VB100报告之国内篇（斗胆改个原创，不符合标准的话再改回来吧）

猪头无双

翻译下VB100 12月测试中有关国产杀软的部分，翻译不准确之处以官方英文报告为准，希望VB别像AV-C的官方报告似的出现“笔误”。

本楼可牛


ItW 100.00%               Polymorphic 100.00%
ItW (o/a) 100.00%       Trojans 93.23%
Worms & bots 97.93% False positives 0


As a Chinese solution based on the Kaspersky engine, we hoped that Keniu would handle the handful of nasties lurking in our RAP sets as we began installing the 82MB package. The set-up was fast and simple, with a very brief ‘system analysis’ phase but no messing around and no need to reboot; we soon had the simple, minimal interface up and running. With its plain colour scheme and large buttons it is fairly basic to operate, but provides a few options in an ‘advanced’ area, and proved admirably suited to running through our tests. On-demand scanning speeds were rather on the slow side, lacking the advanced tricks used by others to help things along on repeat viewings, but lag times were light and resource usage below average. On-access tests produced a few odd results, and had to be repeated, but this was fairly speedy and simple and didn’t stretch our time allowance
too much. In the on-demand tests, we saw a number of files catching the scanner out, which stuck itself into a loop and refused
to emerge. In one case even rebooting the system didn’t seem to help, with the scanner seeming to run along but failing to detect anything further. The installation had to be abandoned as irrevocably broken, and along with numerous stop-start scans, a reinstallation with several known dangerous files removed in advance was needed to get to the end of testing. After several days’ hard work we got things as finished as possible, with solid scores in the standard sets and a good start in the RAP sets, which declined fairly rapidly after the first week and remained fairly steady from there on. An early freezing of updates for submission, along with the problems encountered, should explain the lower than-expected scores. The WildList set was ably handled in the end though, and with no problems in the clean sets Keniu earns a VB100 award, having given us plenty to do to get there.

作为一款使用卡巴引擎的中国杀软，我们希望在开始安装乃们这82M安装包做PAP测试的时候能处理掉样本里隐藏的一批垃圾东西。安装过程简单迅速，中途只有个简洁的“系统扫描”，没有其他东西，也不需要重启。我们很快看到了它的简单小巧的界面，并开始测试。大按钮，简洁的布局很好操作，不过“高级功能”里边基本没神马东西，但是目前这些已经足够跑测试的了。按需扫描的速度有点低，而且没有其他工具帮助我们回过头去查看日志，但是延迟时间短，资源占用低是个特点。实时扫描测试时产生了一些奇怪的结果，而且需要重复测试，但是这属于小问题，而且重复测试也没花我们太多时间。在按需扫描中，我们发现该程序在检测某些样本的时候出现错误，直接卡住了，而且没法跳过。在其中一回，我们甚至直接重启系统，可惜没效果，此后虽然该程序还在继续跑，可惜再也没检测出神马玩意了。由于受到无可挽回的错误影响，我们不得不放弃安装，而由于有一些卡住的扫描，我们需要把某些已知的恶意文件隔离之后再次重装。经过几天的艰难工作，我们最终完成了测试，在主要测试中分数稳定，而且在RAP测试的开头有良好的表现，可惜，这表现在第一周之后就下降了，而且“稳定地”挺到PAP测试结束。由于停止收集样本的时间有些早，再加上遇到的一些问题，所以造成分数有些低。wild list测试最后完成了，而且白名单测试表现不错，所以我们给可牛这次VB100奖项。

猪头无双

本楼费尔



ItW 97.64%                  Polymorphic 43.30%
ItW (o/a) 97.64%         Trojans 88.66%
Worms & bots 92.84% False positives 6

Filseclab’s product came as a free downloadable trial from the company’s website, at 53MB for the main installer and 41MB of updates, also easily accessed. The set-up process was fast and simple, but needed a reboot to complete. The interface is fairly clear and appealing, with a decent level of configuration, although some of the options in the interface – notably adding to the depth of archives scanned – seemed to have no effect. Operation proved fairly simple, and the tests rolled along nicely, with some fairly slow speeds in the on-demand tests but average overheads and low resource use, particularly in terms of CPU cycle use. Filseclab’s on-access component seems not to fully intercept all fi le reads, although some blocking was evident, so instead we gathered all on-access data by copying files around the system. Logging also seemed only to be active if the user responded to a prompt (unless the product was set to automatically apply actions), so we ended up with various copies of our test sets, in various states of repair, scattered across the test machine. Things were somewhat simpler on demand, and didn’t take too long, so testing didn’t overrun the allotted time slot by more than half a day or so, although it was more hands-on than most ，solutions. Detection rates proved fairly decent, including a fairly good showing in the RAP sets, but as usual a fair number of WildList samples were not covered – most, but not all of them from the most recent strains of W32/Virut. We also saw a handful of false alarms in the clean sets, notably the popular VLC media player and some items from major business software house SAP. Thus Filseclab still does not quite make the grade for VB100 certifi cation, but continues to show improvement.


我们在费尔官网下载了53M的免费试用安装包和41M的升级包。安装过程简单迅速，但是需要重启系统。界面清晰动人，设置结构得体。尽管有些设置——尤其是深入压缩包内部——看起来没作用。操作简单，测试过程很顺利，按需扫描的速度有点慢，但是资源占用低，尤其是CPU占用。费尔的实时扫描似乎没有拦截住所有的样本，尽管有些样本已经提升拦截。所以我们通过copy电脑中的所有文件数据来收集全部实时测试的数据。日志似乎只有用户点击提示才会看到（除非设置自动弹出结果），所以我们收集了一些数据之后就停止了测试，开始对测试机器进行修复。看起来事情进行的很简单，而且没花多少时间，所以测试在一天半内就结束了，虽然我们需要在某些方面手动解决问题。测试率还算不错，包括RAP的测试结果。但是由于漏杀了wildlist中的样本，——大多数是W32/Virut病毒。我们也发现在白名单测试里有误报现象，尤其是对VLC播放器的误报和某些主流商用软件的误报。因此，费尔还是没获得VB奖项，但是有所改进。

猪头无双

本楼奇虎


ItW 100.00%                Polymorphic 100.00%
ItW (o/a) 100.00%       Trojans 99.58%
Worms & bots 99.81% False positives 0


Qihoo’s solution is based on the BitDefender engine, and its installer comes in at 105MB. It runs through fairly quickly, with no reboot needed, and on presenting its interface offers an opportunity to join in a cloud scheme. The GUI is stylish and attractive, with some nice large buttons and plenty of good configuration options, lucidly presented, under the surface. Scanning speeds were not too slow, and on-access lag times were extremely low, although we noted that the on-access module – as with several this month – does not properly intercept read operations, rendering these measures less than fully useful. Despite this, RAM and CPU use were not much below average during the test period. On-demand scans ran smoothly, producing some very decent scores in all sets, but the on-access measure proved a little more tricky: while all fi les read were actually checked, the product did not stop them being accessed, instead slowly providing pop-ups and logging detections a while later. In the end, the fi nal sample spotted was not alerted on until more than a day after it had been opened. At least during this period some protection seemed to remain in place, and when set to delete or disinfect things were a little faster. With the good scores extending to the WildList set, and no issues emerging in the clean sets either, Qihoo earns another VB100 award.



奇虎是OEM BD的杀软，安装包105M，在呼出主界面之前会弹窗要求用户加入云社区。界面时髦，大按钮和一些很好的设置选项，再加上清晰地显示让人觉得有吸引力。检测速度不慢，实时监控延迟时间短，但我们在实时监控扫描测试过程中发现本月测试中的有些样本有读取动作，但杀软没有拦截，致使某些设置无法起作用。除此之外，CPU和内存占用比平均水平稍低。按需扫描测试结果良好，分数不错，但是实时监控有些问题：当杀软扫描所有文件的读取行为后，并木有拦截他们的下一步动作，除了过一会弹出窗口和扫描日志之外。最后一个样本并没有及时警告，而是在一天后才做出反应（汗一个）。至少这期间，某些防护措施米有起作用，当设置为清除或删除文件时才运行的稍微快了点。由于对wildlist的检测率高，白名单测试表现良好，我们授予奇虎本次VB奖项。

猪头无双

本楼瑞星


（右上角+左下角部分）


ItW 96.91%                  Polymorphic 73.93%
ItW (o/a) 96.91%         Trojans 51.35%
Worms & bots 76.03% False positives 0


Rising’s product arrived as a 109MB package, which installed fairly speedily, warning about a temporary loss of network connectivity while it put its components in place. After the required reboot, a configuration wizard takes the user through a number of further set-up stages. We were sad to see that the ‘Rising assistant’, aka the dancing cartoon lion that usually adorns desktops, was not in evidence this month. The interface is wordy and a little cluttered but reasonably simple to fi nd one’s way around, and enabled fairly easy running of our tests. On-demand speeds were on the slow side, but not extremely so, and on-access lags were fairly hefty, but RAM use was fairly low and CPU use not too high either. Detection rates were reasonable in the standard sets and fairly mediocre in the RAP sets, with considerable fluctuation from week to week. The clean set was handled well, but in the WildList set a number of items were not spotted, including a large swathe of rather old W32/Polip samples,

and as a result no VB100 award can be granted this month.



瑞星安装包109M，安装过程迅速，在安装某些组件时会提示完全断网（估计是防火墙）。重启后会出现设置向导，让用户对该软件做进一步设置。我们悲哀的发现“瑞星小助手”——经常现身在桌面上的一个小狮子，这个月没出现。（看来老外很喜欢养狮子玩）界面有些枯燥和凌乱，但很好找到该要的东西，而且很容易就能进行测试。按需扫描速度低，但不是特别低。实时监控响应时间短，内存占用低，CPU占用不高。主体测试表现良好，PAP测试表现平常，但每周测试时都有波动。白名单测试结果不错，但wildlist中有些样本漏了，包括一大批很老的W32/Polip样本，因此，本次VB100奖和他无缘了。

猪头无双

本楼金山



1.金山高级版                                                                                         

ItW 99.99%                   Polymorphic 62.79%
ItW (o/a) 99.99%           Trojans 28.48%
Worms & bots 63.24%   False positives 0

Kingsoft as usual entered both ‘Standard’ and ‘Advanced’ editions of its suite solution, and as usual there was very little difference between the two. We start with the ‘Advanced’ edition purely for alphabetical reasons, and note that the 69MB installer is significantly larger than that of the ‘Standard’ version. The installation process is rapid and simple, with no reboot required, leading into a set-up wizard which gives options on settings, the use of ‘in-the-cloud’ resources, and providing feedback. The interface is clean and clear and seems to use much nicer fonts than the previous versions tested. Navigation is simple and options are good, although translation remains a little clunky and hard to follow in places. Running through the test presented few problems, with some slowish speeds on demand, notably in the archive sets where many compression systems are unpacked in some depth, but fi le access lag times were light and system resource usage not too heavy either. Initial run through the test sets seemed to show that logging is capped at a certain size or length, but no information or options were
found regarding this, and so testing was split into chunks to ensure complete information. Detection scores were pretty low in the trojans and RAP sets, with only the set of worms and bots producing a respectable set of fi gures, but the clean sets were handled well. Stability was rock-solid throughout the tests, even under heavy stress and over samples which caused serious
problems for many products this month. All looked well until we spotted a single item in the WildList set not detected: one sample out of 2,500 replications of the latest W32/Virut strain spoiled Kingsoft’s chances of reclaiming its award despite a tester-friendly, if not overly impressive showing.

金山按惯例送来“高级版”、“标准版”两个版本，而且这两个版本基本没什么区别。我们先测试高级版纯粹是因为字母顺序的原因，而且69M的“高级版”体积比标准版还大。安装过程简单迅速，不需要重启，接着是安装向导，对设置进一步细化，提供“云”支持，并会反馈结果。界面干净清爽，字体比以前的版本更漂亮。导航简单，设置良好，尽管有些翻译的问题（囧，av-c也有这毛病），但无伤大雅。测试过程中几乎没神马问题，按需扫描的速度有点慢，尤其是检测压缩包文件时，需要对某些文件解压缩到一定程度，但是响应时间短，资源占用少。首次测试时发现日志貌似被设定到一定的大小和长度，导致后边的日志会覆盖前面的，但是我们没发现有神马设置或提示可以改变这种现象，所以测试不得不暂停几次，以便获得全部信息。木马测试和RAP测试的分数实在是低，只有蠕虫测试获得了一个好分数，白名单测试的结果也不错。稳定性相当不错，即便是面对大批量的样本和某些严重性破坏性样本也能挺住。我们发现，其他都行，就是wildlist样本漏杀了——一个最新的W32/Virut样本组，大概有2500个单体——因此，本次VB奖项不授予金山高级版。


2.金山标准版

ItW 99.99%                  Polymorphic 62.64%
ItW (o/a) 99.99%         Trojans 8.30%
Worms & bots 53.35% False positives 0


As mentioned above, the ‘Standard’ edition of Kingsoft’s product is pretty much identical to the ‘Advanced’ product on the surface, but we noted the far smaller 51MB installer, and also the updates included, which appear to be several days older
than the ‘Advanced’ product. The installation process and user experience in general were light, fast, simple and clear, and
stability was again rock-solid throughout all tests, allowing us to get both products done in the same 24-hour period, on
adjacent test machines. Scanning speeds were pretty similar, but for this version access times were a little lighter, and resource consumption a fraction heavier. Detection rates were again disappointing – notably lower than the ‘Advanced’ edition, with the older updates doubtless contributing. Again, the clean sets were handled without problems, but again that single Virut sample in the WildList set put paid to any hopes of a VB100 award for the product.

如前所述，标准版和高级版长得太像了，但是他的个头（连安装带更新）只有51M，貌似他比高级版早产了几天。总体来说，安装过程和用户体验都很不错，迅速、轻便、干净、稳定。这使得我们可以在24小时内就对两款产品在相邻的两台机器上做完测试。检测速度俩版本都差不多，不过这个版本的响应时间要更快些，资源占用要稍高些。检测率再次的令人失望了——比高级版还低，由于升级的时间比高级版早几天的缘故。白名单测试再次没问题，wildlist检测和高级版一样再次漏杀相同种类的病毒。所以，想获得VB奖项基本没希望了。

猪头无双

本楼嘛打劫

499724595

辛苦了

天界云涛

楼主辛苦，我纯支持你一下，弱弱的问一下，还有吗，国外的也行

咆哮的蜗牛

顶完再看。楼主辛苦。

猪头无双

回复 8楼 天界云涛 的帖子

国外区有一篇，不知道沉了米有