Malware detection rates updated

Sorry for the wait folks, I’ve been quite busy lately. Finally got around to updating the antivirus test, the results can be found here.

The virtual machines were updated with the latest available software (still OS X 10.8.5 though), plugins and some new malware.
New software since last test:
– iTunes 11.1.5
– Security Update 2014-001
– Mac App Store Update 1.0
– Latest Browsers
• Firefox 28, automatically disabled the Codec-M add-on.
• Chrome 33.0.1750.152
• Opera 20.0.1387.82
New plugins since last test:
– Flash Player 12.0.0.77
– Java Version 7 Update 51 (re-installed)
New malware since last test:
– Tored (2009)
– DevilRobber / Miner (2011)
– Musminim / BlackHole (2011)
– Tsunami / Kaiten (2011)
– Dockster / Maljava (2012)
– GetShell (2012)
– SMSSend (2012)
– LaoShu.A (2014)
– Careto / Mask (2014)
– CoinThief (2014)
– NetWeird / WireNet (2014)
– VSearch (2014)
Total samples are now 420

I also introduced some false positives. These are files that are very closes to infected samples but are actually harmless. An antivirus application should not detect any of them. This list will grow in future tests. MD5 hashes were added to the trace files where available, these can be found in the far right side of the PDF.

NetWeird, even though most samples are blocked by XProtect now, was still able to install itself on the system as the invisible folder ‘.Install’ with the Host file in it was found in my home directory.

A new AV was added called Max Secure Antivirus.

In January ClamXav had asked to be re-tested as they made some significant changes to their product. I tested ClamXav again and indeed they have noticeably improved their detection rates. With the updates and improvements the ClamXav team have made, their AV now finds themselves amongst the top.

There’s more work to be done but this update at least brings the AV with 80% or more up to date. The rest will be done soon.