Malware detection list updated again

09. October 2013 Security 8

The top performing AV products and XProtect results have been updated. Intego has added quite a few older malware signatures to their database as well as being able to detect the latest Leverage samples. These definition updates resulted in VirusBarrier 2013 jumping from 3rd to 1st place and VirusBarrier Express from 5th to 4th.

Panda antivirus got an overhaul and now looks identical to Intego’s Virusbarrier and jumped from version 1.5 to version 10.7.6. Since it uses the same signature database the results are the same. As Panda is now identical to Intego’s product (no idea why they use the same of everything just re-branded) only twice as expensive and without menubar service… I would not bother with Panda anymore so it has been moved to the “excluded from future testing” list because of these reasons. XProtect remains painfully ineffective against malware, even Janicab that has been around since June. I did hear today that Apple updated XProtect to block some of the latest IceFog samples, we’ll see how well in the next update.

I’m already working on the next update which will have more malware samples, including the latest IceFog. Thank you to those that submit samples and make suggestions 🙂

The latest PDF, as always, can be found here.

Any comments, feedback or suggestions are welcome, leave ’em in the comments below!


8 thoughts on “Malware detection list updated again”

  • 1
    TED on October 9, 2013 Reply

    Any idea if Intego fixed X6 too. They had a double definition update in one day yesterday on my X6. They could of fixed X6. I called them about 3 to 4 days ago and questioned this test. They may have updated X6. They said X6 should have the same definitions as 2013.

    • 2
      Jay on October 9, 2013 Reply

      I’ll check that out tonight.

  • 3
    Jay on October 9, 2013 Reply

    VirusBarrier X6 can update definitions again and no longer forces users to upgrade to the 2013 version (as far as I could tell). With up to date definitions VirusBarrier X6 is back with in the running placing 5th in the list. However some malware samples and traces were not detected in a full scan, files that were found by it’s successor VirusBarrier 2013. I tested this numerous times and found malware that was not found during a scan was found if i dragged and dropped the file directly on the application, but even then it was “ignored”. While this technically means X6 can identify the malware, because it was not found in a scan I did not mark them as found. Perhaps this is simply the difference in scan engine that allows for better results in VirusBarrier 2013, only Intego can confirm this.

    With these latest tests of Intego products it’s noticeable they went back in time and added almost all the signatures on the list. While it’s nice to know they are giving their definitions database some love, adding definitions for malware from 2006 seven years after the fact seems like an attempt to make the products ‘look good’ in tests like these but may prove the products lacking when new malware is released. Are they on top of this now or will their next updates be responses to this test again rather than a threat of actual malware being found in the wild? Time will tell.

    VirusBarrier X6 is no longer being sold by Intego but can still be obtained through Amazon and eBay ranging from $45 to $70. With VirusBarrier 2013 costing $30 I would not recommend new users to purchase X6 but go for the latest version instead.

    The PDF has been updated to reflect X6’s results.

  • 4
    TED on October 11, 2013 Reply

    Jay ,

    When you retested VirusBarrier X6 last, did you enable in Scan Settings–> Advanced “keyloggers” “Hacking Tools” in the “Consider these as threats”? Also what about “Malicious Scripting and Corrupted Resource Forks”?

    • 5
      Jay on October 12, 2013 Reply

      Under Scan Settings I have Behavioral Analysis enabled for the real time scanner. Under the archives tab everything is checked and under the Advanced tab everything is checked, priority set to ‘high’. I configure every product for best performance and results before testing starts, these settings should give best possible results. I did notice something weird when restoring the X6 VM earlier to update the results with the latest samples so I reinstalled it completely and re-tested all samples, not just the new ones and those back a few years. Results will be online later tonight.

      • 6
        Jay on October 12, 2013 Reply

        You’ll like the results for X6 😉

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.