of the tests we see on the Internet since they are sponsored by security vendors. As the saying goes, "the proof is in the pudding" or, in this case, the proof is in the results we, as users, experience.

 

[A Guy]

I'm a member on Raymonds forum. And while the poster is a senior member there, he is indeed an amateur, and his methods were no doubt not the same as an official test lab would use. Not to fault him as he wasn't stating such either. Just saying "...with a grain of salt". A Guy

 

[Jaxryley]

Here are two recent samples I found and uploaded to VT and trust me MBAM had them in it's database way quicker than Emsi.

One is an installer for the fake MSE alert and the other for the rogue AV My Security Shield.
VirusTotal - Free Online Virus, Malware and URL Scanner

VirusTotal - Free Online Virus, Malware and URL Scanner

 

[jimbo45]

Hi all
C'mon peeps.

These tests are about as useful as a wearing a paper suit for protection in an Oil rig explosion.

First of all EVERYBODY surfs differently so the sorts of infections that could get picked up will be totally different depending on who is surfing.

For example I'm not (probably these days a HEINOIUS crime to say it) a huge MUSIC fan so rarely do I download any music legit or otherwise. Note -- I'm not saying I Don't like music it's just I don't need to listen to it all the time and go everywhere attached by white wires and earbud phones like nearly everybody under about 29 years of age seems to do these days.

So I'm unlikely to get infected by viruses emanating from those sources.

Secondly -- If you DO get notification that you have a virus / malware after a scan - what do you do about it.

You don't know WHEN you became infected or what its done to your data / OS since.

In this case only a RESTORE from a clean image or a fresh OS install would do.

For me the ONLY AV software that's worth having is a REAL TIME system such as MSE. Anything else is merely JUNK that just slows down your OS.

Any other product that relies on you to do periodic scans without any real time protection IS A TOTAL AND UTTER WASTE OF TIME.

As I keep saying the days of about 90% of AV companies is probably nearly over now MS is actually interested in preventing tampering with the Windows OS itself.

Since I have clean backups EVERY DAY I would immediately RESTORE the previous days image as soon as I got a notification of a possible (mind you not even a definite) computer infection.

With products like ACRONIS it only takes around 15 - 20 mins to restore even the largest W7 OS image. MUCH MUCH safer than relying on cleansing the system via possibly defective AV software.

(Always keep user data etc separate from the OS so you can do this easily).

After all if your computer DOES get infected would you trust the AV software to cleanse it properly -- who knows how the OS has been tampered with.

Would you entrust the Fox to guard the Henhouse.

Cheers

jimbo

 

[Layback Bear]

Those test look to me like some kid in high school doing a home work project. I use MAM as part of my layered security. As far as I know it was never designed to replace your normal anti virus program. It was designed to check for malware that your anti virus program might of missed. If I posted all the little security programs I use for multilayer protection you all would giggle. No protection program does it all. I have recommend Malwarebytes Anti Malware to many for a additional layer in there security and will continue to do so. I don't work for Malwarebytes Anti Malware.