Test:HitManPro,Full Scan or Right-Click scan??

View previous topic View next topic Go down

Test:HitManPro,Full Scan or Right-Click scan??

Post by Guest on 27/5/2010, 00:05

Hi!
Everybody does tests these days. Most of them have little real value,and I do not presume mine to be any different.

Just out of curiosity,I decided to see if I could determine the detection rate of static malware,with HitManPro 3.5.5 Build 98,using the full scam-vs-right click scan.

Previous experience lead me to expect a higher results from the full scan.

I downloaded the follow static sample of 1069 static Malware assembled by SSUpdater:

megaupload.commegaupload.com 0G7FX4L9

(this is a 7-Zip file password:ssupdater.com)

I have no idea how many of these samples are real malware,and I know many are quite old.

The results were:

HitManPro 3.5.5 Build 98 full scan: 345 of 1069
HitManPro 3.5.5 Build 98 click scan: 947 of 1069

As an aside,the scans for EMSI MalAware its Online Armour clone,produced zero detection.
They are apparently geared to active malware only.

noor

Guest
Guest


Back to top Go down

Re: Test:HitManPro,Full Scan or Right-Click scan??

Post by ssj100 on 27/5/2010, 14:24

Got exactly the same results as you noor. No idea how to explain it.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)

ssj100
Administrator
Administrator

Posts: 1380
Join date: 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Test:HitManPro,Full Scan or Right-Click scan??

Post by Jaxryley on 10/6/2010, 19:15

After unpacking the samples to a Folder and using the right click "scan with" option with each app. XP VM.

These type of scans should be taken with a pinch of salt as live infections will more than likely produce a very different result.

Emsisoft:
Scanned Files: 1179? - Folder properties - 1,068 Files, 0 Folders
Found Files: 1068


Malwarebytes' Anti-Malware 1.46
Objects scanned: 1068
Files Infected: 931


HitmanPro Identified Threats
947


SuperAntspyware
File items scanned : 1068
File threats detected : 398

Jaxryley
New Member
New Member

Posts: 1
Join date: 2010-05-08

View user profile

Back to top Go down

Re: Test:HitManPro,Full Scan or Right-Click scan??

Post by ssj100 on 24/6/2010, 11:32

Hey noor, I know I've still got Hitman Pro in my signature, but I don't even have any on-demand scanner installed right now (since I restored my baseline image last week).

I'm basically doing on-demand scans with a sandboxed Malwarebytes' Anti-Malware every so often instead. It's great that I can run it sandboxed, as I dislike having too many third party (security) programs installed on the REAL system.

I also really started to dislike Hitman Pro again in the last few weeks. Here are the reasons:

1. Not a comprehensive right click scanner. Among other things, I'm pretty sure it doesn't scan .pdf, .doc, .avi etc files.
2. Have to wait for 10 seconds after each scan to close the Hitman Pro window.
3. When Hitman Pro doesn't recognise a file, it uploads it to its cloud database. My maximum upload speed is 16kb/s. So, a file that is any bigger than 1Mb takes some time and can be annoying. A file that is any bigger than 10Mb...that would be unbearable haha.
4. When Hitman Pro releases a new version, you need to download the entire program again. For some reason, I can only download at a rate of at most around 15-20kb/s from their servers. This takes time and can be frustrating.

I'm sure I'll think of more reasons eventually haha.

For now, I don't have any on-demand scanner installed and I'm fairly content. Fact is, 99.9999% of malware out there won't even be able to start/run with my system-wide anti-execution mechanism (SRP). If somehow this is bypassed (never in history has this happened with real-world malware), I always open newly introduced files with a sandboxed explorer.exe, and therefore any active malware will be eventually deleted anyway (which is a much better way of cleaning malware than anything out there in my opinion).

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)

ssj100
Administrator
Administrator

Posts: 1380
Join date: 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Test:HitManPro,Full Scan or Right-Click scan??

Post by noorismail on 24/6/2010, 13:37

Wow!! That is amazing,but I also am doing the Malwarebytes scan,in Sandboxie,and keeping only the exe on my real system!!

I tried the new HitManPro Beta,and not only does it not have right click scan option,but it is pushing hard to sell subscriptions to its individual "cloud" partners.
Of course the right click functionality will no doubt be restored to the release version,but it put me off.

For awhile I did have the full version of Malwarebytes on my real system.
(nsane-ly good deal on the price!!),and kept the real time disabled,and just used the "flash"scan,that is a little quicker than the "fast"scan,and the right click.
I came to figure I would be better off with the free,Malwarebytes,not on my real system,and use Avira 10 every so often in ShadowMode,and reboot to remove.

My upload is not that fast either,and when hitmanPro detects a new file,it is nearly as fast to use Jottis,or Virus Total,and get the benifit of MORE
scanners.

I need to update my sig.
I notice Shadow Defender on-demand is no longer in yours!!

Ps# running Avira this way is something of a problem,as the larger updates make you "stored" Exe harder to update,and you need to download a freash one.
Malwarebytes,with its fast updates is no problem. My exe is almost two months old,and still updates fast enough.@

noorismail
Moderator
Moderator

Posts: 193
Join date: 2010-06-23

View user profile

Back to top Go down

Re: Test:HitManPro,Full Scan or Right-Click scan??

Post by ssj100 on 24/6/2010, 14:29

I see. With regards to Shadow Defender, read here:
http://ssj100.fullsubject.com/security-f7/discuss-security-setups-and-approaches-here-t6-15.htm#646

Also, Tony (Shadow Defender's sole developer) has seemingly disappeared without a trace.

Yes, that's another thing I don't like about the latest Hitman Pro - it pretty much has instituted adware, although it is "justified adware". Still, adware is adware.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)

ssj100
Administrator
Administrator

Posts: 1380
Join date: 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

Permissions in this forum:
You cannot reply to topics in this forum