Сравнительная характеристика некоторых антивирусов.



1. Тест на обнаружение троянских файлов.Все имеющиеся у меня трояны 
распакованы и скопированы в один каталог.Для чистоты эксперимента все файлы 
переименованы.(Вряд ли кто рассылает boserve.exe скорее всего злодей назовет
его supernuke.exe или icqhack.exe или что нибудь в этом духе...)

Тестирование проводилось 1 августа 1999 года.
________________________________________________________________________________

			|P_CLEAR|Norton	|AVP 3.0|The	|	|	|	|		
Trojans			|	|Antivir|Platin |Cleaner|	|	|	|	
________________________|2_0_0_2|_5_0___|_______|2_1_0_3________________________
Acid shiver		|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
Antigen			|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|			
Aoltrojan		|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
BackDoor202		|___+___|___+___|___+___|___ ___|___ ___|___ ___|___ ___|
BackDoor203		|___+___|___+___|___+___|___ ___|___ ___|___ ___|___ ___|
Blade 080		|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
Blazer5			|___+___|___+___|___+___|___ ___|___ ___|___ ___|___ ___|
Back Oriffice1.2		|___+___|___+___|___+___|___+___|___ ___|___ ___|___ ___|	
Back Oriffice1.2m	|___+___|___+___|___+___|___ ___|___ ___|___ ___|___ ___|
Back Oriffice2000	|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Bo2			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Bo-Bo			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Bodll			|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
Boftp			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Bugs			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
BT			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Cain 1.5			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
LexA			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|	
Coma			|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
Control			|___+___|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|
Delta Source v0.5 BETA  |___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Delta Source v0.7	|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Devil13			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
DeepThroat v1.0.		|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
Deep Throat v2 		|___+___|___  __|___+___|___ ___|___ ___|___ ___|___ ___|
DeepThroat v2.1.		|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|	
Evilftp			|___+___|___ ___|___+___|___+___|___ ___|___ ___|___ ___|
Executer			|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
fatalnetwork		|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
Fore1.0			|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
GateCrasher 1.0		|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
GateCrasher 1.1 Final	|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
GirlFriend 1.35		|___+___|___ ___|___+___|___+___|___ ___|___ ___|___ ___|
GirlFriend 1.3		|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
GirlFriend 1		|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
HackParadise2		|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Hack '99 KeyLogger	|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Haebu Coceda 2.12	|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
Haebu Coceda 2.14	|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
Haebu Coceda 2.15	|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
Haebu Coceda 2.16	|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
Haebu Coceda 2.17	|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
Haebu Coceda 2.18	|___+___|___ ___|___+___|___+___|___ ___|___ ___|___ ___|
Haebu Coceda 2.18m	|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
Haebu Coceda 2.19	|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
Haebu Coceda 2.20	|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Haebu Coceda 2.26	|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Haebu Coceda 2.27	|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Haebu Coceda 2.29	|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Haebu Coceda 2.31	|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
icqsnifferv3.exe		|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
icqsnifferv41.exe	|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
ICQ Trogen.a5		|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
indoc			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
invftp			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Khaled			|___+___|___+___|___+___|___ ___|___ ___|___ ___|___ ___|
Kuang2pS			|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
Kuang2pS21		|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
lmillenium2000		|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Master Paradise8		|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|	
Master Paradise9.8beta	|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Master Paradise9.7	|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Master Paradise9.9d	|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
millenium 1.0		|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
NetBus 1.2		|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
NetBus 1.6		|___+___|___+___|___+___|___ ___|___ ___|___ ___|___ ___|
Netbus 1.7		|___+___|___ ___|___+___|___+___|___ ___|___ ___|___ ___|
NetBus 2.0		|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
NetMonitor		|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
NetSpy			|___+___|___ ___|___ ___|___+___|___ ___|___ ___|___ ___|
NetSpyon			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Passgrab			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
phAse zero version 1.0 b|___+___|___+___|___+___|___ ___|___ ___|___ ___|___ ___|
PhineasPhaker		|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Prosiak			|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
Progenic Trojan		|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Pricol3			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
rat10			|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
rat11			|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
rat20			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
HackCity Ripper Pro	|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Saran Wrap1.0		|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Sasha			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Shockrave		|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Shtirlitz		|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
Silencer			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Sesam			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
sockets-de-troie23	|___+___|___ ___|___ ___|___+___|___ ___|___ ___|___ ___|
sockets-de-troie25	|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
soundpak			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
stealth2			|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
stealth2.16		|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
StealthSpy BETA3		|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|	
Small Share v1.0		|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Sub7			|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
Sub7 1.1			|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
Sub7 1.2			|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
Sub7 1.3			|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
Sub7 1.4			|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
Sub7 1.5			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Sub7 1.6			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Sub7 1.7			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Sub7 1.8			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
suckinfo"mIRC Update"1.2|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Sysdll 2			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
System32			|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
Tailgunner		|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
Tapiras			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Telecommando		|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
tnsrv			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Trans			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
terminat			|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
Voice			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Voodoo			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Wartrojan		|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Webex1			|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
Webex1.3			|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
Wincrash1.0		|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
Wincrash1.3		|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
Winpc			|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|

Тестирование проводилось 12 августа 1999 года.
			 ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ 
9x Datakit Network	|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Idiot			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Ifq			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
iNi-Killer 3.0 Pro	|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Keycopy			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Keylogg2			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
KEYLOG95.EXE		|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Keylogw95		|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Keystroke Recorder	|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
KEYTRAP v1.0		|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
KEYTRAP v2.0		|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
krenx			|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
Netrust21		|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Netware Trojan v1.0	|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
PSS			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Puzzle			|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
SetupTrojan		|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Sp			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
TOP BetaV1.0		|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
TrojanMan v1.5		|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
ULTOR'S TROJAN PORT	|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|	
WinCrash 2.0		|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|	
Netspy DK		|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Int09mon			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Achtung			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Antisocket		|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Bopicture		|___+___|___+___|___+___|___ ___|___ ___|___ ___|___ ___|
Trojan Cow Remover.	|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Elitewarp		|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Frenzy			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
Gatecleaner		|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
ICQp			|___+___|___ ___|___+___|___ ___|___ ___|___ ___|___ ___|
ICQsht			|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
NetBus Patcher 1.1	|___+___|___ ___|___ ___|___ ___|___ ___|___ ___|___ ___|
			|	|	|	|	|	|	|	|
Тестирование проводилось 13 августа 1999 года.
			|___+___|_______|_______|_______|_______|_______|_______|
Bus Conquerer		|___+___|_______|_______|_______|_______|_______|_______|
NetBuster12		|___+___|_______|_______|_______|_______|_______|_______|
NetBuster13		|___+___|_______|_______|_______|_______|_______|_______|
Cheep			|___+___|___+___|___+___|_______|_______|_______|_______|
phAse zero ver. 1.1a	|___+___|___+___|_______|_______|_______|_______|_______|
HackCity Portal of Doom |___+___|_______|_______|_______|_______|_______|_______|
Remote Windows Shutdown	|___+___|_______|_______|_______|_______|_______|_______|
Robo			|___+___|_______|_______|_______|_______|_______|_______|
SATAN'S BACK DOOR	|___+___|_______|_______|_______|_______|_______|_______|
Shadow			|___+___|_______|_______|_______|_______|_______|_______|
Striker Trojan v1.0	|___+___|_______|_______|_______|_______|_______|_______|
Thing			|___+___|_______|_______|_______|_______|_______|_______|
The 1-900 Trojan		|___+___|_______|_______|_______|_______|_______|_______|
The Spy (beta 1)		|___+___|_______|_______|_______|_______|_______|_______|
WebEx 1.4		|___+___|_______|_______|_______|_______|_______|_______|
			|___+___|_______|_______|_______|_______|_______|_______|
Haebi 232		|___+___|_______|___+___|_______|_______|_______|_______|
Agentkgb			|___+___|_______|_______|_______|_______|_______|_______|
Autosc			|___+___|_______|_______|_______|_______|_______|_______|
Hookdump			|___+___|_______|_______|_______|_______|_______|_______|
Keycopy			|___+___|_______|_______|_______|_______|_______|_______|
Keymac			|___+___|_______|_______|_______|_______|_______|_______|
Keypress			|___+___|_______|_______|_______|_______|_______|_______|
Log			|___+___|_______|_______|_______|_______|_______|_______|
Qk200			|___+___|_______|_______|_______|_______|_______|_______|
Secsot			|___+___|_______|_______|_______|_______|_______|_______|
Spylog			|___+___|_______|_______|_______|_______|_______|_______|
Spy44			|___+___|_______|_______|_______|_______|_______|_______|
			|_______|_______|_______|_______|_______|_______|_______|
Итого ..................| 182	| 12	| 63	| 7	|	|	|	|



2. Тест на лечение зараженной системы.Для этого я запустил на своей машине:
NetBus1.7 , GirlFrend1.35 , Stealth 2.После этого всем тестируемым программам
предложено проверить систему .В итоге получены следующие результаты:

	P_CLEAR Все запущенные трояны обнаружил и деинсталлировал с первого раза,
		без перезагрузки Windows.

	AVP Обнаружил все три трояна, удалить не смог,сославшись на 
		то ,что файл блокирован другим процессом.Системные записи не 
		обнаружены.Файлы удалены после перезагрузки системы.

	Norton antivirus ичего не обнаружил,поэтому ничего естественно и не 
		удалил.

	The Cleaner  обнаружил NetBus1.7 и GirlFrend1.35,при включенной опции
		'auto clean' удалить их не смог,Stealth 2 не обнаружил вовсе.
		Не могу не упомянуть о том,что меня удивило при знакомстве с этой
		программой-она не обнаруживает трояны из своего же заявленного списка,
		То есть должна бы обнаружить довольно много ,судя по внушительному
		списку слева в окне,но молчит.Создается впечатление,что это просто блеф
		(кто нибудь подтвердите или опровергните меня).

Итог.
P_CLEAR  является наиболее приспособленным для удаления уже запущенных троянов,
	обладает самой обширной базой данных,регулярно обновляется.

AVP  К достоинствам можно отнести то ,что кроме троянов ищет прочие вирусы.
	Недостатки-не проверяет системные записи,для удаления файлов требуется
	перезагрузка Windows,обнаруживает далеко не все трояны,достаточно высокая цена.

Norton antivirus и The Cleaner вещи непотребные,подлежат сожжению на костре,ибо вводят
	пользователя в состояние благого неведения.

Если у кого есть идеи на счет изложенного материала пишите pilat@mail.ru
Офф сайт P_CLEAR  www.chat.ru/~p_clear