http://www.anti-malware-test.com/?q=node/76
Please do not start a war here!!

Hmm, Norman must have gotten Platinum.;)

Congrats to Eset also

Avira got screwed... I'll take 71% detection with 0.13% False Positives any day.

Main problem with AVIRA is that they have absolutelly s**tty FP fixing rate for no-cd patches and similar grey area programs. These are critical for me, but they refuse to fix them. And i totally hate that.

You may ask why, but i do lots of gaming on ACER Aspire One, a small portable notebook (netbook) that doesn't have any CD/DVD optical drive.
So only way to play games there is to use no-cd patches.
So AVIRA is completelly useless there.

I'd pick vendor that has lower detection rate but also fixes this grey area stuff instead AVIRA. Be it crack or patch, if it's false detection i really don't care what that thing serves for. It's not malicious and thats all they'd have to know.
So until they start doing that at AVIRA labs, i'll be using something else.
avast! or Rising Antivirus preferably...

I would also like to point out one important thing regarding avast!.
Everyone, and i mean EVERYONE are complaining over lack of heuristics in avast!. Well, who's your heuristics God now? It's no worse than others and completelly on par with others that have bunch of checkboxes and settings for heuristics and they hype them as best thing since sliced bread.
avast! has proved itself SEVERAL times in AV-Comparatives and AV-Test plus this one that lack of checkboxes and settings for heuristics doesn't automatically mean that antivirus sucks and that it completelly lacks any kind of proactive defenses.

congratulations to Kaspersky :thumb:

its getting better everytime ;)

-{ Quote: "
You may ask why, but i do lots of gaming on ACER Aspire One, a small portable notebook (netbook) that doesn't have any CD/DVD optical drive.
So only way to play games there is to use no-cd patches.
So AVIRA is completelly useless there.

I'd pick vendor that has lower detection rate but also fixes this grey area stuff instead AVIRA. Be it crack or patch, if it's false detection i really don't care what that thing serves for. It's not malicious and thats all they'd have to know.
So until they start doing that at AVIRA labs, i'll be using something else.
avast! or Rising Antivirus preferably...
" }-
The problem with cracks and no-cd patches is that, more often than not, they contain malicious code. They are also almost always packed, so that only increases the chances of identifying them as malware. Since these are not official, Avira probably thinks that instead of worrying about them, they'll just leave them alone. IMHO, it's better to be aggressive when it comes to things like these. If one really wants to use one, then he/she can include it in the exceptions. That's (one of) the reasons it's there.

-{ Quote: "Avira got screwed... I'll take 71% detection with 0.13% False Positives any day." }-

Ok, I'll take 52% detection with 0% FP's any day then ;)


Cheers

Well done KL!
same result as nod32 and less fp's
its quite impressive.

-{ Quote: "Main problem with AVIRA is that they have absolutelly s**tty FP fixing rate for no-cd patches and similar grey area programs. These are critical for me, but they refuse to fix them. And i totally hate that.
" }-

"The detection rate is more important than some FP", this sentence you will find on Avira forums ;D

No. That doesn't apply here at all.
I don't mind false positives that get fixed eventually.
AVIRA doesn't fix these AT ALL. So that IS a major problem.

AVG isn't that bad though:thumb: :thumb:

-{ Quote: "No. That doesn't apply here at all.
I don't mind false positives that get fixed eventually.
AVIRA doesn't fix these AT ALL. So that IS a major problem." }-
Is not a big deal since you can make exclusions,You are an advanced user you have a good ideea what's clean or not, i don't get it why you are upset.
They are not such a large company and their virus researchers must focus on the real threats.

-{ Quote: "No. That doesn't apply here at all.
I don't mind false positives that get fixed eventually.
AVIRA doesn't fix these AT ALL. So that IS a major problem." }-

I agree, congratulations to Kaspersky, BitDefender & ESET. I'm actually surprised at BitDefender, so nice job.

-{ Quote: "
AVIRA doesn't fix these AT ALL. So that IS a major problem." }-

I see, Avira doesn't fix all this grayware because it may be dangerous ::) I also don't like this behavior, I go with AVG ;)

Good job AVG :thumb:

Well, ALWIL is small but they also dedicate lots of manpower into fixing FP's. Also every no-cd or whatever, doesn't automatically mean it's malware.
So saying it "might" be dangerous doesn't really justify that.
Adding 20 or 30 exclusions just because of that is just plain lame and annoying.
I rather install AV that doesn't have such lame problems and restrictions.
And i will unless they'll change.

71%..........thats the magic number that matters to me and if the FP was around 1% maybe I might worry.

Poor TRENDMicro. Almost every time i see them in a competition i see them second too the end of the row . They must have liked positioning at the end :thumbd:

-{ Quote: "No. That doesn't apply here at all.
I don't mind false positives that get fixed eventually.
AVIRA doesn't fix these AT ALL. So that IS a major problem." }-
Now hold on there cowboy, those are some mighty strong words. I think Stefan should be the one to say yea or nay to that statement.

Of course even though Norman was not tested, if any of you ever happen to be the one in a million that gets one with them, err, its:
falsepositive@norman.no
not that you will ever need to though.;)

Why should you have to always deal with fp's which never get fixed?
why not change to a vendor that deals with real malware and has minimal fp's?
you can have both.
you will always have some fp's but some vendors are much better at sorting them out.
last time i sent an fp to Kl i got a reply in less than an hour and was fixed in the next update.

-{ Quote: "Now hold on there cowboy, those are some mighty strong words. I think Stefan should be the one to say yea or nay to that statement." }-

From what i've seen, Stefan also has ppl above him who approve or deny stuff.

Holy Smoking Joe Frazier, this is true.:-\

Amen bro:thumb: :thumb: :thumb:

Good showing by Dr.Web,8) but I don't get the discrepancy between Kaspersky and F-Secure??? .

-{ Quote: "Good showing by Dr.Web,8) but I don't get the discrepancy between Kaspersky and F-Secure??? ." }-

if i understand you right، f-secure using the old kaspersky engine 6 thats why he scored lower

-{ Quote: "if i understand you right، f-secure using the old kaspersky engine 6 thats why he scored lower" }-Thank you.;D

No Rising, no Twister, who need to get involved if they want the confidence of greater purchasing markets in The "WildTest" West.

Dave

-{ Quote: "Main problem with AVIRA is that they have absolutelly s**tty FP fixing rate for no-cd patches and similar grey area programs. These are critical for me, but they refuse to fix them. And i totally hate that.

You may ask why, but i do lots of gaming on ACER Aspire One, a small portable notebook (netbook) that doesn't have any CD/DVD optical drive.
So only way to play games there is to use no-cd patches.
So AVIRA is completelly useless there.

I'd pick vendor that has lower detection rate but also fixes this grey area stuff instead AVIRA. Be it crack or patch, if it's false detection i really don't care what that thing serves for. It's not malicious and thats all they'd have to know.
So until they start doing that at AVIRA labs, i'll be using something else.
avast! or Rising Antivirus preferably...

" }-
I have to agree with that point.Although I'm a huge fan of Avira it is annoying to have to manually disable the 'detection' of no-cd cracks all the time even when Avira knows them to be safe.

There's nothing illegitimate about using these patches on software that has been legally purchased,as anyone that's had the kids scratch a brand new £40 game cd will attest to.

-{ Quote: "Good showing by Dr.Web,8) but I don't get the discrepancy between Kaspersky and F-Secure??? ." }-
Most relevant to this test,
1. They both use different heuristics.

In addition, more generally,
2. There is a time-lag between when Kaspersky publishes an update and F-Secure publishes Kaspersky's update.
3. F-Secure has another scanning engines so can detects some things which Kaspersky doesn't.

Actually F-Secure has it's own virus lab, so they can actually add malware before Kaspersky Lab.

-{ Quote: "Actually F-Secure has it's own virus lab, so they can actually add malware before Kaspersky Lab." }-
Yes, as per point 3.

as far as i know the lastest f-secure products only contain f-secure own in house engines plus avp version 6
f-secure in house engines are as follows:
blacklight =for rootkits
Hydra
Pegasus (might be from norman acually) i think its part of deepguard. Not sure if its still for deepguard 2.

-{ Quote: "Yes, as per point 3." }-

Actually other engines don't have much to do with this.
They can add signatures to KAV engine itself.

why would they add signitures to kav engine when they can add signitures to there own engine?
maybe one day they will use their own engines only.

Thanks for you comments!

Just one thing I would like to draw your attention. The results shows that heuristic components of the most antivirus products were considerably enhanced. Most vendors took essential steps to improve their software, look at this diagram.

http://www.anti-malware-test.com/files/euristic_test2_eng_5.PNG

The most impressive progress in heuristic detection showed by AVG. Good job!

"Proactive antivirus protection" is rather broad. In its most extreme form, it means not owning a computer. I'd like to see better terminology. Another way it can be taken is attempting to get malware on the system in the first place, rather than having a folder full of nasties and having an AV scan that paticular folder.

Bitdefender dropped since 2007 :/

-{ Quote: "Bitdefender dropped since 2007 :/" }-
???
http://www.anti-malware-test.com/files/euristic_test2_eng_5.PNG
I see BitDefender in 2009 and its taken top honors as far as I can see...

-{ Quote: "???
http://www.anti-malware-test.com/files/euristic_test2_eng_5.PNG
I see BitDefender in 2009 and its taken top honors as far as I can see..." }-

Yes, but their detecting has dropped since 2007.

-{ Quote: "Yes, but their detecting has dropped since 2007." }-
Maybe they haven't dropped, but the samples have simply changed.
Still very good results and that's all that matters I guess :)

When I look at interpreted test results, there are questions because not my AVs are freebies:

What can I afford on my "newer" PC,

And,

Which FREE AVs can protect as best possible those older PCs.

-{ Quote: "When I look at interpreted test results, there are questions because not my AVs are freebies:

What can I afford on my "newer" PC,

And,

Which FREE AVs can protect as best possible those older PCs." }-

Avira and Avast both offer excellent free version and they will do very well in your PC.

Avira 71% detection and .13% false positive

F-Secure 44% detection and .03 false positive

These aren't signatures but detecting new/unknown threats.

This means that Avira detects 27/100 MORE actual unknown/new threats than F-Secure while falsely alerting 1/1,000 more times.

How are these two even in the same medal category? How can you suggest that detecting 27/100 more is somehow overshadowed by 1/1,000 more false positives?

In fact, Avira detects 10/100 more than the Gold award winners whilst still having only ~1/1,000 more false positives.

The award categories are effectively based on false positive rates and that seems a bit unfair given the low false positive rates of all of them (except Sophos - holy yikes).

I've got no horse in this race - I'm just saying that analyzing the math doesn't suggest the same conclusion as the award categories do.

-{ Quote: "I've got no horse in this race - I'm just saying that analyzing the math doesn't suggest the same conclusion as the award categories do." }-
I agree, but also what I may have awarded them may differ from what you or everyone else would award.
The award status is rather subjective and its up to each person what they want to award them. Antimalware just chose that. Same with any award which includes subjective views or have more than 1 variable or require 'weighting' of any sort.
We're free to make our own "awards" if we want and say what we think they should get just like antimalware.ru. Its upto people if they trust the award (care about it) or not.

People can "analyze the maths" however they want its highly unlikley most of the analysis will be exactly the same.

At the end of the day, we have the statistics for detections/FPs, we're all inteligent enough to make our own minds up about what we think of the results.

Antimalware team, in the methodology (step 5+), you mentioned you updated the AVs after 1 week and done a repeat scan.
What was that for?
What is the final % then? - test step 3 or step 7 or a manipulation of the two?

One thing is very annoying: when the av suggests that some file is suspicious and might be dangerous, it is considered as a false positive. For example, Dr.Web might detect something as "Probably xxxx", label it as suspicious and then people say it makes a false positive. The file probably only does or is something that malware usually are.

My point is: If some clean file is detected as suspicious because it has some same charasteristics as a malware file, it isn't a "false detection" but only a suggestion that it is something that should be carefully looked at. That's not a bad thing.

-{ Quote: "One thing is very annoying: when the av suggests that some file is suspicious and might be dangerous, it is considered as a false positive. For example, Dr.Web might detect something as "Probably xxxx", label it as suspicious and then people say it makes a false positive. The file probably only does or is something that malware usually are.

My point is: If some clean file is detected as suspicious because it has some same charasteristics as a malware file, it isn't a "false detection" but only a suggestion that it is something that should be carefully looked at. That's not a bad thing." }-
Good point,as the saying goes "better safe than sorry" ;) FPs are inevitable with any good pro-active detection given the similarities between many good apps. and malware.

The difference is:

1) Clean file detected by a specific signature, then stated that it is malware for sure. For example, "Trojan.Asdf.Blah.34576" .. etc.

2) Clean file is detected by heuristic methods and then labeled as potentially dangerous based on it's charasteristics. For example, "Probably Backdoor.Trojan" .. and etc.

Nr. 1 is a false positive, nr. 2 is excellent security.

According to German law, using tools to bypass copy protection is illegal. So why should we invest resources in illegal software while there is lots of undetected real malware that we need to work on? Fix one fp on a crack or in the same time, add a new generic detection that catches 500-50.000 samples?

You use a no-cd patch 1 time, why not disable the guard while you patch the game and then delete the patcher?

Also, quite a few products do add specific (generic) detections for cracks/keygens, McAfee or Dr.Web for example.

Most of them are not patchers, but pre-patched/modified executables that you have to either doubleclick or they are DLL loaders that work along original executable.
These can be just as harmful(or harmless) as weapons. If you don't shoot anyone, no harm is done. But thats my point of view.
Especially for personal usage.

If a user has legally purchased a game and doesnt want to damage the cd no cd patches are acceptable imo.
My sister put in the cd for the sims 2 in the drive so much that is cracked down the middle so it couldnt be used anymore.

im sure certain companies naming no names would fix the fp very quickly.
not all cd patches contain malware. its just like anything you just go to the right sourses which produce safe files so that the users discs dont get damaged.

surely you just want to detect malware rather than detecting harmless no cd patches?

other antivirus companies manage that so why cant you?

ok, im a pretty heavy gamer, i play quite often and use No-Cd patches for most of my game simply because im too lazy to find the CD out of all the CD's i have ;D and tbh, no joke, i havent had Avira detect a single one of them, maybe its bad luck, or the person who created the patch did it in a poor and/or different way that makes the patched .exe get detected.

and im still perfectly fine if Avira does detect the no CD .exe that i use to launch my game, its as simple as going into exclusions, adding it and DONE, takes maybe half a minute, i dont see why thers a need to complain about it, so what if other companies dont detect them, im not gunna stop using Avira just cuz of this TINY detail, it really isnt a big enough issue to make all this fuss about...

The thing that test doesn't take into account with Sophos is that it is a corporate program designed for the corporate world only.

The 'false positives' in fact are suspicious files that many a sysadmin would want to know about. This detection can be turned off in the on access scanner options however it isn't recommended.

Thus I think it's not a fair test because they tried to compare a corporate product with a consumer product and as everyone knows most consumer and corporate products couldn't be more different.