Each system was run in Parallels, and the folder containing the malware was copied onto the desktop of the test system. Once that was done, by shutting off network access, testing could proceed over multiple days without changing the results. The final result was a set of identical systems, each with a fully up-to-date copy of one of the anti-virus programs as of that particular date.
#Iantivirus vs clamxav update#
Once installation was complete, a single day was chosen to open each snapshot and update each anti-virus program, then save a new snapshot of the updated state. Then, over the course of several days, 20 different anti-virus programs were obtained and installed in fresh copies of this virtual machine, ending with 20 different snapshots in Parallels, each containing this base system and one of the anti-virus programs to be tested.
#Iantivirus vs clamxav mac os x#
A base Mac OS X 10.8.2 system was set up in a virtual machine, fully updated and with no third-party software installed. Testing was done in a virtual machine in Parallels. Two items (components of the DiabloMiner app) were removed after testing, when it was shown that no anti-virus software detected them, and after determining that DiabloMiner is actually a legit program misused by DevilRobber. A number of samples were rejected from inclusion in the testing during the collection phase. Sometimes, VirusTotal results are not conclusive, and samples will be identified as malware that really are not.
This was done to simplify identification of which malware was detected. Any samples that consisted of archives (zip files, disk image files, etc) were expanded/opened, and both the archive and the contents were placed in a sub-folder consisting of the SHA1 “fingerprint” of the archive.Īttempts were made to ensure that all samples were valid samples. Samples that did not originally come from VirusTotal were uploaded to VirusTotal, then given names identical to the SHA1 name assigned by VirusTotal. Samples that came from VirusTotal had names consisting of the SHA1 “fingerprint” of the file. Samples were organized into folders based on malware family. In this test, a total of 128 samples were collected, containing items from 24 different malware families. Keep in mind that I would actively recommend against a few of the anti-virus programs that scored highly in this test! Methods Do not attempt to use this test as the sole metric of evaluating anti-virus software. It also contains absolutely no information about the feature sets, performance and stability of any of the tested engines. This test did not attempt to test how well any engine blocks an active attempt at infection.
#Iantivirus vs clamxav manual#
This test examines only a particular aspect of the anti-virus engines being tested: what malware is detected by a manual scan. This is not an attempt to compare anti-virus programs across the board. It is important, before starting with discussion of the test, to point out the relevance of this test.
This document describes the second round of testing, in which I look at a total of 20 different anti-virus programs using somewhat different methods than those used in the first test. Last November I began a project to test Mac anti-virus programs to see what malware they are capable of detecting. There are almost as many anti-virus programs for the Mac as there are families of malware, and a constant question among Mac users is whether to use one and, if so, which one to use. January 28th, 2013 at 1:50 PM EST, modified
0 kommentar(er)
