Personal test

[solbjerg]

Hi

I downloaded Mbam free version yesterday and ran it (quick scan)

It found zero problems on my computer in the course of 6 minutes and 13 seconds.

I then ran IS360 and it found 19 tracking cookies in the course of 3 minutes and 13 seconds. (quick scan)

I have uninstalled Mbam with Revo Uninstaller.

By the way IS360 definition core.def file is at ~86% of the size of Mbam's (today).

Cheers

solbjerg

[titou56]

Hi Solbjerg,

 

Good news... I make them following !

 

Best regard

[itsmejjj]

Mbam free well what can one say .i stopped using it a while back..but that is interesting...any how i am happy with 360

[Leeman]

Guys and Gals,

 

I use MBAM too along with IS360. MBAM does not pick up cookies - never did as far as I know. IS360 has always picked up the occasional bug and/or cookies when MBAM picks up nothing even before and even now after the fiasco a few weeks ago. Sometimes I even think SAS does a better job than MBAM. I use that too. Here is my preference in order:

 

IS360

SAS

MBAM

 

In that order!

 

Lee

[sunny staines]

as above MBAM does not seek out cookies, just spyware.

[Narxis]

Mbam is good against fake antiviruses. i use both Mbam Pro and Iobit Security 360 Pro. I have now Norton Internet Security 2010 installed, it detects and removes tracking cookies.

[solbjerg]

Hi

I downloaded Mbam free version again yesterday and ran it (quick scan)

It found zero problems on my computer in the course of 7 minutes and 28 seconds.

I then ran IS360 and it found 6 tracking cookies in the course of 3 minutes and 7 seconds. (quick scan)

By the way IS360 definition core.def file is at approximately 90% of the size of Mbam's (today).

68.9% of the largest size it ever had. (18.01.2010)

69,098 % of the largest size it ever had (20.01.2010)

Seems to go up with about 1% point every 5-6 days.

Cheers

solbjerg

[So_sad]

Hi solbjerg :smile:

 

Tracking cookies ? Database "size" ? <insert slap forehead smilie here> lol.

I have a more interesting challenge for you : find some nice current and nasty bad guys, then run your test again :wink:

 

Caution : this is for trained professionnals only (sort of..). Don't try this on your home computers 8)

[solbjerg]

Hi So_sad

I decline! As I say it is a Personal test!

It was just to test what every user can see and do themselves.

And to inform users how big the the core.def file of IS360 is as of today.

That's all.

Cheers

solbjerg

 

 

Hi solbjerg :smile:

 

Tracking cookies ? Database "size" ? <insert slap forehead smilie here> lol.

I have a more interesting challenge for you : find some nice current and nasty bad guys, then run your test again :wink:

 

Caution : this is for trained professionnals only (sort of..). Don't try this on your home computers 8)

[solbjerg]

Hi Okie

That depends - if you have run ASC before you run IS360 it will only once in a while find something.

If you are using sandboxie none of them will probably find anything.

Or if your settings in Windows is to delete every cookie in every session you won't find anything either.

So you will have to ask more specific questions and explain in detail how your setup in your computer and programs are.

Cheers

solbjerg

p.s. It means that IS360 doesn't find any tracking cookies or malware on your machine

 

Hi solbjerg!! When I run IObit360, it never finds any thing, so does that mean I'm not getting any tracking cookies or malware??

[So_sad]

Hi solbjerg ;

 

I realize that it is a personal test, posted in the lounge, so no big expectations.

I just chuckled a bit when I read about the detections being tracking cookies, but also the database size. Does size really matter ? If in doubt, ask the best person around : your wife :mrgreen:

Hahaha, sorry, that was too easy ;-)

 

Seriously now. Tracking cookies ? That's not really in the "serious detections" arena ; Ad-Aware (yuck) can do those for you, or CCleaner, or any other crap file cleaner.

And now about "size" (lol) : if IS360 is going after cookies, that's going to take up space in the db, obviously. To me, db size has no meaning because it all depends on what is in it. You can stuff a database with just about anything, really, including cookies and 3+ year old malware. That's not going to benefit the end user much, faced with a real infection. I'm not saying that this is the case with IS360 because I haven't, can't and wouldn't reverse it to check what's inside.

Scanning speed : yet another variable which is difficult to assess, because it depends on how the engine is built, what it looks for and where, if heuristics are involved or not, etc... When users are infected for real, they don't mind running online scans that last 2+ hours if it's going to help, so 7 minutes vs 3 minutes is meaningless in the grand scheme of things.

 

Pro vs Free : no difference for MBAM as far as on-demand scan detections and cleaning muscle go. Same for IS360 I think (I think..).

 

And the last thing I wanted to mention : you and I are low risk surfers, meaning we know the risks and know how to avoid them. We use protections but don't really need them ; we have them because we play it safe, just in case. If I run a scan on my machine and it finds something, I'm going to be upset and someone will get a speech lol.

 

Oh and congratulations for having a clean machine ! Mine is clean too, I think ; I haven't run a scan in weeks, maybe months :-D

[solbjerg]

Well So_sad

Many of your observations are true, but me thinks that thou protests too much.

Size does have some merit even though it is not the most important factor, quality is much more important. (even your wife would go along with that I think) :-)

Anyway - in the readily accessible data it is the easiest to report.

The quality can be determined by ordinary users by running the applications and see what they find. At least that's how I think that ordinary users react.

You have yourself used the size to describe the status of IS360 in one of your earlier posts.

 

If the program only finds tracking cookies - then FINE!

Many people are irritated by picking them up, so I feel that slighting their concern is a little arrogant.

None of the mentioned programs in my personal test finds anything more serious than that in my personal machine, - that is fine by me - and anyway I am just reporting MY findings.

 

Cheers

solbjerg

 

 

Hi solbjerg ;

 

I realize that it is a personal test, posted in the lounge, so no big expectations.

I just chuckled a bit when I read about the detections being tracking cookies, but also the database size. Does size really matter ? If in doubt, ask the best person around : your wife :mrgreen:

Hahaha, sorry, that was too easy ;-)

 

Seriously now. Tracking cookies ? That's not really in the "serious detections" arena ; Ad-Aware (yuck) can do those for you, or CCleaner, or any other crap file cleaner.

And now about "size" (lol) : if IS360 is going after cookies, that's going to take up space in the db, obviously. To me, db size has no meaning because it all depends on what is in it. You can stuff a database with just about anything, really, including cookies and 3+ year old malware. That's not going to benefit the end user much, faced with a real infection. I'm not saying that this is the case with IS360 because I haven't, can't and wouldn't reverse it to check what's inside.

Scanning speed : yet another variable which is difficult to assess, because it depends on how the engine is built, what it looks for and where, if heuristics are involved or not, etc... When users are infected for real, they don't mind running online scans that last 2+ hours if it's going to help, so 7 minutes vs 3 minutes is meaningless in the grand scheme of things.

 

Pro vs Free : no difference for MBAM as far as on-demand scan detections and cleaning muscle go. Same for IS360 I think (I think..).

 

And the last thing I wanted to mention : you and I are low risk surfers, meaning we know the risks and know how to avoid them. We use protections but don't really need them ; we have them because we play it safe, just in case. If I run a scan on my machine and it finds something, I'm going to be upset and someone will get a speech lol.

 

Oh and congratulations for having a clean machine ! Mine is clean too, I think ; I haven't run a scan in weeks, maybe months :-D

[So_sad]

Hi solbjerg,

 

I didn't think I was protesting though, just reflecting on the content of your findings.

 

If I did mention "size" in an earlier post (can't remember but I'll take your word for it), it had to do with the immediate reaction of pulling the disputed content : pulling the content quickly equals a dramatic size decrease. That was to be expected. In the following weeks, some adjustments were made. Think of it this way : if you had to pull "x"% of your database because of a dispute and the sizes pre and post reduction were made public, wouldn't you want to see that size grow back to something more "normal", if not only for appearence's sake ? I know I would... and it isn't difficult to do. This is why I view db size as irrelevant, when you factor everything in.

 

When I initially got interested in the security aspect of computing life, I too appreciated a scanner that would find something, anything, just so I felt it did its job. Tracking cookies are no longer a concern for me, for many reasons but mostly because I manage them without having to run an anti-malware tool to remove them. But I agree with you that Joe Public may enjoy seeing his anti-malware program remove them ; it's just not important to me ; we are talking about personal preferences here.

 

What I worry most about are real, nasty infections. Plenty of those jumping into machines via peer-to-peer networks, crack sites and even on the social networks. You may not see many here because you guys don't have a dedicated malware removal section, staffed with trained personnel (trained to remove malware that is). That's alright. But when sophisticated malware finds its way into a machine, people are often shocked by the symptoms and many panic ; that's when they need the good stuff. Good, not necessarily big ;-)

 

===

[solbjerg]

Ok So_sad

"Factoring everything in" ??

That will be hard to do not knowing all the factors - just choosing the ones we do think we know :-)

Increasingly anti-virus programs are cleaning other malware too, so one could perhaps argue that Mbam has tackled this challenge by incorporating virus definitions into its defense, while IObit focuses more on tracking cookies. But both of them are still not a total defense against all forms of malware and needs to have an antivirus program running alongside.

The "protesting" quote was Shakespearean and not to to be taken too verbally :-)

Cheers

solbjerg

 

Hi solbjerg,

 

I didn't think I was protesting though, just reflecting on the content of your findings.

 

If I did mention "size" in an earlier post (can't remember but I'll take your word for it), it had to do with the immediate reaction of pulling the disputed content : pulling the content quickly equals a dramatic size decrease. That was to be expected. In the following weeks, some adjustments were made. Think of it this way : if you had to pull "x"% of your database because of a dispute and the sizes pre and post reduction were made public, wouldn't you want to see that size grow back to something more "normal", if not only for appearence's sake ? I know I would... and it isn't difficult to do. This is why I view db size as irrelevant, when you factor everything in.

 

When I initially got interested in the security aspect of computing life, I too appreciated a scanner that would find something, anything, just so I felt it did its job. Tracking cookies are no longer a concern for me, for many reasons but mostly because I manage them without having to run an anti-malware tool to remove them. But I agree with you that Joe Public may enjoy seeing his anti-malware program remove them ; it's just not important to me ; we are talking about personal preferences here.

 

What I worry most about are real, nasty infections. Plenty of those jumping into machines via peer-to-peer networks, crack sites and even on the social networks. You may not see many here because you guys don't have a dedicated malware removal section, staffed with trained personnel (trained to remove malware that is). That's alright. But when sophisticated malware finds its way into a machine, people are often shocked by the symptoms and many panic ; that's when they need the good stuff. Good, not necessarily big ;-)

 

===

[enoskype]

Hi So_sad, :smile:

 

Sorry for responding a bit late, but you are a great demagogue. :lol:

 

Hi solbjerg ;

Does size really matter ? If in doubt, ask the best person around : ................

Hi solbjerg,

If I did mention "size" in an earlier post (can't remember but I'll take your word for it), it had to do with the immediate reaction of pulling the disputed content : pulling the content quickly equals a dramatic size decrease. That was to be expected. In the following weeks, some adjustments were made. Think of it this way : if you had to pull "x"% of your database because of a dispute and the sizes pre and post reduction were made public, wouldn't you want to see that size grow back to something more "normal", if not only for appearence's sake ?.

 

Cheers.;-)

[So_sad]

LOL. Thanks enoskype. Just part of my nature I guess ;-)

 

@solbjerg : I certainly agree about the "factoring everything in ??", which is partly guess work without having the facts at hand. Regardless of what really happened, my point is just that size alone cannot be taken as a measure of efficiency, because of many otherefactors such as coding, content, compression rates, etc... Apples and oranges, really.

 

I could supply malware samples for testing, but there would always be the specter of bias on my part, so I won't even think of it. Testing without bias is somewhat difficult and would need to be done by independant reviewers ; that day may come, sooner or later, and we can discuss results when they become available.

 

Just keep those machines out of harm's way folks ; that's the best tool and best advice I can give anyone :-)

 

===

 

Edit : I've just edited out a quoted post from solbjerg which got inserted at the top of my message. Don't know what I did there, but it's corrected now. Sorry about that..

[solbjerg]

Hi So_sad

During the comparison testing I thought that the malware samples used contained very much material that a good anti-virus program could clean out, and as the aim of the test was to test for spyware and other less dangerous malware among the providors of such programs, it would have been most fair to run the used malware samples through the best antivirus program available and then test the rest in the programs concerned in the comparison testing.

 

About size - to my knowledge I am the only one that provides up to date data on this concerning the IS360 core.def file.

(size measured in bytes)

 

68.9% of the largest size it ever had. (18.01.2010)

69,098 % of the largest size it ever had (20.01.2010)

69,29 % of largest size it ever had (22.01.2010)

69,46 % of largest size it ever had (25.01.2010)

72,46 % of largest size it ever had (18.03.2010)

Seems to go up with about 1% point every 5-6 updates (10-14 days).

 

----

 

112,91 % of largest size it ever had (10.11.2010)

 

But of course you are right - size alone doesn't tell the whole story.

 

Cheers

solbjerg

 

 

 

 

LOL. Thanks enoskype. Just part of my nature I guess ;-)

 

@solbjerg : I certainly agree about the "factoring everything in ??", which is partly guess work without having the facts at hand. Regardless of what really happened, my point is just that size alone cannot be taken as a measure of efficiency, because of many otherefactors such as coding, content, compression rates, etc... Apples and oranges, really.

 

I could supply malware samples for testing, but there would always be the specter of bias on my part, so I won't even think of it. Testing without bias is somewhat difficult and would need to be done by independant reviewers ; that day may come, sooner or later, and we can discuss results when they become available.

 

Just keep those machines out of harm's way folks ; that's the best tool and best advice I can give anyone :-)

 

===

[So_sad]

Hi again solbjerg,

 

About the comparison : we've discussed this before and I tried to explain the reality of today's malware. 3-4 years ago, we had "viruses" and "spyware/adware", basically, and they could easily be separated because you would catch one or the other. Quite a different story today though. Antivirus program vendors decided to add trojan horses + "spyware/adware" to their databases a few years ago because they became much more popular than traditional viruses, as they are easier to code and can be just as deadly (efficient) as viruses. "Anti-spyware" tools are being replaced with "anti-malware" tools and there's a good reason for that : malware is malware, whichever tag you stick to it. Malware is coded and placed in strategic places so that as many people as possible will get infected. That means malware (or infections really) target the masses and most do so to be profitable. When programs target them efficiently, they simply modify the code or make new ones to elude detection. If your antivirus gets them, great, but they don't always do they... so here comes the anti-malware tools to the rescue, hopefully. If a popular infection uses a virus or worm to get in and then calls in trojans and rootkits to the party, you need to stop the messenger at the door ; if it gets in, you're screwed and you find yourself with multiple infections on the box. Multiple infections are not the exception anymore, but the norm.

 

So what would you expect from your security programs ? That they know the malware and can stop it (shields) or remove it when it gets in (on-demand scan). You want everything removed. Some malware can disable or destroy antivirus programs, so you need something to be able to come in do the dirty work : a good anti-malware program.

 

Just look at all the rogues out there : how do they get in ? They're not all "simple infections" anymore, no Sir. Some come with worms. The worms install and call their friends over. Rootkits come in, etc... You think you only have a rogue program onboard, right ? Wrong, you have multiple infections. Parts of the infection are for the rogue program itself, other parts are there to protect the rogue and other parts are there to let more infections in. Fun ? You bet...

 

Nothing is black or white anymore. Antivirus programs try to get trojans and rootkits and anti-malware programs must be able to target some worms, as well as trojans and all the rest, if they are going to be able to perform and compete. The line between the two (AV and AM) is getting more and more blurry.

 

So... if an anti-malware tool detects worms that are present in the wild, that's a good thing ;-)

 

===

[solbjerg]

Good of you to write all that again So_sad

The essence of that seems to be that one should not rely on only a single program. With which I agree.

The best advice is still the one you mentioned earlier - to practice safe surfing - and be prudent and careful!

Back up your important files (before infection) and be prepared to format your disk if you do get heavily infected.

Cheers

solbjerg

 

 

 

Hi again solbjerg,

 

About the comparison : we've discussed this before and I tried to explain the reality of today's malware. 3-4 years ago, we had "viruses" and "spyware/adware", basically, and they could easily be separated because you would catch one or the other. Quite a different story today though. Antivirus program vendors decided to add trojan horses + "spyware/adware" to their databases a few years ago because they became much more popular than traditional viruses, as they are easier to code and can be just as deadly (efficient) as viruses. "Anti-spyware" tools are being replaced with "anti-malware" tools and there's a good reason for that : malware is malware, whichever tag you stick to it. Malware is coded and placed in strategic places so that as many people as possible will get infected. That means malware (or infections really) target the masses and most do so to be profitable. When programs target them efficiently, they simply modify the code or make new ones to elude detection. If your antivirus gets them, great, but they don't always do they... so here comes the anti-malware tools to the rescue, hopefully. If a popular infection uses a virus or worm to get in and then calls in trojans and rootkits to the party, you need to stop the messenger at the door ; if it gets in, you're screwed and you find yourself with multiple infections on the box. Multiple infections are not the exception anymore, but the norm.

 

So what would you expect from your security programs ? That they know the malware and can stop it (shields) or remove it when it gets in (on-demand scan). You want everything removed. Some malware can disable or destroy antivirus programs, so you need something to be able to come in do the dirty work : a good anti-malware program.

 

Just look at all the rogues out there : how do they get in ? They're not all "simple infections" anymore, no Sir. Some come with worms. The worms install and call their friends over. Rootkits come in, etc... You think you only have a rogue program onboard, right ? Wrong, you have multiple infections. Parts of the infection are for the rogue program itself, other parts are there to protect the rogue and other parts are there to let more infections in. Fun ? You bet...

 

Nothing is black or white anymore. Antivirus programs try to get trojans and rootkits and anti-malware programs must be able to target some worms, as well as trojans and all the rest, if they are going to be able to perform and compete. The line between the two (AV and AM) is getting more and more blurry.

 

So... if an anti-malware tool detects worms that are present in the wild, that's a good thing ;-)

 

===