(再续前缘)无聊测试一下国内各杀软的HIPS能力

anjie8456

自从上次发了<<无聊测试一下国内各杀软的HIPS能力>>，被众路大神训得那叫一个惨啊。同时回一下这位同学的《国内杀软和国外杀软差距能有多大？》的问题，一看你这问题，就知道在这圈了混得不久，应该问《国内杀软和国外杀软流氓差距有多大？》,@喜糖咩咩 ，回到正题，上个帖子总结而言就是：
第一，        只有土鐅才用CTL；
第二，        没有国外的杀软，显得level比较低，不洋气；
后来寻思着，要不再做个试验，做SSTS，然后使用一些国外的软件PK数字。由于不是砖家，一看那个配置，纯粹是体力活，直接就晕过去了，两个月后才醒来。顺便都使用各家可以找得到的最新版。不说了，直接上结果，还是以数字为基准对比线。
PS：难得Baidu Antivirus是国内团队开发的，也一起把它拉一起了。

测试工具
http://www.matousec.com

测试环境配置
虚拟环境：Vmware Workstation 8.0
设备参数：内存512MB，CPU Itel Core-i3双核3.29GHz,硬盘60G SSD
操作系统：windows xp sp3  深度ghost版 预装常用软件
网络环境：虚拟机NAT，Host准入连接，虚拟机内部可以上外网

测试结果

杀软	avast	360	NOD32	Baidu Anvirius
拦截样本失败数	29	22	17	12
成功拦截样本数	114	121	126	131
成功拦截通过率	79.70%	84.62%	88%	91.60%

细测试内容

测试用例	NOD32	360	avast	Baidu Antivirus
autorun1.exe	Fail	Pass	Fail	Pass
autorun2.exe	Pass	Pass	Fail	Pass
autorun3.exe	Pass	Pass	Pass	Pass
autorun4.exe	Pass	Pass	Fail	Pass
autorun5.exe	Pass	Pass	Fail	Pass
autorun6.exe	Pass	Pass	Fail	Pass
autorun7.exe	Pass	Pass	Fail	Pass
autorun8.exe	Pass	Pass	Fail	Pass
autorun9.exe	Pass	Pass	Fail	Pass
autorun10.exe	Fail	Pass	Pass	Pass
autorun11.exe	Pass	Pass	Pass	Pass
autorun12.exe	Pass	Pass	Pass	Pass
autorun13.exe	Pass	Pass	Fail	Pass
autorun14.exe	Pass	Pass	Fail	Pass
autorun15.exe	Pass	Pass	Fail	Pass
autorun16.exe	Pass	Pass	Pass	Pass
autorun17.exe	Pass	Pass	Pass	Pass
autorun18.exe	Pass	Pass	Pass	Pass
autorun19.exe	Pass	Pass	Pass	Pass
autorun20.exe	Pass	Pass	Pass	Pass
autorun21.exe	Pass	Pass	Pass	Pass
autorun22.exe	Pass	Pass	Pass	Pass
autorun23.exe	Pass	Pass	Pass	Pass
autorun24.exe	Pass	Pass	Pass	Pass
autorun25.exe	Pass	Pass	Pass	Pass
autorun26.exe	Pass	Pass	Pass	Pass
autorun27.exe	Pass	Pass	Pass	Pass
autorun28.exe	Pass	Pass	Pass	Pass
autorun29.exe	Pass	Pass	Pass	Pass
autorun30.exe	Fail	Pass	Pass	Pass
autorun31.exe	Pass	Pass	Fail	Pass
autorun32.exe	Pass	Pass	Pass	Pass
autorun33.exe	Pass	Pass	Pass	Pass
autorun34.exe	Pass	Pass	Pass	Pass
autorun35.exe	Pass	Pass	Pass	Pass
autorun36.exe	Pass	Pass	Fail	Pass
autorun37.exe	Pass	Pass	Pass	Pass
awft1.exe	Pass	Pass	Pass	Pass
Awft3.exe	Pass	Pass	Pass	Pass
Awft4.exe	Pass	Pass	Pass	Pass
bitstest.exe	Pass	Pass	Pass	Pass
breakout1.exe	Pass	Fail	Fail	Fail
breakout2.exe	Pass	Pass	Pass	Pass
coat.exe	Pass	Pass	Pass	Pass
copycat.exe	Pass	Pass	Pass	Pass
cpil.exe	Fail	Pass	Pass	Pass
cpilsuite1.exe	Pass	Pass	Pass	Pass
Cpilsuite2.exe	Pass	Pass	Pass	Pass
Cpilsuite3.exe	Pass	Pass	Pass	Pass
crash1.exe	Pass	Pass	Pass	Pass
Crash2.exe	Pass	Pass	Pass	Pass
Crash3.exe	Pass	Pass	Pass	Pass
Crash4.exe	Pass	Pass	Pass	Pass
Crash4b.exe	Pass	Pass	Pass	Pass
Crash5.exe	Pass	Pass	Pass	Pass
Crash6.exe	Pass	Pass	Pass	Pass
Crash7.exe	Pass	Pass	Pass	Pass
ddetest.exe	Pass	Fail	Fail	Fail
dnstester.exe	Fail	Pass	Pass	Pass
echotest.exe	Pass	Fail	Pass	Pass
Echotest2.exe	Pass	Fail	Pass	Pass
fileacc1.exe	Pass	Fail	Pass	Pass
filectl1.exe	Pass	Fail	Pass	Pass
filedel1.exe	Pass	Fail	Pass	Pass
Filedel2.exe	Pass	Fail	Pass	Pass
Filedel3.exe	Pass	Fail	Pass	Pass
filemov1.exe	Pass	Fail	Pass	Pass
Filemov2.exe	Fail	Fail	Fail	Pass
fileopn1.exe	Pass	Pass	Pass	Pass
Fileopn2.exe	Pass	Pass	Pass	Pass
filerep1.exe	Pass	Pass	Pass	Pass
Filerep2.exe	Pass	Pass	Pass	Pass
filewri1.exe	Pass	Pass	Pass	Pass
Filewri2.exe	Fail	Fail	Pass	Pass
Filewri3.exe	Pass	Pass	Pass	Pass
Filewri4.exe	Pass	Pass	Pass	Pass
firehole.exe	Pass	Pass	Pass	Pass
Firehole2.exe	Pass	Pass	Pass	Pass
flank.exe	Fail	Fail	Pass	Fail
ghost.exe	Fail	Fail	Pass	Fail
hostsblock.exe	Pass	Pass	Fail	Pass
inject1.exe	Pass	Pass	Pass	Pass
inject2.exe	Pass	Pass	Pass	Pass
inject3.exe	Pass	Pass	Pass	Pass
jumper.exe	Pass	Pass	Pass	Pass
kernel1.exe	Pass	Pass	Fail	Pass
kernel1b.exe	Pass	Pass	Fail	Pass
Kernel2.exe	Pass	Pass	Fail	Pass
Kernel3.exe	Pass	Pass	Pass	Pass
Kernel4.exe	Pass	Pass	Pass	Pass
Kernel4b.exe	Pass	Pass	Pass	Pass
kernel5.exe	Pass	Pass	Pass	Pass
kernel5b.exe	Pass	Pass	Pass	Pass
keylog1.exe	Pass	Pass	Pass	Pass
Keylog2.exe	Pass	Pass	Pass	Pass
Keylog3.exe	Pass	Pass	Pass	Pass
Keylog4.exe	Pass	Pass	Pass	Pass
Keylog5.exe	Pass	Pass	Pass	Pass
Keylog6.exe	Pass	Pass	Pass	Pass
Keylog7exe	Pass	Pass	Pass	Pass
kill1.exe	Pass	Pass	Pass	Pass
Kill2.exe	Pass	Pass	Pass	Pass
Kill3.exe	Pass	Pass	Pass	Pass
Kill3b.exe	Pass	Pass	Pass	Pass
Kill3c.exe	Pass	Pass	Pass	Pass
Kill3d.exe	Pass	Pass	Pass	Pass
Kill3e.exe	Pass	Pass	Pass	Pass
Kill3f.exe	Pass	Pass	Pass	Pass
Kill4.exe	Pass	Pass	Pass	Pass
Kill5.exe	Pass	Pass	Pass	Pass
Kill6.exe	Pass	Pass	Pass	Pass
Kill7.exe	Pass	Pass	Pass	Pass
Kill8.exe	Pass	Pass	Pass	Pass
Kill9.exe	Pass	Pass	Pass	Pass
Kill10.exe	Pass	Pass	Pass	Pass
Kill11.exe	Pass	Pass	Pass	Pass
Kill12.exe	Pass	Pass	Pass	Pass
leaktest.exe	Fail	Fail	Pass	Fail
newclass.exe	Pass	Pass	Fail	Fail
osfwbyPass.exe	Fail	Fail	Fail	Fail
regacc1.exe	Pass	Pass	Fail	Pass
regdel1.exe	Pass	Pass	Fail	Pass
regdel2.exe	Pass	Pass	Fail	Pass
regset1.exe	Pass	Pass	Fail	Pass
runner.exe	Pass	Pass	Pass	Pass
runner2.exe	Pass	Pass	Pass	Pass
schedtest.exe	Pass	Pass	Pass	Pass
schedtest2.exe	Pass	Pass	Pass	Pass
socksnif.exe	Pass	Pass	Pass	Pass
sss.exe	Fail	Fail	Fail	Pass
Sss2.exe	Fail	Fail	Fail	Pass
Sss3.exe	Fail	Fail	Fail	Fail
Sss4.exe	Fail	Fail	Pass	Pass
suspend1.exe	Pass	Pass	Pass	Pass
Suspend2.exe	Pass	Pass	Pass	Pass
svckill.exe	Pass	Pass	Pass	Pass
thermite.exe	Pass	Pass	Pass	Pass
tooleaky.exe	Fail	Fail	Pass	Fail
vbstest.exe	Fail	Fail	Pass	Fail
wallbreaker1.exe	Pass	Pass	Pass	Fail
wallbreaker2.exe	Pass	Pass	Pass	Pass
wallbreaker3.exe	Pass	Pass	Pass	Fail
wallbreaker4.exe	Pass	Pass	Pass	Pass
汇总	126	121	114	131
通过率	88%	85%	80%	92%

我靠，瞎了，百度杀毒国际版绝对是匹黑马。两家老牌的杀软，也是杠杠的，360更不用说，各种获奖。总体来说，大对于对HIPS都比较重视，大家基本功都做得很好，基本都是Pass率都在80%以上。都给个赞。

精力有限，只测了四款，如哪位路过又闲着蛋疼的大神有空，劳烦也测试一下Q管、金山等。

anjie8456

新年第一贴，自己先顶一下

白一样的菜

这是极好的，有的时候不下个病毒包扫扫，总是觉得电脑有问题，看看楼主的分析

paul_guo

我觉得总有种偏见飘扬在国产杀软上空，就是他们不行。。。。。。
这个真的只能呵呵了

方鸿渐

支持一下吧。

Symantec.

paul_guo 发表于 2015-1-5 11:19
我觉得总有种偏见飘扬在国产杀软上空，就是他们不行。。。。。。
这个真的只能呵呵了

           国产也就360还可以，其他都是娱乐软件

bzaf868

matousec的结果只对纯手动档有参考价值

XywCloud

“PS：难得Baidu Antivirus是国内团队开发的，也一起把它拉一起了。”
感觉这句有点歧义，楼主改一下要得不？

ydgaga

楼主360是什么版本，是国际版还是国内版，为什么不用360国际版本 和国内版本一起试试呢

东方妖妖梦

XywCloud 发表于 2015-1-5 12:17
“PS：难得Baidu Antivirus是国内团队开发的，也一起把它拉一起了。”
感觉这句有点歧义，楼主改一 ...

我觉得楼主的意思是，难得baidu antivirus那么好的软件是国内团队开发的