Here (http://www.shadowserver.org/wiki/pmwiki.php?n=Stats.VirusDailyStats). Not a good day for zero threats, well unless you are Panda.

-{ Quote: "Here (http://www.shadowserver.org/wiki/pmwiki.php?n=Stats.VirusDailyStats). Not a good day for zero threats, well unless you are Panda." }-


Errr... Back to the non zero day tests please, where you can choose your samples wisely and have more encouraging recults (like all fellas get 95+% and we can all be happy). ;D

This test is bad! Bad i tell you! >:(

-{ Quote: "Here (http://www.shadowserver.org/wiki/pmwiki.php?n=Stats.VirusDailyStats). Not a good day for zero threats, well unless you are Panda." }-

The reality is, the zero-day threats are more likely than the "zoo" threats that most tests measure. To me, you are only as good as the next zero-day threat that your AV stops. If you look at the data, there is a high enough probability that we are going to get stung the longer we are online. Of course, the veracity of this test (and any other) is the key- and we may not have enough information to make a proper decision as to the validity of the testing matrix.

the test is nonsense, and also, how respected is the source?

http://blog.washingtonpost.com/securityfix/2006/07/botslaying_isp_hall_of_fame_1.html

This is strange test. Panda 99%( no AV can get it for zer day threats).
Most others at 69 %, all so close.

i refuse to believe that the stupid megadetection or whatsoever beat antivir, nod32, bitdefender. the top 3 in heuristics...

chill geek,

This was for ONE day only.

-{ Quote: "chill geek,

This was for ONE day only." }-
i bet you, if panda knew about this, it would be flying over their main page and they would go one about it for a year or so tricking people to buy their product! :(

-{ Quote: "i bet you, if panda knew about this, it would be flying over their main page and they would go one about it for a year or so tricking people to buy their product! :(" }-
are you saying Panda is a bad product in general?

but this was just ONE DAY, if you look at the last 12 months, Panda scores just 49.78% protection against Zero day.

-{ Quote: "are you saying Panda is a bad product in general?

but this was just ONE DAY, if you look at the last 12 months, Panda scores just 49.78% protection against Zero day." }-

Agreed-one of the worst for 12 months. Dr. Web in 3rd place on a yearly basis (96.37%).

-{ Quote: "Agreed-one of the worst for 12 months. Dr. Web in 3rd place on a yearly basis (96.37%)." }-
i didnt want to mention it :)

-{ Quote: "are you saying Panda is a bad product in general?

but this was just ONE DAY, if you look at the last 12 months, Panda scores just 49.78% protection against Zero day." }-
yes, i am saying panda is a bad product in general, this is one day, i know panda generally scores lower, but this is the whole point of marketing, some site promotes them, and its on their front page saying its best and all the others are rubbish. thats what i'm worried about, people don't really get a chance to think.

-{ Quote: "yes, i am saying panda is a bad product in general, this is one day, i know panda generally scores lower, but this is the whole point of marketing, some site promotes them, and its on their front page saying its best and all the others are rubbish. thats what i'm worried about, people don't really get a chance to think." }-
well, i actually like Panda so i cant agree fully :)

-{ Quote: "i didnt want to mention it :)" }-

Ya I know, but I ain't as tainted as you. ;D

-{ Quote: "well, i actually like Panda so i cant agree fully :)" }-
different opinions made the world! ;D ;D ;D

Perhaps Panda is worth a look. Somewhere I read they are using behavior based detection. Perhaps that is where the difference is.

-{ Quote: "Somewhere I read they are using behavior based detection. Perhaps that is where the difference is." }-
Yup, Panda has a behav. blocker/analyzer. The problem with these numbers is that this test (AFAIK) is done on flat file scanning and I have a hard time believing a >95 % detection rate of fresh samples with a signature-based product. OTOH, Panda is a somewhat agressive scanner, so maybe a good amount of detections are of the "suspicious" kind.

Hi just a little info from my experience.I don't use panda never did,i don't belive in any test even if it's done by the most trusted sources(av-comparatives,virus bulletin etc)i always used avira premium as my main protection.I use p2p quite often mainly to check for malware and warn the others,and when i scan the files that i know are infected using virus total ,panda and prevx are the ones that more often flag 0 day malware.I know that the files are infected (i use sandboxie and process explorer so i'm aware even if avira miss something),i only scan at virus total for my curiosity.You don't have to belive this are just my findings during the last 2-3 months.So even if i don't trust the test i belive it is not far from the truth.

F-secure is pretty solid on zero day threats...

Hmm... interesting. So, just what is this thing that Panda is reporting as "Adware/AccesMembre", I wonder.

-{ Quote: "are you saying Panda is a bad product in general?

but this was just ONE DAY, if you look at the last 12 months, Panda scores just 49.78% protection against Zero day." }-

Yeps have a look at http://www.shadowserver.org/wiki/pmwiki.php?n=Stats.VirusYearlyStats

The daily results fluctuate a fair bit. The yearly ones should be better.

-{ Quote: "Yup, Panda has a behav. blocker/analyzer. The problem with these numbers is that this test (AFAIK) is done on flat file scanning and I have a hard time believing a >95 % detection rate of fresh samples with a signature-based product. OTOH, Panda is a somewhat agressive scanner, so maybe a good amount of detections are of the "suspicious" kind." }-
This mont i've found 4 zero day threats that ware only detected by Panda and they ware all flaged as "suspicious".I don't know what system Panda uses for detection but indeed the files ware flagged as "suspicious"

-{ Quote: "Yeps have a look at http://www.shadowserver.org/wiki/pmwiki.php?n=Stats.VirusYearlyStats

The daily results fluctuate a fair bit. The yearly ones should be better." }-

-{ Quote: " if you look at the last 12 months, Panda scores just 49.78% protection against Zero day." }-
12 months = 1 year ;)

;)

but thank you :D

eh, that's just a test showing nothing. :)
Today Panda may be at the top, then Avira, then Kaspersky. It really matters what kind of threats YOU encounter not those honeypots.

-{ Quote: "I know that the files are infected (i use sandboxie and process explorer so i'm aware even if avira miss something)" }-
Come on! how come SBIE and PE only can tel u for sure that a file is malware!

Is there a reason why symantec was not tested?

trjam and dr.web :D.

-{ Quote: "Come on! how come SBIE and PE only can tel u for sure that a file is malware!" }-
Well of course you know sandboxie feature of multiple sandboxes running at the same time.I open the the suspicious file in one sandbox and the genuine from the vendor site in other sandbox.Other than the fact that i have some experience ,this simple method never failed me until now.There is also hijack this,and if u grant it, for example direct acces in the sandbox,you will have a accurate picture(not 100%procent like a real pc but very close) ,of what the "suspicious"file does.Since all of this can be done with freeware tools try for yourself ,don't have to take my word for it.

ShadowSever needs to learn how to make a website, GAWD it's awful trying to look at it with a 19" CRT, the need to scroll the site left and right to look at it.

That webmaster should be horse whipped, LOL... :blink:

-{ Quote: "Hmm... interesting. So, just what is this thing that Panda is reporting as "Adware/AccesMembre", I wonder." }-

That is a *spanish* dialer, hence no wonder that Panda detects that ofc. The only question remaining now is why on earth is that sample so many times on their server. I assume what they are detecting is the dialer *DLL* files. There is another executable together with it. The whole dialer package is known as Montil Dialer. So it could be possible that this specific dialer dll has some "manual polymorphism" (server side) and that there are quite some different binaries of that file.

Mike

Update: Just added detection for it so just forget it now ;D

Is that Kaspersky 3.0 they used with virus definitions from 1999.12.25 ?

(When they don't post any details like versions numbers, I don't consider the results credible.)

They do;

They even list what options were used for each scanner.

Kaspersky Anti-Virus for File Server Kaspersky $190.00 US 5.5.18 kav4fs-kavscanner

http://www.shadowserver.org/wiki/pmwiki.php?n=Stats.Viruses

-{ Quote: "They do;

They even list what options were used for each scanner.

Kaspersky Anti-Virus for File Server Kaspersky $190.00 US 5.5.18 kav4fs-kavscanner

http://www.shadowserver.org/wiki/pmwiki.php?n=Stats.Viruses" }-

Same old psychological problem I have seen displayed here hundreds of times. If your AV is low rated, there must be something wrong with the test. If your AV is highly rated, the test is credible.

-{ Quote: "Same old psychological problem I have seen displayed here hundreds of times. If your AV is low rated, there must be something wrong with the test. If your AV is highly rated, the test is credible." }-


Huh? My answer had zero to do with whether the test is valid or not. Someone said they didn't post version numbers, I said they did. I did not state one way or the other how any of the AV's I use do/did, or what my opinion of the validity of said tests were.

-{ Quote: "Huh? My answer had zero to do with whether the test is valid or not. Someone said they didn't post version numbers, I said they did. I did not state one way or the other how any of the AV's I use do/did, or what my opinion of the validity of said tests were." }-

Quoting you was not a response to you, but rather I was making a generic observation of the statement you responded to. No criticism intended, and you simply provided the fact that the scanner engine versions are delineated:) .

cor, look at m:D c:D a:D f:D e:D e:D ! :argh: :argh:

-{ Quote: "cor, look at m:D c:D a:D f:D e:D e:D ! :argh: :argh:" }-
LOLS! Stop doing that it makes me laugh each time.

N;D O;D R;D T;D O;D N;D

I still say this is pretty damn accurate. Check the end of day totals and they look pretty accurate to me.

http://www.shadowserver.org/wiki/pmwiki.php?n=Stats.VirusDailyStats

-{ Quote: "I still say this is pretty damn accurate. Check the end of day totals and they look pretty accurate to me.

http://www.shadowserver.org/wiki/pmwiki.php?n=Stats.VirusDailyStats" }-

Agreed. Probably more reflective of an AV's ability (or lack thereof) to stop zero-day malware which exists in the real world.

Hello all,

Anyone can correlate accuracy and relevancy of http://www.shadowserver.org/wiki/

Norman is doing great the last days

The results look fine, sure...but I have a really hard time believing that the majority of the programs (including my own F-prot6) are really doing this well against threats that are out there - I mean, the majority with 99%+ ??

It also seemed a bit odd when suddenly a large number of samples of a particular piece of malware appeared that were only detected by one program, so that program got 99% on that day and the others got all 68% or so. What makes this odd is that on that day we did not receive a *single* copy of that particular malware from sources like VirusTotal, Jotti or others like that, so it was clearly not in wide distribution.

I'm wondering whether someone is feeding samples like that into the system for one reason or another, but that is just pure speculation, of course.

Yes, I have wondered exactly where they get their samples from as well. I keep an eye on this site, but i am, like a lot of others here, not sure what to make of it.

Several posts removed including a private message. If anyone has any questions contact an administrator.

No private messages or emails are to be posted in the forums per the Terms of Service. (http://www.wilderssecurity.com/tos.php)

its just strange isn't it? one day an av is really good, next day is crap... the tests don't really seem stable and reliable to me. any opinions?

-{ Quote: "its just strange isn't it? one day an av is really good, next day is crap... the tests don't really seem stable and reliable to me. any opinions?" }-
Have a look at weekly, monthly or yearly stats... scroll down and it'll be on the left

Very intresting results the way F-Secure detected far more than Kaspersky (although they were the same malware names)... Settings of products play a very large role in the results.
197420

no not really. Deep Guard is catching most that dont have a Kaspersky signature. F-Secure is really very underated in its ability.

Hello,

Samples are executed trjam ? Because Deepguard is similar to PDM, it won't work on signature test, as for as I know?

what happened to kaspersky and bit?

-{ Quote: "what happened to kaspersky and bit?" }-

They are near the bottom for the Weekly and Monthly data. To see if they regress to the mean a little bit, we can look at the Yearly data. On the Yearly, Kaspersky is 8th out of 17 AVs, and BitDefender is 12th out of 17. Not as bad, but not good either. It appears that heuristics (obviously) are critical for Zero-day malware, and the results are an indication of the efficacy or inefficacy of the AVs tested in this context. Of course the settings are critical so as to maximize the power of each AV. I would like to see tests with the "default" settings and most aggressive settings.

I personally have my Avira settings on max everything. And, even with these settings, I have never had a false positive in years of use. I did have a number of FPs with Dr. Web which I still like right behind Avira (at least on my computers). Your experience may be different.

-{ Quote: "They are near the bottom for the Weekly and Monthly data. To see if they regress to the mean a little bit, we can look at the Yearly data. On the Yearly, Kaspersky is 8th out of 17 AVs, and BitDefender is 12th out of 17. Not as bad, but not good either. It appears that heuristics (obviously) are critical for Zero-day malware, and the results are an indication of the efficacy or inefficacy of the AVs tested in this context. Of course the settings are critical so as to maximize the power of each AV. I would like to see tests with the "default" settings and most aggressive settings.

I personally have my Avira settings on max everything. And, even with these settings, I have never had a false positive in years of use. I did have a number of FPs with Dr. Web which I still like right behind Avira (at least on my computers). Your experience may be different." }-
yeah, i've seen the yearly result and it look somewhat good to me, however, the reason why i don't like this test is that theres generally speaking no consistency except when you see the long term.

I wonder since Avast doesn't have heuristics, (although it does have generic detection) but its detection rate here is very good, if its Web Shield was set to high?

-{ Quote: "yeah, i've seen the yearly result and it look somewhat good to me, however, the reason why i don't like this test is that theres generally speaking no consistency except when you see the long term." }-

Yes, you are correct, but I think that is the point- they are inconsistent (a lot of standard deviation). This means that they all are inconsistent at times which means protection is not a good as most think (at times).

the inconsistency is not only due to the AVs. Quite frankly, I don't think that any AV can consistenly get much more than 75% 0-day success (75% of the malware, but perhaps 99% of the samples that are "out there"). What happens is that if a brand new threat appears, and is common/widespread so that it accounts for a significant percentage of incoming samples, some AVs will detect it, and show very good detection rates on that particular day, while other AVs will fail to detect that particular malware initially, and their detection percentage will drop significantly, perhaps for a few days until detection has been added.

Despite those apparent jumps in detection rate, the AV programs may be consistent in that they have, say, 95% detection of malware and 75% 0-day detection over time.

-{ Quote: "Agreed. Probably more reflective of an AV's ability (or lack thereof) to stop zero-day malware which exists in the real world." }-Possibly so, but where are they going online or what are they doing to get their samples? In my "real world", I don't come across anything that remotely resembles any of those zero-day samples.

It really does depend on what you do online.

What I don't get is, If they are ALL zero day, doesn't that by definition mean they should all be heuristic detections? The vast majority seem to be definition detections which doesn't make them zero day malware, to my understanding anyway.

These statistics have been discussed before and Richard from Shadowserver explained how they are generated.
http://www.wilderssecurity.com/showthread.php?p=1160790#post1160790

-{ Quote: "Possibly so, but where are they going online or what are they doing to get their samples? In my "real world", I don't come across anything that remotely resembles any of those zero-day samples.

It really does depend on what you do online." }-

I agree with you in a general sense, but some people do very risky things online and that is the choice they have made consciously or subconsciously. Many end up with problems (look at the posts in this forum) and my original point was that AVs are not necessarily going to protect people especially high-risk people. The data shows there is a lot of standard deviation in the daily/weekly stats compared to the yearly. So my conclusion is that high risk online activity is likely to result in a malware infestation at some point in time with any AV.

-{ Quote: "I wonder since Avast doesn't have heuristics, (although it does have generic detection) but its detection rate here is very good, if its Web Shield was set to high?" }-
as far as i'm concerned, avast, strictly speaking doesn't have heuristics, but the generic detection acts something like heuristics, so in a way it does.

-{ Quote: "Is there a reason why symantec was not tested?

trjam and dr.web :D." }-


It could be a pricing issue. If you notice the Linus versions of otherwise reasonably priced AV's is around $200 for a single license. I recall Symantec has a 5 license minimum for the enterprise products, at least SEP.

Anyway, I find the Shadowserver site to be very interesting. Its too bad they do not give 3 month and 6 month statistics as the difference between the 1 month and 1 year charts is startling, in some cases. It could be that a product like Clam AV is maturing, or last month could be a fluke.

-{ Quote: "It could be a pricing issue. If you notice the Linus versions of otherwise reasonably priced AV's is around $200 for a single license. I recall Symantec has a 5 license minimum for the enterprise products, at least SEP.

Anyway, I find the Shadowserver site to be very interesting. Its too bad they do not give 3 month and 6 month statistics as the difference between the 1 month and 1 year charts is startling, in some cases. It could be that a product like Clam AV is maturing, or last month could be a fluke." }-
maybe if you request and 3 and 6 month list, they might add it.

-{ Quote: "its on their front page saying its best and all the others are rubbish. thats what i'm worried about, people don't really get a chance to think." }-

If AV Companies like Panda ran around saying Other AV Companies were rubbish, they would be hit so fast with a Law Suit, they wouldnt have enough money to buy the poor Panda any Eucalyptus trees :( But really! I've never seen that on AV sites and probably never will, so dont be so dramatic drama geek :P :D

-{ Quote: "The data shows there is a lot of standard deviation in the daily/weekly stats compared to the yearly. So my conclusion is that high risk online activity is likely to result in a malware infestation at some point in time with any AV." }-

Yes there is a high variance however just looking at daily/weekly stats is probably to small of a sample.

Viruses are collected via honeypots. These are designed to collect viruses and will be 'higher risk' than users.

-{ Quote: "Possibly so, but where are they going online or what are they doing to get their samples? In my "real world", I don't come across anything that remotely resembles any of those zero-day samples.

It really does depend on what you do online." }-

Unfortunately, I see things on users computer that make me cringe... Internet Users vary in skills and in brain power. Some have so many "different" infections they number in the dozens...

Technical types may not be exposed to the same degree as they are however this does not invalidate the reality or the extent of the risks that are latent out there...

Looks at bottom of Shadowserver page...

Page last modified on November 12, 2007, at 08:07 PM

So are these results current then?

-{ Quote: "Looks at bottom of Shadowserver page...

Page last modified on November 12, 2007, at 08:07 PM

So are these results current then?" }-

The daily numbers are significantly different every day.

-{ Quote: "The daily numbers are significantly different every day." }-
It isnt that surprising. Different malware, different detections.

-{ Quote: "Looks at bottom of Shadowserver page...

Page last modified on November 12, 2007, at 08:07 PM

So are these results current then?" }-Maybe it's just giving the date of when the page design etc. was last modified and not the statistics. The stats are probably generated via a script or something. Perhaps there should be a script to modify the date?

Looks like someone at ShadowServer has made a correction. ;) The daily pages now give a proper "Last Updated" time - the weekly/monthly pages still show November 12, 2007 but this will presumably be corrected on their next update.

i think the settings also matter. otherwise, how can f-secure detect more malware then kaspersky with the same signature. example:
F-Secure Kaspersky
Virus.Win32.VB.az 102993 84021
Worm.Win32.VB.es 12834 10345

-{ Quote: "i think the settings also matter. otherwise, how can f-secure detect more malware then kaspersky with the same signature. example:
F-Secure Kaspersky
Virus.Win32.VB.az 102993 84021
Worm.Win32.VB.es 12834 10345" }-
+1... as i mentioned here (http://www.wilderssecurity.com/showpost.php?p=1173971&postcount=49)... guess Kaspersky has a very similar result to F-Secure then and should be at a similar level as F-secure has... I wonder what other AVs can detect far more by changing the settings.

the one that has continued to impress me over the last month is Eset. I watch this thing daily and they must be adding something.:thumb:

-{ Quote: "the one that has continued to impress me over the last month is Eset. I watch this thing daily and they must be adding something.:thumb:" }-

well it let vundo through so it better keep adding, sorry to be negative but this 'was' my favorite av not anymore, somehow grief with malware when it fails does that...

-{ Quote: "i think the settings also matter. otherwise, how can f-secure detect more malware then kaspersky with the same signature. example:
F-Secure Kaspersky
Virus.Win32.VB.az 102993 84021
Worm.Win32.VB.es 12834 10345" }-
they use their signatures but that is where it ends. F-Secure has other engines it uses and Deep Guard is not like PDM as some think. F-Secure has proven to excel at catching malware from out of the wild. To me at least, there is no comparision between the two. F-Secure is a hog to load but once added it is smooth and quick as a piece of greased pork.;)

-{ Quote: "they use their signatures but that is where it ends. F-Secure has other engines it uses and Deep Guard is not like PDM as some think. F-Secure has proven to excel at catching malware from out of the wild. To me at least, there is no comparision between the two. F-Secure is a hog to load but once added it is smooth and quick as a piece of greased pork.;)" }-


I agree I have it currently loaded but I'm using the suite...

-{ Quote: "they use their signatures but that is where it ends. F-Secure has other engines it uses and Deep Guard is not like PDM as some think." }-
Wouldn't F-Secure's other engines have different detection names to Kaspersky's detections?... in shadowserver they have the same names.
I always thought DeepGuard worked only during execution and on F-Secure's website, it says that DeepGuard
"prevents system compromise by blocking the dangerous behavior, typically without any need for user intervention"
"DeepGuard™ is a unique HIPS technology"
"use techniques such as system monitoring, sandboxing, blocking of code injections, advanced heuristics and run-time behavioral blocking"
"providing zero-day protection against previously unknown malware"
"DeepGuard technology proves that such a behavior-based analysis of malware during run-time can be quite effective in stopping zero-day threats"
"Recently AV-comparatives http://www.av-comparatives.org/weblog/ tested F-Secure's behavior-based detection technology F-Secure DeepGuard for its ability to stop malware that is not found with traditional signature based virus scanning"
"F-Secure DeepGuard™ application to provide zero-day protection against previously unknown malware"

I haven't used DeepGuard, but looks to me its for 0-day malware and if it was for 0-day, it wont give a detection to the extent of which malware and variant (especially wont give a detection of a 0-day threat which has the same name as Kaspersky's detections... unless its a BIG coincidence).
If the detection names were different, only then I would have expected F-Secure's heuristic/proactive technologies to come into play, but seeing as its got the same names as Kaspersky, seems as if either:
1) F-Secure is better at unpacking
2) The settings are different

Also, if F-secure was stopping 0-day threats, it will not have a signature detection for it... seeing as it has a detection, its not 0-day so DeepGuard does not come into play.

... just what I'm thinking by reading F-Secure's website about DeepGuard... If I'm wrong, then F-Secure is missing some vital information about DeepGuard on its website :blink:

F-Secure uses the Kaspersky engine, plus another two engines, Libra and Orion. Libra is F-Secures own signature based engine, as if the KAV engine isn't enough , but the more protection, the better. Orion is F-Secures heuristic based engine, meaning it scans files for malicious code, very useful since it detects viruses without the need for virus signatures, this is a great backup for the sig-based engines, but you should never rely on heuristics alone since it really is one of those last line of defense kind of things.

The AVP engine seems to be F-Secure's main line of defense - most of the malware it seems to catch is by virtue of Kaspersky. I've seen the other engines trigger sometime, but not often, when Kaspersky misses something.

Gemini is the enjine for the Hips or Deep Guard. THere is also a antispyware module that can detect malware and Blacklight for rootkits. So depending on what these zero day threats were, I would say F-Secure has a larger arsenal then Kaspersky.

isnt one of the engines f-prot? or at some f-prot technology?
isnt the antispyware engine an improved version of ad aware?
i still wonder if companies like f-secure will get the brand new bulti from the ground up kaspersky engine used in the upcoming kaspersky 8.

A bigger arsenal doesn't always mean you fight better.

-{ Quote: "So depending on what these zero day threats were, I would say F-Secure has a larger arsenal then Kaspersky." }-
Dont know how you figured this out...
They both have signatures (although f-secure has its own engine which detects very few more malware in relation to the size of Kaspersky's)
They both have heuristics
They both have active rootkit detection and removal
They both have HIPS sort-of-thing... Kaspersky's PDM and F-Secure's DeepGuard


And once again, back to the topic... all the malware which F-Secure detected on ShaddowServer have Kaspersky's detection names, so that means only Kaspersky's engine detected it all... F-Secure's signature engine, neither AV's heuristics, active rootkit detection and HIPS (PDM or DeepGuard) is caused the variation in detections.

History (http://en.wikipedia.org/wiki/F-Secure#History) -{ Quote: "F-Secure is historically related to FRISK Software International, a company based in Iceland, which publishes F-Prot antivirus. The original F-Prot conglomerate of Icelandic, Finnish and American computer antivirus researchers fell apart during the early 1990s and the resulting companies divided the global market. For a while, Data Fellows's product was marketed as "F-Prot Professional". As of 2006, the macro-virus detection capabilities of Frisk's F-Prot scan engine are still present in F-Secure products." }-This was 2 years ago, I dont know about today. Solcroft, I know a member here that will remain nameless, that tests some of the worst nasties against each software. The only 3 that held up in the last round were F-Secure, Kaspersky and Norton. Now yes, you can take that for what you want, but even my beloved Avira got shut down completly once the malware was set loose.;)

Dawgg, I cant answer that. Either one is going to give you more then enough protection. I do find it ironic that Kaspersky is looking to add Hips to their new beta.

I sometimes think there is more under the hood with F-Secure then they say. I also think, and this is not meant to demeanor Kaspersky, that F-Secure should work on creating their own engines completely.

-{ Quote: "This was 2 years ago, I dont know about today. Solcroft, I know a member here that will remain nameless, that tests some of the worst nasties against each software. The only 3 that held up in the last round were F-Secure, Kaspersky and Norton. Now yes, you can take that for what you want, but even my beloved Avira got shut down completly once the malware was set loose.;)" }-
Given Avira's self-defense capabilities, I don't find that particularly hard to believe. Since Avira has no behavior blocking either, it's also completely meaningless to test malware execution against it - if it can't detect it, that fact is not going to change after you execute it. Unless Avira can nab the dropped drivers/libraries/etc, but that's another different matter altogether.

Avira has never been a strong player in this regard - I don't see why it failing should somehow put the ones who didn't in a favorable light.

I honestly wasnt trying to do that. How can I, when I am using a 350mb hog.

-{ Quote: "Avira has never been a strong player in this regard - I don't see why it failing should somehow put the ones who didn't in a favorable light." }-
Maybe because all AVs have their Pro's and Con's... be it overall detection, 0-day detection, self-defense, resource usage, support, GUI, price, bugs etc... people want to see the difference between all these abilities for each AV to aid them deciding what AV to choose....
No single factor is usually the determinant of saying what AV a user will choose and wont... users usually look at all of this information and weigh up for themselves what they consider more or less important for their AV to have.

... or some people just see what their friend's have and stick with that :).. think this is what many people do... only us who are on wilders or those with interest in AVs are the ones who see all this information!

-{ Quote: "they use their signatures but that is where it ends. F-Secure has other engines it uses and Deep Guard is not like PDM as some think. F-Secure has proven to excel at catching malware from out of the wild. To me at least, there is no comparision between the two. F-Secure is a hog to load but once added it is smooth and quick as a piece of greased pork." }-
yes, and of course all other engines label things with kaspersky' signature (same name)...
the other engine give other names to malware as dawgg pointed out too.
also if i recall deepguard is also an on execution type protection which won't show in such statistics.

for example today it's ok

Virus.Win32.VB.az 84209 Virus.Win32.VB.az 84209
now that's how it should normally look

-{ Quote: "yes, and of course all other engines label things with kaspersky' signature (same name)...
" }-

"All" other engines ?.. oh pleassee. I dont think Norton does.

so,

shadowserver uses paranoid heuristics for F-Prot, and.......

it says they use Drweb version 4.33 (for linux, not sure why?) which does not have the same level of detection as 4.44

if they need the linux versions, why aint they using drwebs 4.44 server linux edition?

curious, or maybe they are just unaware of 4.44

i shall inform them and see what reply i get.

still, its nice to see 4.33 doing quite well.

-{ Quote: "so,

shadowserver uses paranoid heuristics for F-Prot, and.......

it says they use Drweb version 4.33 (for linux, not sure why?) which does not have the same level of detection as 4.44

if they need the linux versions, why aint they using drwebs 4.44 server linux edition?

curious, or maybe they are just unaware of 4.44

i shall inform them and see what reply i get.

still, its nice to see 4.33 doing quite well." }-

Well indeed. We will get em' to use 4.44 and look for even better scores.

yep, lets see if they do :)

lol, you have switched to my setup now Bunk?

PrevEx < typo.

-{ Quote: "yep, lets see if they do :)

lol, you have switched to my setup now Bunk?

PrevEx < typo." }-

Fixed typo- had a little too much at the pub last night with my blokes! Ya, I'am using your setup. Best I have tested and I have tested them all as have you. Anti-spam filter best there is, even though my ISP (Cox) uses an aggressive spam filter. Never had any malware on my machine, and I am extremely high risk. If I do get infected, I'll remove with Dr. Web/Prevx and if that line of defense does not work, I'll restore with Acronis. I make a complete image each night when I shut down. Had to restore twice due to software trashing Windows and a disk crash and it worked flawlessly.

-{ Quote: ""All" other engines ?.. oh pleassee. I dont think Norton does." }-
i mean all other of f-secure's engines.