Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Defender Comparisions


  • Please log in to reply
3 replies to this topic

#1 Elendil

Elendil

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:10:43 PM

Posted 04 May 2006 - 05:33 PM

In my recent science fair that won at my county and 3rd in the state, an aspect I studied was how well four free anti-spyware programs did: Windows Defender, Spybot S&D, Ad-Aware SE, and A-Squared Anti-Malware.
Here are the results of my experiment:
A-Squared: 16 Cookies, 11 Registry, 6 Files - 68% of total amount
Ad-Aware SE: 21 Cookies, 3 Registry, 1 File - 50%
Spybot S&D: 15 Cookies, 1 Registry, 1 File - 34%
Windows Defender: 1 Registry, 1 File - 4%

All of these programs were fully updated and then brought into safe mode to do the scanning. Just thought I'd post this little FYI for people who have Windows Defender as their only anti-spyware program.
Stanford '14
B.S. Candidate | Computer Science

BC AdBot (Login to Remove)

 


#2 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:09:43 PM

Posted 04 May 2006 - 05:43 PM

I would be interested in understanding what these four applications were tested against as well as the methodology you employed in your experiment. From the percentage, I would guess something around 50 different instances; do you consider this an adequate sample to warrant any conclusion?
Regards,
John

Edited by jgweed, 04 May 2006 - 05:44 PM.

Whereof one cannot speak, thereof one should be silent.

#3 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 PM

Posted 05 May 2006 - 10:10 AM

I would be interested in the exact methodology as well. What was your test platform and what malware installed to test the scanners?

Also exactly what do the percentages relate to? Is that detection only or removal? These can be two seperate results as some scanners may detect items but are not able to remove them. Also if these numbers are for removal, was it verified and were detections checked for false positives?

Don't get me wrong, it's an interesting study and you're to be appluaded. And while I agree that WD should not be depended on as the only supplemental security program (anti-spyware and other antimalware other than antiviruses and firewall), I have a hard time believing that WD's results were that low. You did reinfect your test platform with the same set of malware before running WD, correct?

I would also find it interesting to make comparisions to programs' effectiveness at being proactive rather than retro-active. You might find that WD is more effective at protecting a system from getting infected in the first place since the free versions of A-squared and Ad-Aware don't offer a proactive approach. That would be a totally different experiment, but would give a better idea of the overall worth of the WD program.

BTW, Elendil, since you are a HJT Trainee, now, some aspects, such as links to dangerous websites, would be better discussed in the private forum.

The thing about people

is they change

when they walk away.--Mipso


#4 Elendil

Elendil
  • Topic Starter

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:10:43 PM

Posted 07 May 2006 - 07:27 PM

This is out of 49 spyware programs. The basic summary goes as follows:
1. Updated all of the programs,
2. Went out and got my computer infected (Some GAIN, random ads, downloads (limewire), etc.)
3. Booted into safe mode minimal.
4. Ran WD in full scan, once finished I recorded the number of spyware detected but DID NOT remove any spyware and instead closed WD.
5. Ran Spybot S&D, recorded detected stuff, didn't remove any but closed.
6. Same procedure with Ad-Aware SE.
7. Same procedure with A-Squared.
8. Rescanned with WD this time QUARENTINING spyware; it failed to remove some GAIN stuff so I altered the number of spyware corresponding with WD.
9. Unquarentined spyware and scaned with Spybot S&D; removed all detected so its spyware rating stayed the same.
10. Restored the spyware detected using Spybot's Recovery Feature.
11. Scanned with Ad-Aware SE; all removed and then unquarentined.
12. Scanned with A-Squared all removed.
13. Rescan with WD removed fully what it could.
14. Rescan with Ad-Aware SE removed what it could.
15. Spybot S&D removed all.
16. For safe-guarding ran scans with TMAS and removed all detected afterwards, along with manually deleting what SpywareDoctor found.

Any more questions? Please reply back with them. This is excellent practice for my upcoming Discovery Channel Young Scientist Challenge and I would love to be vigorously interogatted and critiqued.
Stanford '14
B.S. Candidate | Computer Science




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users