AV-Comparatives Removal-Test November 2014

[Petrovic]

Ratings
We allowed certain negligible/unimportant traces to be left behind, mainly because a perfect score
can’t be reached due to the behaviour/system-modifications made by some of the malware samples
used. The “removal of malware” and “removal of remnants” are combined into one dimension and we
took into consideration also the convenience. The ratings are given as follows:
a) Removal of malware/traces
• Malware removed, only negligible traces left (A)
• Malware removed, but some executable files, MBR and/or registry changes (e.g. loading
points, etc.) remaining (B)
• Malware removed, but annoying or potentially dangerous problems (e.g. error messages,
compromised hosts file, disabled task manager, disabled folder options, disabled registry
editor, detection loop, etc.) remaining (C)
• Only the malware dropper has been neutralized and/or most other dropped malicious
files/changes were not removed, or system is no longer normally usable; dropped
malicious files are still on the system; removal failed (D)
b) Convenience:
• Removal could be done in normal mode (A)
• Removal requires booting in Safe Mode or other built-in utilities and manual actions (B)
• Removal requires Rescue Disk (C)
• Removal or install requires contacting support or similar; removal failed (D)
Award system
The following award/scoring system has been used:
AA = 100
AB = 90
AC = 80
BA = 70
BB = 60
BC = 50
CA = 40
CB = 30
CC = 20
DD = 0

http://www.av-comparatives.org/wp-content/uploads/2014/12/avc_rem_201411_en.pdf

 

[Secondmineboy]

Kaspersky and Bitdefender lost a bit compared to the last years removal test

 

[Petrovic]

Sample 30 (ed5e): This sample is a widespread trojan horse, which locks the screen.

Only the malware dropper has been neutralized and/or most other dropped malicious
files/changes were not removed, or system is no longer normally usable; dropped
malicious files are still on the system; removal failed (D)
Removal or install requires contacting support or similar; removal failed (D)

Kaspersky and Bitdefender Advanced+?

Great test

 

[FreddyFreeloader]

MSE & Emsisoft tied for removal!

 

[Kate_L]

AV-Comparatives are always so funny when they release a new test.

 

[hamo]

Sample 30 (ed5e): This sample is a widespread trojan horse, which locks the screen.

Only the malware dropper has been neutralized and/or most other dropped malicious
files/changes were not removed, or system is no longer normally usable; dropped
malicious files are still on the system; removal failed (D)
Removal or install requires contacting support or similar; removal failed (D)

Kaspersky and Bitdefender Advanced+?

Great test

But you should know one thing , Kaspersky use trick for protect users from Screen Locks [ Manually first then KIS complete ]

If the screen lock , just press [ CTRL+ALT+SGIFT+F4 ] , Kaspersky will kill the process .

So that Kaspersky fail here .
thank you for good tip .

 

[Sven]

Money edits this chart before release

 

[Oxygen]

It's all about the money for Advanced+

 

[Kate_L]

Money edits this chart before release

We don't know that, let's say they are suspicious

 

[FleischmannTV]

If money were so important, Symantec would have aced the static file detection test and thus wouldn't have had any reason to no longer participate at AV-C, because they have the most money of all. I wonder why people here feel so free to openly accuse AV-C of a criminal conspiracy. Does it not violate criminals laws or can't you be held accountable in civil court where you come from? I guess most people are just lucky their behavior goes simply unnoticed.

No offense, people, but please back your accusations with proof.

 

[dmzbg79]

My modest opinion is that the tests of av-comparatives are pretty fair most of the time...

 

[Piteko21]

theories of conspiracy,
I think people of AV -Comparatives drink a glass more before releasing the results

 

[FleischmannTV]

One glass more is always good

 

[Exterminator]

Lets just say that some results from many of these AV reports are a bit $uspect. Not really accusations but more like speculations based on the fact that money is the driving force by most who are involved in the AV & Security industry.I think this would include testing laboratories. I am not saying they are altering the results but everyone wants a piece of the pie,if you will. They make for a good reference but I will rely on my own trials.

 

[Kate_L]

Let me explain myself better, if the malware was not removed then the product fail and they should not receive any award. That is why I say the tests are suspicious, I don't think you want a product that doesn't remove the malware but it always gets awards.

 

[Ink]

@OpenSecLabs You may be able to find those sorts of tests on YouTube, where a sample similar to #30 is run first, causing an "instant fail".
AV-C is a combination of 30 total samples, not a handful like YouTube reviews.

 

[Kate_L]

@Huracan I think this way because in real life this is how things work. You also have a point, this is how I also test, how I think it is fair

 

[jackuars]

Honestly I don't think that money is a driving force for editing the lab results. If that was the case, it would have been reported in some form or another. Every company has to pay a certain amount to get their product tested. But the claims that the vendor that gives the highest cash is going to get a better result is false. Because if this was already a fact, then other vendors would have a problem with that and they would have known better.

Comparing AV-C results with your own results and justifying or concluding AV-C is manipulating results is wrong. Note that they use different samples, different AV configuration, different parameters, etc during their testing procedures. The results that are hence being published reflects that.

 

[Behold Eck]

I will buy into the conspiracy theory when microsoft tops the poll otherwise it`s good to see AVG and Panda doing well.

Regards Eck

 

[Av Gurus]

Malware Removal Test: March - October 2014