http://www.av-comparatives.org/comparativesreviews/main-tests

LOL how did we not have a huge thread about this test a week before it was published....did we all forget? :D

Never knew microsoft had good proactive.

yeah wow for microsoft.. and symantec seems to be falling behind some from where they have been the last few tests

Great job for Bill's Team :thumb: .The least FP's and very good detection.Will this be the free av that they-re planning?

Avira head and shoulders above the rest at least in the number detected,shock result there ;D

Also very surprised how useful Microsoft's offering appears to be.

Once again (and same as the previous 'on-demand' test) the number of FP's playing an "important" role in the results ::)

New year, new test 'policies' I guess...

Avira ranked 1st with 69% of detection. It's my #1 :-*

I thought OneCare was going to be discontinued. Anyway, congratulations to MS. :thumb:

-{ Quote: "I thought OneCare was going to be discontinued. Anyway, congratulations to MS. :thumb:" }-

Not really, just branded under a new name.

-{ Quote: "LOL how did we not have a huge thread about this test a week before it was published....did we all forget? :D" }-
I didn't forget about these tests, but was expecting the results next week to be honest. They're a little early for a change.

-{ Quote: "Does anyone know how many false positives Avira actually had?" }-
According to report 21, the February on-demand test, AVIRA had 24 FPs.

-{ Quote: "I've never had problems with FPs with Avira, which is why I will continue to use it, especially since it consistently tops the board with its detection rates!" }-
The reason for that is most likely because you've never had any of the programs installed that were flagged as FPs. As I've said previously, many of the packages won't be on most people's systems at any one time. When I saw the list of FPs in the on-demand test, I have to admit I'd not heard of most of them.

The real world scenario is so much different to the testing environment. :)

-{ Quote: "According to report 21, the February on-demand test, AVIRA had 24 FPs.


The reason for that is most likely because you've never had any of the programs installed that were flagged as FPs. As I've said previously, many of the packages won't be on most people's systems at any one time. When I saw the list of FPs in the on-demand test, I have to admit I'd not heard of most of them.

The real world scenario is so much different to the testing environment. :)" }-

I like how the feb one shows Avira detecting Dr Web (FP) as a virus. Seems like its working ok to me. ;D

Why they didn't use avira version 9 and nod32 version 4 ?

Since I began to use Avira 8,I have never got an FP. And it never fails me when I meet a real one. That's my experience with Avira 9 personal! :thumb:

For those who are interested in AV test,here (http://bbs.kafan.cn/thread-472026-1-1.html)'s a lot of tests going on by enthusiast.(If you don't mind reading some Chinese)

-{ Quote: "Why they didn't use avira version 9 and nod32 version 4 ?" }-

Because the versions from the feburary test were used for this test.

I am not surprised by the result of Microsoft, their generic detections are very good! I am disappointed by the 69%, though. Way too low to get me excited. :dry:

Stefan, are you aiming at 90%? ;D

-{ Quote: "Never knew microsoft had good proactive." }-

Actually yes, Microsoft is coming up with incredible good generic signatures :)

Hey Marco: still no room there for PrevX eh ?

( how about checking in for " single product review" ? )

-{ Quote: "Because the versions from the feburary test were used for this test.

I am not surprised by the result of Microsoft, their generic detections are very good! I am disappointed by the 69%, though. Way too low to get me excited. :dry:" }-

this is not fair !! stefan please go easy on other competitors:P

NOD32, I love YOU 8) :-* :-*


Few FPs, Proactive the best = Good balanced AV ^^

Microsoft's detection rate has been greatly increased, thanks to my timeless efforts to submit new malwares, I owe all the credits……LOL…..just kidding. ;D

Microsoft will soon rebrand OneCare as Morro. It will be a free AV. I bet once Morro will be released, it will hit the sales of fellow competitors.:thumb:

-{ Quote: "It will be a free AV. I bet once Morro will be released, it will hit the sales of fellow competitors." }-

And how is this a good thing? Fewer AV products means easier job for the malware guys = less protected users.

I also believe that the MS AV is not yet fully on the radar of the malware guys, so their generic detections are not attacked as much as the ones from other products. This will change of course as soon Morro is out and gets a serious user base.

-{ Quote: "Avira with the highest detection rate yet again. Does anyone know how many false positives Avira actually had? It would be good to know the absolute numbers, so we can compare exactly how many more FPs it produced than the "Advanced+" programs.

I've never had problems with FPs with Avira, which is why I will continue to use it, especially since it consistently tops the board with its detection rates!" }-

I never had a FP either and I have using Avira on two computers for over three years.

-{ Quote: "this is not fair !! stefan please go easy on other competitors:P" }-

From the variance in the results, I am not sure there are other competitors. Avira has left the pack far behind.

Same old story, Avira leading by a wide margin, but penalized over FPs. Now I don't want to argue about FPs as we all assign different levels of importance to this number, but in all fairness to state " Few:3-15 and Many: Over 15 is a bit too vague, basically if Avira had hypothetically 16 FPs and Kaspersky 15, we would have the same situation a la Virus Bulletin where Avira in reality got FAIL because of one FP.

Once again, congratulations to Avira and Microsoft for the first time.

oh!! as always kaspersky is getting bad !! i think in the next on-demand test its will get only ADVANCED :'(

-{ Quote: "oh!! as always kaspersky is getting bad !! i think in the next on-demand test its will get only ADVANCED :'(" }-

You're kidding right? It had few false positives and not far away from the usual top-tier NOD. 2010 will probably shake it up even more.

-{ Quote: "Same old story, Avira leading by a wide margin, but penalized over FPs. Now I don't want to argue about FPs as we all assign different levels of importance to this number, but in all fairness to state " Few:3-15 and Many: Over 15 is a bit too vague, basically if Avira had hypothetically 16 FPs and Kaspersky 15, we would have the same situation a la Virus Bulletin where Avira in reality got FAIL because of one FP.

Once again, congratulations to Avira and Microsoft for the first time." }-
IMO a few FPs on obscure products are a small price to pay for Avira's vastly superior detection of real malware in that test.

-{ Quote: "You're kidding right? It had few false positives and not far away from the usual top-tier NOD. 2010 will probably shake it up even more." }-

But so will malware, you can't really predict the AV will get better, or worse.

-{ Quote: "You're kidding right? It had few false positives and not far away from the usual top-tier NOD. 2010 will probably shake it up even more." }-

no im not kidding !! see their old results and compare them to this ، they are sucking a hard time !! also they haven’t improved their lousy heurstic and generic detection in ver2010 so no shaking ;)

-{ Quote: "no im not kidding !! see their old results and compare them to this ، they are sucking a hard time !! also they haven’t improved their lousy heurstic and generic detection in ver2010 so no shaking ;)" }-

You may be right... but you should not forget that the lower scores of Kaspersky Labs could be attributed by: It has been the favorite attack spot of various virus writers across the globe, attackers specifically target their security products especially antivirus

Interesting.

It doesn't mention the cleaning abilities of the AV. Is there some information out there that can shed some light on this ?

Somewhat off topic: I've been looking for a chart regarding the market share of AVs, but couldn't find any. Does anyone how/where to obtain it ?

Well, Norman has landed at the bottom of the pack. Even with its advertised "Sandbox" & "DNA matching" technology, it has failed to get even decent results.
Also if AVG 8.5 with Sana Labs tech had been used, there would have been a better show by them. We'll have to wait till the next proactive test to see if really AVG advertising is real.
MS is looking very very good !! If Morro even suffices to be decent, they will make a big dent to the competition. Maybe that's why Symantec is bundling ASK.com, while McAfee & AVG are pushing Yahoo!

Wonder when VIPRE will be included in such tests ?? Also does any one know why Authentium/F-Prot was not tested ? They were part of the Feb'09 test, but are missing from the proactive test.

Proactive part in AVG from Sana doesn't work on-demand because it's a behavior blocker. Besides, their tech is not all that hot anyway. I was totally dissapointed by that thing compared to excellent ThreatFire.

You are right, only on-execution tests can determine the effectiveness of BB or HIPS. Guess we'll have to wait till the Dynamic tests, to see their effectiveness.

-{ Quote: "But so will malware, you can't really predict the AV will get better, or worse." }-

Yes, but I was more pointing at the results it had, that's an Advanced+ rating. Looking at the other products, you can see that it gets harder and harder to reach high detection while keeping the FPs down.

-{ Quote: "no im not kidding !! see their old results and compare them to this ، they are sucking a hard time !! also they haven’t improved their lousy heurstic and generic detection in ver2010 so no shaking ;)" }-

Right, right... how old were you again?

-{ Quote: "Well, Norman has landed at the bottom of the pack. Even with its advertised "Sandbox" & "DNA matching" technology, it has failed to get even decent results." }-

I believe 1. most of that technology is ran on file execution 2. They used the old Norman (not the recent version)

-{ Quote: "
Wonder when VIPRE will be included in such tests ??" }-

I actually checked with our product manager about this recently and he tells me "We’re getting our detections up to world-class before we submit to the public testing. We’re real close…"

I do know that with the internal testing we've done we've scored very near the top. I believe we'll be included in the next round of tests.

-{ Quote: "You may be right... but you should not forget that the lower scores of Kaspersky Labs could be attributed by: It has been the favorite attack spot of various virus writers across the globe, attackers specifically target their security products especially antivirus" }-

Yet Avira and Nod are both targeted by the same attacks and manage to keep there detections up. Kaspersky really has no excuse and only them self's to blame... :dry:

And before you state it I'm not bashing kasper just stating the truth.

-{ Quote: "You're kidding right? It had few false positives and not far away from the usual top-tier NOD. 2010 will probably shake it up even more." }-

You have to keep in mind that

a) the malware gets more and more anti-heuristic/anti-generic, more experienced in breaking generic detections

b) that the other av products are constantly improving their detection also

So it's hard already to maintain the very same level of detection.

The most popular AV products are attacked the most, the malware writers are especially interested in breaking the heuristic/generic detection.

-{ Quote: "I believe 1. most of that technology is ran on file execution 2. They used the old Norman (not the recent version)" }-
I checked on Norman site (http://www.norman.com/downloads/home/58573/en-us) 7.10 is their latest version.

Also I thought their "DNA" was just generic signatures and "Sandbox" was heuristic and not a VM like VIPRE's MX-V.

But still their advertising does look precarious when such results are floating in public view. Hope they can regain some lost ground in Dynamic Tests later in the year.

Does it mean Windows Defender had good generic detection as well or only One Care product?

@Stefan Kurtzhals
Well said! Even though you're not too exited with 'your' score, still a h*ll of a good job! :thumb:

@Durad
Seen quite some generic detections from Windows Defender as well. However they (Defender and OneCare) don't seem to use the very same database/engine.

@IBK
Thanks a lot for your efforts again!

-{ Quote: "I actually checked with our product manager about this recently and he tells me "We’re getting our detections up to world-class before we submit to the public testing. We’re real close…"

I do know that with the internal testing we've done we've scored very near the top. I believe we'll be included in the next round of tests." }-
Hi Nick,
Can you clarify, the text in bold.
As you saying that currently you are selling a slightly inferior product and that VIPRE has yet to technologically go GOLD ?

Regards,
VijayIND

-{ Quote: "Hi Nick,
Can you clarify, the text in bold.
As you saying that currently you are selling a slightly inferior product and that VIPRE has yet to technologically go GOLD ?

Regards,
VijayIND" }-

Not at all. As I mentioned, with our internal testing we're scoring near the top of the list. Our goal of course is to top the list or at least get as close as possible on the public testing. As I also previously mentioned, we're very close.

-{ Quote: "Not at all. As I mentioned, with our internal testing we're scoring near the top of the list. Our goal of course is to top the list or at least get as close as possible on the public testing. As I also previously mentioned, we're very close." }-

There seems to be a mis-alignment of communication here.

There are a wealth of third-party testing organizations that we work with. VIPRE has been certified by West Coast Labs for 100% detection and remediation of all Wildlist viruses. Our product has been tested independently by TUV and Passmark for performance and received some of the highest scores in the testbed; it has also been tested for detection by PC Magazine and PC Pro, where in both cases it scored highly. We are working closely with third-party testing organizations such as AV-Test and AV-Comparatives and expect to have a third party validation from one of these firms in the near future. Our tests continue to show VIPRE as a leader in detection on in-the-wild malware, easily outpacing leading antivirus companies.

-{ Quote: "oh!! as always kaspersky is getting bad !! i think in the next on-demand test its will get only ADVANCED :'(" }-
Hello JinK.
I will summarise the charts from 2007 to 2009 AV comparative results for KL.
Febuary 2007 on demand test Advanced Plus
May 2007 Retrospective/Proactive Test Standard
August 2007 on demand test Advanced Plus
November 2007 Retrospective/Proactive Test Advanced Plus
Febuary 2008 on demand test Advanced Plus
May 2008 Retrospective/Proactive Test Standard
August 2008 on demand test Advanced Plus
November 2008 Retrospective/Proactive Test Advanced
May 2009 Retrospective/Proactive Test Advanced Plus

you will notice the on demand tests are Advanced plus .
You should also notice Kaspersky is improving in the Retrospective/Proactive Tests.
how can getting advanced plus for both tests be a bad thing?
the heristics are improving all the time.

-{ Quote: "There seems to be a mis-alignment of communication here. . . .Our tests continue to show VIPRE as a leader in detection on in-the-wild malware, easily outpacing leading antivirus companies." }-I see no "mis-alignment" in NickHSunbelt's communication. IMO, he was communicating just fine. Open. Straightforward. Easily understood.

OTOH, your unsupported, nebulous claim is mere hype. Nada mas.

-{ Quote: "Hey Marco: still no room there for PrevX eh ?

( how about checking in for " single product review" ? )" }-

It's a bit tricky, tho actually we started getting more and more reviews :)

Thanks for the patient answers, Nick and Alex from Sunbelt.

Good to know that VIPRE is leading your testing, but third-party tests will be more reassuring to many. I own a VIPRE licence, its best on my netbook.

-{ Quote: "
you will notice the on demand tests are Advanced plus .
You should also notice Kaspersky is improving in the Retrospective/Proactive Tests.
how can getting advanced plus for both tests be a bad thing?
the heristics are improving all the time." }-

May be he might had some bad experience while evaluating kaspersky:dry:

-{ Quote: "There seems to be a mis-alignment of communication here.

There are a wealth of third-party testing organizations that we work with. VIPRE has been certified by West Coast Labs for 100% detection and remediation of all Wildlist viruses. Our product has been tested independently by TUV and Passmark for performance and received some of the highest scores in the testbed; it has also been tested for detection by PC Magazine and PC Pro, where in both cases it scored highly. We are working closely with third-party testing organizations such as AV-Test and AV-Comparatives and expect to have a third party validation from one of these firms in the near future. Our tests continue to show VIPRE as a leader in detection on in-the-wild malware, easily outpacing leading antivirus companies." }-

It's #1 in its own little world that says little tho until its been put against tests others have. You could make a test of 1 sample make a sig for it detect it and say I score the highest.. :dry: 3rd Party PLEASE.


Edit. typo :o

-{ Quote: "There seems to be a mis-alignment of communication here.

There are a wealth of third-party testing organizations that we work with. VIPRE has been certified by West Coast Labs for 100% detection and remediation of all Wildlist viruses. Our product has been tested independently by TUV and Passmark for performance and received some of the highest scores in the testbed; it has also been tested for detection by PC Magazine and PC Pro, where in both cases it scored highly. We are working closely with third-party testing organizations such as AV-Test and AV-Comparatives and expect to have a third party validation from one of these firms in the near future. Our tests continue to show VIPRE as a leader in detection on in-the-wild malware, easily outpacing leading antivirus companies." }-

Nonsense. Your tests mean nothing empirically; of course you would make that claim. You are light years away from the efficacy of Avira.

-{ Quote: "Hello JinK.
I will summarise the charts from 2007 to 2009 AV comparative results for KL.
Febuary 2007 on demand test Advanced Plus
May 2007 Retrospective/Proactive Test Standard
August 2007 on demand test Advanced Plus
November 2007 Retrospective/Proactive Test Advanced Plus
Febuary 2008 on demand test Advanced Plus
May 2008 Retrospective/Proactive Test Standard
August 2008 on demand test Advanced Plus
November 2008 Retrospective/Proactive Test Advanced
May 2009 Retrospective/Proactive Test Advanced Plus

you will notice the on demand tests are Advanced plus .
You should also notice Kaspersky is improving in the Retrospective/Proactive Tests.
how can getting advanced plus for both tests be a bad thing?
the heristics are improving all the time." }-

sorry for not saying this but i mean in my talk kaspersky ver 2009 !!

also yes its getting bad every time look at the detection rate not advanced+ thing !!

and yes i have seen many heurstic updates but man its still weak and can be defeated so easily !! many hackers are saying this !! even its signature detection has been defeated by some kiddie hackers :thumbd:

not just that even in my test a lot of viruses being missed by heurstic and Hips !!!

believe me this is the reality !!! if you got some new malwars you can try to test them by your self !!

-{ Quote: "sorry for not saying this but i mean in my talk kaspersky ver 2009 !!

also yes its getting bad every time look at the detection rate not advanced+ thing !!

and yes i have seen many heurstic updates but man its still weak and can be defeated so easily !! many hackers are saying this !! even its signature detection has been defeated by some kiddie hackers :thumbd:

not just that even in my test a lot of viruses being missed by heurstic and Hips !!!

believe me this the reality !!! if you got some new malwars you can try to test them by your self !!" }-

Do you want to add a few extra exclamation marks on to that for added effect? (!!!)

As far as I am concerned you have been shouting and throwing your toys out of the pram in any thread that dares to mention Kaspersky in it but have absolutely no proof of your claims....all talk and no action IMO.....if you don't have anything useful to say then whats the point?

Didnt Jin perish, or go back to 1974 in Lost.:'(

Baz, I wouldn't waste my time responding as these comparatives threads seem to bring out the fan boys and haters in equal measure.

Congrats to the usual suspect with the highest detection rate & to the vendors awarded the Advanced+ rating.

Cheers.

-{ Quote: "Nonsense. Your tests mean nothing empirically; of course you would make that claim. You are light years away from the efficacy of Avira." }-


-{ Quote: "Baz, I wouldn't waste my time responding as these comparatives threads seem to bring out the fan boys and haters in equal measure.
" }-

It was fine until page 3, I thought it might be the first thread without them, really nice conversations in page 1 & 2 though for anyone interested.

-{ Quote: "It was fine until page 3, I thought it might be the first thread without them, really nice conversations in page 1 & 2 though for anyone interested." }-

If it gets to out of control a mod will take care of it.. but lets not let it get that far. ;D

No need to bash the Sunbelt guys. The malware crowd will do their job soon enough. As far I can see, the Sunbelt product is just another AV product with normal state-of-the-art technology. Which in this combination and with similar capabilities is present in several other AV products already - which are easily beaten by the malware professionals. There is no reason to believe Sunbelt will be spared and that the malware crowd will ignore them.


-{ Quote: "Even though you're not too exited with 'your' score, still a h*ll of a good job!" }-

The score could be easily much much MUCH better. Working with way too limited resources. But it's funny to see what one person with a bit dedication and low-tech can achieve.

-{ Quote: "Nonsense. Your tests mean nothing empirically; of course you would make that claim. You are light years away from the efficacy of Avira." }-

Although their AV is a youngster compared to other vendors, maybe when they are officially tested the results will be surprising. Depends upon which other company's database they are using.

-{ Quote: " Our threat database is actually quite large. Because of a deal we had made while VIPRE was still in development we actually started with another company's database (not really sure I'm allowed to say who's) in addition to our own. Because of this we had started with the database of one of the better programs out there with the addition of our own database." }-

-{ Quote: "I like how the feb one shows Avira detecting Dr Web (FP) as a virus. Seems like its working ok to me. ;D" }-


;D ;D ;D ;D

Yep they didn't allow any web to be woven.

-{ Quote: "There seems to be a mis-alignment of communication here.

There are a wealth of third-party testing organizations that we work with. VIPRE has been certified by West Coast Labs for 100% detection and remediation of all Wildlist viruses. Our product has been tested independently by TUV and Passmark for performance and received some of the highest scores in the testbed; it has also been tested for detection by PC Magazine and PC Pro, where in both cases it scored highly. We are working closely with third-party testing organizations such as AV-Test and AV-Comparatives and expect to have a third party validation from one of these firms in the near future. Our tests continue to show VIPRE as a leader in detection on in-the-wild malware, easily outpacing leading antivirus companies." }-


Prove it, then make these conjectures. As of now and for a long while, Avira's biggest quality has not been the fact that it has done well in tests, the consistency is what should be applauded, in this case, none of the Avira editions tested in past or present have thrown a curve ball, that to me is the most important of all the aspects of a good AV.

mmm poor of norman in spite of sandbox and DNA matching tchnology .i hope norman can continue improve collect more signature and enhace the frequency of virus definitioj update menawhile improve the sandbox detection and had better improve the scaning speed:-[

-{ Quote: "Prove it, then make these conjectures. As of now and for a long while, Avira's biggest quality has not been the fact that it has done well in tests, the consistency is what should be applauded, in this case, none of the Avira editions tested in past or present have thrown a curve ball, that to me is the most important of all the aspects of a good AV." }-

I'm a little baffled, maybe I missed out on a previous post. When did I say something negative about Avira? It is an excellent engine, I have nothing against it at all.

The context of testing is important -- an antivirus product has to be looked at in its ability to both detect and remediate malware. This is historically where classic antivirus engines have had difficulty.

Avira, ESET, F-Secure and other very, very good engines have had repeated problems at publications like PC Magazine for this reason. Detection high, remediation not so high. You can't just run a scanner against a boatload of malware and look at the pure detection stats. You have to look at the whole universe of issues -- detection, remediation, zero day detection, etc.

Fwiw, what NickH said earlier about our using another database at the start of our development is not totally correct. 4 years ago, we started CounterSpy with a co-development agreement with Giant Company, which got bought by Microsoft, and we continued to get definition updates from Microsoft to supplement our own research. However, that deal is long gone. VIPRE is completely done from scratch, and does not use much (if any) of the old CounterSpy engine/database.

Alex Eckelberry
CEO, Sunbelt Software

-{ Quote: "Prove it, then make these conjectures. As of now and for a long while, Avira's biggest quality has not been the fact that it has done well in tests, the consistency is what should be applauded, in this case, none of the Avira editions tested in past or present have thrown a curve ball, that to me is the most important of all the aspects of a good AV." }-
Very true,Avira has been a top draw product for as long as I can remember.:thumb:

-{ Quote: "Very true,Avira has been a top draw product for as long as I can remember.:thumb:" }-
Not really true. Back in February 2004 with AV-Compratives' first report Avira was the very worse of them all. They improved during the year scoring somewhat better in 2005. Since 2006, when they released version 7, they really started to became of what they are now.

-{ Quote: "
Fwiw, what NickH said earlier about our using another database at the start of our development is not totally correct. 4 years ago, we started CounterSpy with a co-development agreement with Giant Company, which got bought by Microsoft, and we continued to get definition updates from Microsoft to supplement our own research. However, that deal is long gone. VIPRE is completely done from scratch, and does not use much (if any) of the old CounterSpy engine/database.

Alex Eckelberry
CEO, Sunbelt Software" }-

Then is it reasonable to expect, VIPRE to miss legacy/old viruses ? Since in the developing world, many of the older malware is still floating.

Is that why Sunbelt is apprehensive about joining AV-Comparative, AV-Test or VB100 which have a lot of older samples in their HUGE sample set.

-{ Quote: "I'm a little baffled, maybe I missed out on a previous post. When did I say something negative about Avira? It is an excellent engine, I have nothing against it at all.

The context of testing is important -- an antivirus product has to be looked at in its ability to both detect and remediate malware. This is historically where classic antivirus engines have had difficulty.

Avira, ESET, F-Secure and other very, very good engines have had repeated problems at publications like PC Magazine for this reason. Detection high, remediation not so high. You can't just run a scanner against a boatload of malware and look at the pure detection stats. You have to look at the whole universe of issues -- detection, remediation, zero day detection, etc.

Fwiw, what NickH said earlier about our using another database at the start of our development is not totally correct. 4 years ago, we started CounterSpy with a co-development agreement with Giant Company, which got bought by Microsoft, and we continued to get definition updates from Microsoft to supplement our own research. However, that deal is long gone. VIPRE is completely done from scratch, and does not use much (if any) of the old CounterSpy engine/database.

Alex Eckelberry
CEO, Sunbelt Software" }-
Its your claim of surpassing all leading AVs, when you prove yourself in independent tests done by AV comparatives and likes, only then will you redeem yourself, till then, statements like the one you make, however true it might be proven in future doesn't seem to benefit your credibility as CEO of Sunbelt. The Avira mention was not directed at you or your product. PC Mag is far removed from a credible source for AV testing, as Vijayind points out above, why don't you participate in avcomparatives testing?

-{ Quote: "
Avira, ESET, F-Secure and other very, very good engines have had repeated problems at publications like PC Magazine for this reason. Detection high, remediation not so high. You can't just run a scanner against a boatload of malware and look at the pure detection stats. You have to look at the whole universe of issues -- detection, remediation, zero day detection, etc.


CEO, Sunbelt Software" }-

I'm sorry until I seriously see some 3rd party tests on this software and how it runs I wont take it seriously. Once I see some solid evidence that this AV is a good quality product and not just words from PC Mag (which unfortunately holds no value what so ever) Will I consider offering it to my clients. Also coming here and spouting off that its leaps and bounds ahead of the others just makes you look like a fool, If your going to make claims like that put some evidence behind it or don't say it at all. :blink:

And no I'm NOT bashing sunbelt this is the same thing I EXPECT from any AV especially when making claims like this.

Girls? Can't we all just get along?

-{ Quote: "Girls? Can't we all just get along?" }-

No one is fighting.. everyone is just stating there opinion on the topic that is all.

There's a lot of posts that are bashing PC Mag, but I can't really see anything that's wrong with it. How isn't it a credible source?

-{ Quote: "There's a lot of posts that are bashing PC Mag, but I can't really see anything that's wrong with it. How isn't it a credible source?" }-

They can be bias but that does not happen much. Main thing is how they grade products, a product can have awesome removal and prevention. But if it don't have good parental controls it will receive a LOW score compared to something that cant detect **** and gets a high score. There system is very flawed and normally shows the best "Sponsor" in the better light. :dry:

-{ Quote: "They can be bias but that does not happen much. Main thing is how they grade products, a product can have awesome removal and prevention. But if it don't have good parental controls it will receive a LOW score compared to something that cant detect **** and gets a high score. There system is very flawed and normally shows the best "Sponsor" in the better light. :dry:" }-
I agree that their grading system seems strange, but that does not necessarily constitute as bias, they simply have different views on what products should be able to do. Of course I agree like all reviews and tests the results should be taken with a grain of salt.

There are established testing sites like av-comparatives and then we have ad sponsored susceptible sites like PC Mag whose authors cover everything from printers to AV, now who has more credibility?

-{ Quote: "I agree that their grading system seems strange, but that does not necessarily constitute as bias, they simply have different views on what products should be able to do. Of course I agree like all reviews and tests the results should be taken with a grain of salt." }-


I would rather trust one that is dedicated to tests on a AV then one that is a jack of all trades.

As for being bias I never said it was based on there grading system. They just don't compare AV's very well, they rather score on features like parental controls. yet it has a 10% detection rate, Having them score products like that as a "Editors choice" is just stupid a customer gets mislead. :dry:

In the end with PC mag you walk away with AV that wont protect you or even do what its advertised to do. But you get a REALLY SHINNY STICKER on your box that has no meaning to it at all. So someone saying Hey we scored well with PC mag and they rated us as a "Editors choice" means nothing when you look at the other tests that are available for people to see.

-{ Quote: "
The score could be easily much much MUCH better. Working with way too limited resources. But it's funny to see what one person with a bit dedication and low-tech can achieve." }-

who has limited resources? and why? can you please explain little more? ??? also i have a question why avira dont have an advanced heuristic which the malware while scanned avira opens it in limited environment and see what it does make general activiaties malwares often do (you make 3 point to say its malware example 1- send data and downloads files, 2-modify system ..etc) so when avira run it if it made 1 from 2 points avira say (probably a malware or suspicious and if it made all the points which you perviously made it then you say a variant of...(malware name) also and you can use this idea on specific variants of malware (zbot does a-..., b-... c-....) so when you catch malware do the (a,b,c or a,b only or even a only) then its malware or variant or suspicious depends on the how much points the malware scores (a,b,c) thats what eset (nod32) does and its very good as you know malware is easy to encrypted when detected so a very advanced and strong herustic is better and important and you will be able to catch the new malwares before it even created!! last thing why you dont catch an executable values on the malwares so that it cant be encrypted anymore (it will be broken if they tried to encrypt it). finally i have to say that avira and specially you do a very very good job and all uses and company appreciated it and and i have to say thank you on all your efforts for protecting us. thank you Stefan Kurtzhals, thank you AVIRA :-*

-{ Quote: "They just don't compare AV's very well, they rather score on features like parental controls. yet it has a 10% detection rate, Having them score products like that as a "Editors choice" is just stupid a customer gets mislead. :dry:" }-
Which product has a 10% detection rate?

-{ Quote: "It was fine until page 3, I thought it might be the first thread without them, really nice conversations in page 1 & 2 though for anyone interested." }-

It is good to know you are the content police and have nothing to add as usual.:thumbd:

-{ Quote: "I'm a little baffled, maybe I missed out on a previous post. When did I say something negative about Avira? It is an excellent engine, I have nothing against it at all.

The context of testing is important -- an antivirus product has to be looked at in its ability to both detect and remediate malware. This is historically where classic antivirus engines have had difficulty.

Avira, ESET, F-Secure and other very, very good engines have had repeated problems at publications like PC Magazine for this reason. Detection high, remediation not so high. You can't just run a scanner against a boatload of malware and look at the pure detection stats. You have to look at the whole universe of issues -- detection, remediation, zero day detection, etc.

Fwiw, what NickH said earlier about our using another database at the start of our development is not totally correct. 4 years ago, we started CounterSpy with a co-development agreement with Giant Company, which got bought by Microsoft, and we continued to get definition updates from Microsoft to supplement our own research. However, that deal is long gone. VIPRE is completely done from scratch, and does not use much (if any) of the old CounterSpy engine/database.

Alex Eckelberry
CEO, Sunbelt Software" }-

Alex,

Assertions are what the computer industry does well, having worked for large firms and owning three of my own- I saw and heard it all. The problem is, assertions are not facts- just assertions. When I see you do well at AV-Comparatives- that will add some empirical substantiation of the efficacy of your engine. Until then, I will continue to conclude that you are simply making unsubstantiated claims.

-{ Quote: "It is good to know you are the content police and have nothing to add as usual.:thumbd:" }-


Nod.........nod ;D

Problem is everyone is looking at this test like its the only factor in how good an AV is. Dr. Web may not have the highest detection, but it can remove 100% of what it finds. While Avira may find everything but remove less than half. Kaspersky has the highest amount of unpackers. Symatec has the best parental control. NOD has the most accurate heuristics. Avira has the highest detection.

There is no AV that is good at or even decent at everything (maybe kaspersky :)), so what people pick depends on their needs. What if someone cares less if they get infected by a virus but SPAM annoys them most? Get an av with a good SPAM filter.

PCMAG also has their own view on certain products. They probably pick the av with the most polished feel. Does everything work how it should? If not than why award an AV that seems to "chuck" features in just as a selling point. If symantec is able to make every feature of their AV work as it should, why should they be punished.

Sure Avira may protect you against everything, but whats the point if the average user has no idea what option to pick on alerts? Everyone here is acting as if the only user that matters is the one that knows how to handle malware.

Most of the time there is no bias, just a different view of what is good and bad.

-{ Quote: "It is good to know you are the content police and have nothing to add as usual.:thumbd:" }-

It's bad to know you still have only selective reading, since you missed my input on both page 1 and 2, unlike your "input", dare I call it that, more like defensive measure against an impending attack (only in your mind). Excluding your latest post in this thread.

Coolio10, good post. You can give someone the best product/program available, and if they run into one problem, they will most likely, not be happy with it.

Each security product/program usually has its own strengths, lighter, higher detection, easy to use, less conflicts, better customer service and so on.

No one product is the absolute best. But to every one of us, we seem to each have the best product. ;)

Folks,

To everyone who feel compelled to comment on individual members...., let it go.

With respect to the subject of this thread..., how about something a little more thoughtful than gratuitous congratulations to the winners and...., well..., other commentary regarding the trailers, not to mention the back and forth sniping between members.

This testing protocol has been going on long enough and there's enough data that even a casual observer should be able to perform a quick and informal meta-analysis to get some idea of the threshold below which score differences are really not discernably different (hint - it's about 10% absolute with some censoring - I'll leave it to the math mavens to figure out the details). On that basis, there are basically three major result families (20's and below, 30's - low 40's, 50+ or so), but there's arguably slop even in that categorization. On top of that you can layer additional factors...., that could, IMHO, actually develop into a worthwhile discussion regarding product selection.

Blue

Yes, and i still want to know how many clean samples are tested.. because those 69% call for details on FP criteria.

-{ Quote: "Yes, and i still want to know how many clean samples are tested.. because those 69% call for details on FP criteria." }-

You mean the total files used in the FP test? Random programs, etc? That would be nice to know actually. Then you could work out a percentage of False positive and add it to a ratio against detection.

Which actually means something, as opposed to absolute numbers.
I pretty much ignore FP test in AVC because of that, unless the difference is really big.

-{ Quote: "Which actually means something, as opposed to absolute numbers.
I pretty much ignore FP test in AVC because of that, unless the difference is really big." }-

Aye 1.1 Million samples and 20 FP's on Average. FP's of such low number should not affect how it does I believe. Now I would care if that number was in the 100's only one I have seen that close tho is Gdata.

-{ Quote: "Then is it reasonable to expect, VIPRE to miss legacy/old viruses ? Since in the developing world, many of the older malware is still floating.

Is that why Sunbelt is apprehensive about joining AV-Comparative, AV-Test or VB100 which have a lot of older samples in their HUGE sample set." }-

I think this is a good question. Newer antimalware engines, like Malwarebytes, Prevx and Sunbelt, all face a disadvantage when dealing with legacy viruses. The Wildlist itself is particularly challenging -- in order to get certfied, you have to be able to detect things like Word 95 macro viruses. It took us a lot of work to have to go through and write detections when we were developing VIPRE for malware that simply is not a risk to the user today (unless you're running Word 95 on a Windows 98 machine).

The question, I suppose, is what is actually infecting users? What is relevant?

Testing is not in the best shape in the AV world. A prime example is this one:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=Security&articleId=9133345&taxonomyId=17&pageNumber=1

In this new "objective" test, Kaspersky and ESET, both outstanding engines, got hammered. We all know that's ridiculous -- you may have your differences with a particular engine, but these two AV products are very, very good. I consider the test rubbish (with all due respect to the author).

At the end of the day, when have you to disinfect a thorougly hosted machine, what tool will you use? What tests truly reflect today's malware? For those of you involved in malware research, what do you typically see for in-the-wild detection?

Alex Eckelberry
CEO, Sunbelt Software

-{ Quote: "I think this is a good question. Newer antimalware engines, like Malwarebytes, Prevx and Sunbelt, all face a disadvantage when dealing with legacy viruses. The Wildlist itself is particularly challenging -- in order to get certfied, you have to be able to detect things like Word 95 macro viruses. It took us a lot of work to have to go through and write detections when we were developing VIPRE for malware that simply is not a risk to the user today (unless you're running Word 95 on a Windows 98 machine).

The question, I suppose, is what is actually infecting users? What is relevant?

Testing is not in the best shape in the AV world. A prime example is this one:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=Security&articleId=9133345&taxonomyId=17&pageNumber=1

In this new "objective" test, Kaspersky and ESET, both outstanding engines, got hammered. We all know that's ridiculous -- you may have your differences with a particular engine, but these two AV products are very, very good. I consider the test rubbish (with all due respect to the author).

At the end of the day, when have you to disinfect a thorougly hosted machine, what tool will you use? What tests truly reflect today's malware? For those of you involved in malware research, what do you typically see for in-the-wild detection?

Alex Eckelberry
CEO, Sunbelt Software" }-

No AV is fool proof so the chance to be infected on with ANY av is there, tho some make it a slimmer chance then others. As for removing the infection I just roll back on a Image as I trust no AV to remove the infection fully and in today's world you rather make sure its gone then hoping it is.

Now I know this is not what everyone does the avg user does not Image there HD's keep backups of all there data for them AV is there first and last line of defense.

Now as for testing there is only 2 that I really watch AV-Test and AV-Comparative and the main reason is it shows raw numbers no articles on what the editor thought. No BS just raw numbers on samples go back as far as May of 08 and Awards only being handed out to that test bed. that leaves pretty much NO av at a disadvantage as its all pretty recent malware.

-{ Quote: "Again, it's all very well to rollback. It's like saying: "bugger, my security failed me, and my computer is now stuffed. Let's buy a new computer with a completely new installation of Windows".

Sure, I do understand rollback programs makes it easier and you don't need to buy a new computer or re-install windows haha! But actual "prevention" is key.

I'm not saying not to use rollback software...just that I don't see rollback software as a security product, more a back-up product...sort of like me backing irreplaceable information up on to a separate external hard-drive (in case my current hard drive suddenly dies)." }-

Rollback programs also allow you to rollback to an earlier time period,not just because of an malware related problem. It also allows you to rollback in case a windows update makes your system unstable or driver update etc etc. The lists go on and on.

There's more to a stable computer then pileing on the latest and greatest security software. When your Chkdisk finds problems,and you cant get to your desktop,it's not gonna matter if you got Commodo installed,you instead shoulda had a rollback program installed.

-{ Quote: "Again, it's all very well to rollback. It's like saying: "bugger, my security failed me, and my computer is now stuffed. Let's buy a new computer with a completely new installation of Windows".

Sure, I do understand rollback programs makes it easier and you don't need to buy a new computer or re-install windows haha! But actual "prevention" is key.

I'm not saying not to use rollback software...just that I don't see rollback software as a security product, more a back-up product...sort of like me backing irreplaceable information up on to a separate external hard-drive (in case my current hard drive suddenly dies)." }-

How so..... My computer makes a backup every 2 days and a CD every 2 weeks. if something happened its 10 min back to a image before it happened. Security is there for a Prevention if your hoping it will protect you fully your only kidding your self.

Also its not a fresh install of windows it has all my programs and what not already set. So no, a roll back is the most effective way to do it. And the simple fact is its faster then letting your AV clean the infection and more effective to.

-{ Quote: "Wow mate, what you wrote above is exactly what I also implied. Please re-read my post above, particularly:
"...just that I don't see rollback software as a security product, more a back-up product...sort of like me backing irreplaceable information up on to a separate external hard-drive (in case my current hard drive suddenly dies)."

As I said, it's more of a "back-up" product, rather than a prevention product. Just trying to make that point haha, not trying to say rollback software is useless in any way." }-

You obviously dont get it.

Rollback is nothing like a back up program. You need to read up on rollback software.

-{ Quote: "Again, what don't I get? Rollback programs create snap-shots of your system. It's an excellent back-up utility. Maybe you don't like my use of "back-up" haha.

EDIT: I also back-up my data on to an external hard-drive in case my hard-drive dies...EAZ-FIX will not save me there if I'm creating snapshots on the same hard-drive haha.
In addition, the rollback concept does not save you from data that has been stolen, like a key-logger stealing your PIN number. Sure, you can rollback and get rid of the key-logger, but by then, it's already too late as your PIN number has already been stolen!" }-

No security setup is 100% If there was whomever came up with such a setup would have made alot of money by being able to prove such a system exists.

Regardless of what you "think" is a 100% secured computer system is far from reality,hate to burst your bubble.
We weren't even talkin about "key loggers" so not sure why you brought that into this post for,as thats dealt with with other security software.

-{ Quote: "Aye 1.1 Million samples and 20 FP's on Average. FP's of such low number should not affect how it does I believe. Now I would care if that number was in the 100's only one I have seen that close tho is Gdata." }-

That's what I used to think as well, that the FP count was in relation to the 1 million + of samples. Apparently FP testing is run separately but no details about this test is ever disclosed. I think this what Pedro and funkydude were talking about.

-{ Quote: "Problem is everyone is looking at this test like its the only factor in how good an AV is. Dr. Web may not have the highest detection, but it can remove 100% of what it finds. While Avira may find everything but remove less than half. Kaspersky has the highest amount of unpackers. Symatec has the best parental control. NOD has the most accurate heuristics. Avira has the highest detection.

There is no AV that is good at or even decent at everything (maybe kaspersky :)), so what people pick depends on their needs. What if someone cares less if they get infected by a virus but SPAM annoys them most? Get an av with a good SPAM filter.

PCMAG also has their own view on certain products. They probably pick the av with the most polished feel. Does everything work how it should? If not than why award an AV that seems to "chuck" features in just as a selling point. If symantec is able to make every feature of their AV work as it should, why should they be punished.

Sure Avira may protect you against everything, but whats the point if the average user has no idea what option to pick on alerts? Everyone here is acting as if the only user that matters is the one that knows how to handle malware.

Most of the time there is no bias, just a different view of what is good and bad." }-

By and large, I agree with your analyses, but there are nuances that ought to be addressed." Dr Web removes what it finds" great, but it can't remove what it didn't detect in the first place. Avira by default will deny access to anything that is suspicious, perhaps even FPs -outside the system-which is not so serious as detecting FPs in the OS. The average user with Avira can safely deny access to anything suspicious, and therefore won't need any AV cleaner.

In every tests done, Avira's removal rates have also been up with its detection rates and saying that it doesn't remove what it detects tantamounts to FUD. If the gate remains closed and troops are alerted, no intruder gets in. Plain and simple.

-{ Quote: "In every tests done, Avira's removal rates have also been up with its detection rates and saying that it doesn't remove what it detects tantamounts to FUD. If the gate remains closed and troops are alerted, no intruder gets in. Plain and simple." }-
http://www.anti-malware-test.com/?q=taxonomy/term/14

If even Kaspersky needs a separate removal forum, imagine what else avira can't remove. You assuming the PC is clean, the average user won't format their system when their infected :) let alone know their infected.

How is removing a file before it launches any different than deleting it by clicking the file and pressing delete manually.

-{ Quote: "Dr Web removes what it finds" great, but it can't remove what it didn't detect in the first place." }-
Dr.Web doesn't claim to detect everything, but Avira does claim to remove what it detects.

-{ Quote: "QuickRemoval eliminates viruses at the push of a button" }-

-{ Quote: "
Avira by default will deny access to anything that is suspicious, perhaps even FPs -outside the system-which is not so serious as detecting FPs in the OS. " }-
Is the OS not a common place for viruses to hide?

-{ Quote: "
The average user with Avira can safely deny access to anything suspicious, and therefore won't need any AV cleaner." }-
What if the virus was already on the system? What if the 1% detection missing was the virus you got?

-{ Quote: "http://www.anti-malware-test.com/?q=taxonomy/term/14

If even Kaspersky needs a separate removal forum, imagine what else avira can't remove. You assuming the PC is clean, the average user won't format their system when their infected :) let alone know their infected.

How is removing a file before it launches any different than deleting it by clicking the file and pressing delete manually." }-



This site's credibility and its so called affiliation with Dr. Web has been discussed before. Avira and Eset rated lower than Avast and others for removal, guess I have seen it all.;D

Let me ask you, how can KAV remove what it can't even detect with its piss poor detection performance? You can't fight a cloaked Klingon ship, can you?

-{ Quote: "Dr.Web doesn't claim to detect everything, but Avira does claim to remove what it detects.
Is the OS not a common place for viruses to hide?
What if the virus was already on the system? What if the 1% detection missing was the virus you got?" }-

I think most of the time there's a dualism in meaning when we talk about 'detection': From Avira's perspective by default if something tries to enter the system and it's detected you get a menu of options (deny access, delete, ignore etc) whether one is an expert or layman, it is safe to assume that denying access will be the best course of action.

When you talk about detecting malware already in the system, regardless what AV you are going to use, it is not fair IMO, to judge its effectiveness in terms of how many pieces of malware can be cleaned. An infected system is a legacy of a loose attitude towards security from the user in the first place.

I have no doubts that if one tries different AVs to clean a heavily infected system there will be different results, but these results might vary trying to clean other different systems (it is common practice from people cleaning infected computers to use several scanners).

My point is that an AV should be tested in its ability to detect and deny access to a system, IMO this is the most important function. A clean system, with a top notch AV and a reasonable user should remain clean for along time.

This is obviously personal, but infected systems should be freshly reinstalled or restored with an image.

Cloak-malware
autorun.inf worms
The unknown was detected?

Most protection software should send the data of the unknown pest back lab team to figure-out how to remove the threat. But only if the software just can't clean the infected file. It could delete or try to clean it or put it into a safe house area, until the next update has a fix for it. This is how Rising does it. I've sent them many files for them to test and exam and they can tell me if it's malware or not. Still there software updates daily on the fly. Malware scans are daily on routine bases.

I know everyone here has there favorite suite or standalone AV but the best part is if you can send back feedback to the lab boys to solve the issue you might have with those unknown cloaked-malware or etc. pest or block dangerous bad sites or IP address too.

-{ Quote: "This site's credibility and its so called affiliation with Dr. Web has been discussed before. Avira and Eset rated lower than Avast and others for removal, guess I have seen it all.;D

Let me ask you, how can KAV remove what it can't even detect with its piss poor detection performance? You can't fight a cloaked Klingon ship, can you?" }-
1. Its detection is not piss poor.
2. Once it does detect it, it can atleast remove it. Or in your terms, the ship will lose its cloaking device.

-{ Quote: "This site's credibility and its so called affiliation with Dr. Web has been discussed before. Avira and Eset rated lower than Avast and others for removal, guess I have seen it all.;D

Let me ask you, how can KAV remove what it can't even detect with its piss poor detection performance? You can't fight a cloaked Klingon ship, can you?" }-

When is Getting Advanced+ is piss poor detection performance.::)
For your reference Kaspersky has implemented full fledged hips/proactive defense mechanism to block the samples it misses in its security suites

-{ Quote: "I think this is a good question. Newer antimalware engines, like Malwarebytes, Prevx and Sunbelt, all face a disadvantage when dealing with legacy viruses. The Wildlist itself is particularly challenging -- in order to get certfied, you have to be able to detect things like Word 95 macro viruses. It took us a lot of work to have to go through and write detections when we were developing VIPRE for malware that simply is not a risk to the user today (unless you're running Word 95 on a Windows 98 machine).

The question, I suppose, is what is actually infecting users? What is relevant?

Testing is not in the best shape in the AV world. A prime example is this one:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=Security&articleId=9133345&taxonomyId=17&pageNumber=1

In this new "objective" test, Kaspersky and ESET, both outstanding engines, got hammered. We all know that's ridiculous -- you may have your differences with a particular engine, but these two AV products are very, very good. I consider the test rubbish (with all due respect to the author).

At the end of the day, when have you to disinfect a thorougly hosted machine, what tool will you use? What tests truly reflect today's malware? For those of you involved in malware research, what do you typically see for in-the-wild detection?

Alex Eckelberry
CEO, Sunbelt Software" }-

Hi Alex,
For a fact I can validate that there are still people in this world you are running win98. And some company in my company still run MS Office 2000 with Win2000. But yes, these numbers are small and its hard for a new product to cover such legacy products.

Regarding the second argument of testing. There are many 3rd party testing outfits of repute out there. Many of them who don't use the age old wild list.

Its very hard to believe that you and sunbelt find no 3rd party tester to be fit for the job, to run a comparative of VIPRE with other AVs w.r.t to detection and removal.

-{ Quote: "When is Getting Advanced+ is piss poor detection performance.::)
For your reference Kaspersky has implemented full fledged hips/proactive defense mechanism to block the samples it misses in its security suites" }-

Please check the ratings at av-comparatives and compare to Avira and Eset. Advanced+ has no bearing, percentage of detection means everything.

-{ Quote: "Please check the ratings at av-comparatives and compare to Avira and Eset. Advanced+ has no bearing, percentage of detection means everything." }-
Yeah , yeah percentage detection means everything that the experts at av-comparatives.org are fools giving Kaspersky Labs Advanced+ and HIPS/PDM all are useless. It is quite easy to say anything....:o

-{ Quote: "
Regarding the second argument of testing. There are many 3rd party testing outfits of repute out there. Many of them who don't use the age old wild list. " }-
Which tests do you think are reputable?
Thanks

-{ Quote: "Please check the ratings at av-comparatives and compare to Avira and Eset. Advanced+ has no bearing, percentage of detection means everything." }-When discussing the results of this (or any other) test results, let's be clear to separate interpreted opinion from objective fact.

"Percentage of detection means everything" is an opinion. Behind that opinion may be a cogent rationale, but that rationale may not universally apply.

Folks - the concept is called nuance (http://en.wiktionary.org/wiki/nuance). It's your friend. It will help you understand and appreciate why the world view that you hold may not be held by others.

Regards,

Blue

Let me rephrase here at the cost of getting banned, what would you take in an AV, detection or Advanced +, basic point is how many virus are detected and in the end of day, thats all that matters. If a AV can't detect, then it has no idea if system is infected or not nor can it block effectively.

-{ Quote: "Let me rephrase here at the cost of getting banned, what would you take in an AV, detection or Advanced +, basic point is how many virus are detected and in the end of day, thats all that matters. If a AV can't detect, then it has no idea if system is infected or not nor can it block effectively." }-
Then let me also rephrase mine.... at the end of the day is our system safe or not that is all that matters to everybody . People uses firewall, hips, av etc not just for detection but also to keep their system safe. None of the antivirus has 100% detection so u or ur antivirus cannot detect all neither mine, but in the end all that matters are the measures which protects our system to the maximum.
PS: U can check the reviews of Defensewall i.e. a type of HIPS from av-comparatives.org, how effectively it blocks the samples that all the antiviruses are missing...

-{ Quote: "Then let me also rephrase mine.... at the end of the day is our system safe or not that is all that matters to everybody . People uses firewall, hips, av etc not just for detection but also to keep their system safe. None of the antivirus has 100% detection so u or ur antivirus cannot detect all neither mine, but in the end all that matters are the measures which protects our system to the maximum.
PS: U can check the reviews of Defensewall i.e. a type of HIPS from av-comparatives.org, how effectively it blocks the samples that all the antiviruses are missing..." }-


At what cost may I ask and how do you intend to train all users, specially novice ones to heed all the pop ups by HIPS? Would you layer your spanking new quad core to bring it to 486 level?

-{ Quote: "At what cost may I ask and how do you intend to train all users, specially novice ones to heed all the pop ups by HIPS? Would you layer your spanking new quad core to bring it to 486 level?" }-

Now u r diverting from the topic... at least the user will be warned at various levels when a malware is intruding the system and they can block it... in only antivirus measure user will never know when a malware not detected by antivirus will get into the system and capture it. Also check: none of the good hips like KIS, Comodo, Defensewall never uses a lot of resources. In my system KIS just takes around 20-30 mb of ram and system works very efficiently...

-{ Quote: "Now u r diverting from the topic... at least the user will be warned at various levels when a malware is intruding the system and they can block it... in only antivirus measure user will never know when a malware not detected by antivirus will get into the system and capture it. Also check: none of the good hips like KIS, Comodo, Defensewall never uses a lot of resources. In my system KIS just takes around 20-30 mb of ram and system works very efficiently..." }-


I am diverting the topic, lets see, the topic was on av-comparatives and you bring in HIPS. Its not about RAM resources, do install Filemon and Process Monitor from sysinternals and see what an average HIPS does to your system. A fully patched Windows with LUA, Hardware DEP implemented with a high detection good AV should suffice well against 0 day exploits rather than layers of security apps which can lead to various issues and conflicts in future. So many Win users complain of programs not working, crashes and other issues and when you check their system, you find them layered with security apps . Tell me, what good is a warning when the average users has no idea when prompted with explorer.exe wants to access xxx.xxx.xxxx

If you are on a NAT router, what use is redundant double filtering of the traffic putting un-necessary CPU load when your router is doing a swell job. An outbound app based monitor will suffice well enough there.

Well who said that bring quad core to 486 level??? I am not contradicting with ur security setup. By the way i am using HIPS from long time playing 3d games, surfing so are lot of users from the world with HIPS, with no issues with performance....

Since you mentioned HIPS thats why the reference to quad core and 486, glad it works for you but for average users, HIPS prompts can be quite daunting. I have seen performance drop with a dual quad core with 8gb ram so I speak from my own experience.

I haven't noticed from my experince, I have been using KIS from 2007, first on p3 machine then on my dual core machine. So are the users from comodo etc... I have visited their forums.... May be the hips u were using must be resource hungry. I have been using KIS 2009 now 2010 with no issues in performance with CPU or other resources...
PS: Even many of my friends are using KIS on their laptops and desktops, they r playing games etc... with no issues in performance.... they are also average users

The ones you mention, I have used them all. Maybe your perception of performance are quite different from whats mine. I prefer the lighter approach, one which gives me long term stability and speed over all.

Maybe its true, my perception and my friend's and all others who uses HIPS are the same we all prefer to use their system nicely not just dedicate their system only for security :P

PS: We are able to use system of course lightly, with stability and speed ;) for all sort of purposes

I have friends, some of them active members in this forum here who prefer the lighter approach, they are all veterans and have been around and used security apps since their early days. All have come to the consensus that layering is not the right way. In the end, whatever suits you is fine.

Same case with mine and same with security experts sitting around the world... every experts lets say from Norton, now Avira who is building proactive defense technology now... Every experts around the world says layered defense is the best way to be safe from present scenario where around 30,000 malwares are released everyday (a source from panda says) some of the rootkits malware in recent scenario were so dangerous they caused massive havoc, inspite of people having antiviruses on their system. None of the antivirus can detect all of them:doubt:

But implementing better security measures, patching OS, LUA, SRP and DEP can block most. In that sense, nothing is infallible, not even HIPS.

-{ Quote: "I think this is a good question. Newer antimalware engines, like Malwarebytes, Prevx and Sunbelt, all face a disadvantage when dealing with legacy viruses. The Wildlist itself is particularly challenging -- in order to get certfied, you have to be able to detect things like Word 95 macro viruses. It took us a lot of work to have to go through and write detections when we were developing VIPRE for malware that simply is not a risk to the user today (unless you're running Word 95 on a Windows 98 machine).

The question, I suppose, is what is actually infecting users? What is relevant?

Testing is not in the best shape in the AV world. A prime example is this one:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=Security&articleId=9133345&taxonomyId=17&pageNumber=1

In this new "objective" test, Kaspersky and ESET, both outstanding engines, got hammered. We all know that's ridiculous -- you may have your differences with a particular engine, but these two AV products are very, very good. I consider the test rubbish (with all due respect to the author).

At the end of the day, when have you to disinfect a thorougly hosted machine, what tool will you use? What tests truly reflect today's malware? For those of you involved in malware research, what do you typically see for in-the-wild detection?

Alex Eckelberry
CEO, Sunbelt Software" }-

Love him or hate him but IMO Matt's tests at remove-malware are performed in a realistic way on the type of malware average users are likely to encounter.

-{ Quote: "sorry for not saying this but i mean in my talk kaspersky ver 2009 !!

also yes its getting bad every time look at the detection rate not advanced+ thing !!

and yes i have seen many heurstic updates but man its still weak and can be defeated so easily !! many hackers are saying this !! even its signature detection has been defeated by some kiddie hackers :thumbd:

not just that even in my test a lot of viruses being missed by heurstic and Hips !!!

believe me this is the reality !!! if you got some new malwars you can try to test them by your self !!" }-

sorry but you're just trying to flame the thread,I love the way the fanboys react to any test result.really amusing!

-{ Quote: "At what cost may I ask and how do you intend to train all users, specially novice ones to heed all the pop ups by HIPS? Would you layer your spanking new quad core to bring it to 486 level?" }-
Automatic Mode?

-{ Quote: "Automatic Mode?" }-

Is there any, how bout if it ends up blocking a legit app, where and when to discern.

-{ Quote: "Is there any, how bout if it ends up blocking a legit app, where and when to discern." }-

If it's Kaspersky we're talking, the worst thing that can happen is that it places the legit app. in Low Restricted, which means it will alert the user to any suspicious, or dangerous actions for that matter. For the apps. that it's totally unsure what to do when such an action happens, say a leaktest, it'll also prompt the user, even if I would rather, for example when it's fiddeling with IE, that it automatically and temporarily restricts it till there's no danger left. It checks both for danger-rating and digital signature, not just digital signature which would leave you vulnerable, and as it still obviously monitors for dangerous actions, you won't go unprotected even if software is placed in the Low Restricted area.

That it can't operate completely automatic is sadly a reason I probably won't use it in the end... :)

-{ Quote: "At what cost may I ask and how do you intend to train all users, specially novice ones to heed all the pop ups by HIPS? " }-
DefenseWall practically has no popups. Sorry...

-{ Quote: "DefenseWall practically has no popups. Sorry..." }-


How would a guest user know which app is trusted and which isn't, what if he or she blocks a legit application, one thats needed for proper functioning of the OS? Since your HIPS makes all process runing as untrusted, what happens when a panic stricken noob ends up making system folder untrusted?

-{ Quote: "How would a guest user know which app is trusted and which isn't, what if he or she blocks a legit application, one thats needed for proper functioning of the OS? Since your HIPS makes all process runing as untrusted, what happens when a panic stricken noob ends up making system folder untrusted?" }-
It doesn't, only certain internet faced applications, and it does that automatically.

-{ Quote: "Which tests do you think are reputable?
Thanks" }-
IMHO, AV-Test, AV-Comparative,Anti-Malware.ru
Esp. AV-Test who are often commissioned to do custom tests, with a recent or active threat sample set. Also Anti-Malware.ru does many interesting tests with recent rootkit, polymorphic malware sets.

But now there a lot of new ones coming out like too. So Sunbelt could try anyone, for starters.

-{ Quote: "Is there any, how bout if it ends up blocking a legit app, where and when to discern." }-

Don't block anything. Use Sandboxie and flush the toliet when your done!:argh:

Ice

-{ Quote: "Don't block anything. Use Sandboxie and flush the toliet when your done!:argh:

Ice" }-


Btw. neither Defensewall nor Sandboxie works in x64 Win so still need roto router.

-{ Quote: "Yeah , yeah percentage detection means everything that the experts at av-comparatives.org are fools giving Kaspersky Labs Advanced+ and HIPS/PDM all are useless." }-
It seems they just got sick of putting the crown on avira's head for every comparative test that they do and they've changed (a bit ::)) the test's "rating results policy". In the end, it's the 'plus' (+) sign what matters for marketing purposes ;)

Hey, help me selling my product! :D

Congratulations to Microsoft, Eset, and Kaspersky !!

-{ Quote: "DefenseWall practically has no popups. Sorry..." }-

I agree. Install it on any average user's system, and the program automatically finds the most common programs that need to be untrusted (internet browsers, chat clients etc). Rarely is there a pop-up/alert.

And the best part of the program, is that users can download files, and use the files while the system is still protected.

I'm a big fan of sandboxie, but found average users seem to always want to instantly recover a download, without scanning and checking the file first, or checking the source. Or they get tired of recovering downloads and switch to using an unsandboxed browser all the time. These users would better suit DefenseWall as they can keep on using downloaded files without any harm to their system.

True, if a user does want to install a program permanently, they have to run it as trusted. But more often than not, the average user has problems downloading small zip files for example, through peer to peer networks (limewire) etc.

And it's great that more advanced users can filter through files and registry tracks to delete files from their system permanently. This program is definitely 'set and forget'. More people (including myself) should be giving this program a go. :thumb:

-{ Quote: "And flush all your settings away too haha. So much for usability and convenience. But if you're happy with that, all good!" }-

Oh I'm very happy about that. If I need something configured within my FF browser, I'll just disable the sandbox, update then it re-enables. RunSafer is protecting while sandboxie is disabled and Avira picks up the slack. It's a win win situation!

Ice

-{ Quote: "Btw. neither Defensewall nor Sandboxie works in x64 Win so still need roto router." }-

Didn't notice the sig. Someday Sandboxie will work with all x64 bit OS.

Ice

Sigh... Security is security. All these tests are probably not even reliable because all tests show different results. My friend is a Microsoft Certified Engineer and he says Microsoft Forefront and Symantec Endpoint Protection is more effective than Avira. =/

-{ Quote: "IMHO, AV-Test, AV-Comparative,Anti-Malware.ru
Esp. AV-Test who are often commissioned to do custom tests, with a recent or active threat sample set. Also Anti-Malware.ru does many interesting tests with recent rootkit, polymorphic malware sets.

But now there a lot of new ones coming out like too. So Sunbelt could try anyone, for starters." }-
Are those new tests reliable? What about Remove-Malware (http://remove-malware.com/) or MalwareResearchGroup (http://malwareresearchgroup.com/)?

-{ Quote: "Sigh... Security is security. All these tests are probably not even reliable because all tests show different results. My friend is a Microsoft Certified Engineer and he says Microsoft Forefront and Symantec Endpoint Protection is more effective than Avira. =/" }-
SEP 11 isn't really a comparable product. It has AV with a firewall and also proactive protection, whereas Avira is AV alone, or at best, the suite is AV with firewall. Avira with a good firewall and HIPS added might very well be more effective than SEP 11.

-{ Quote: "Sigh... Security is security. All these tests are probably not even reliable because all tests show different results. My friend is a Microsoft Certified Engineer and he says Microsoft Forefront and Symantec Endpoint Protection is more effective than Avira. =/" }-

That's where I stopped reading.

Microsoft Certified eng saying Microsoft is better gee that's a totally independent view :o

-{ Quote: "Are those new tests reliable? What about Remove-Malware (http://remove-malware.com/) or MalwareResearchGroup (http://malwareresearchgroup.com/)?" }-
I am not aware of MalwareResearchGroup and their practices so I will not comment.

With regard to Remove-Malware.com, I had a chat with Matt on one of the threads here. Its seems his test bed comprises of random population of malware on device outside the DMZ. So its not standardized, hence when ACME AV is tested there may be 2112 malware samples but when AJAX AV is tested there may be 1873. The exact specifics seem to be unknown, so its hard to compare performance of ACME & AJAX AV.

Matt believes that his machine is infected with over 1000 pieces of malware, but unlike other test/testers he doesn't maintain a list of malware in his machine.Hence at the end of the test, he is unable to accurately verify if all samples have been caught and removed. He only does some basic tests to check if everything has been removed like IE check, process check. But still nothing to see if all the malware debris has been removed and if any system files have been corrupted.

IMHO, Remove-Malware.com is an excellent hobbyist test with a lot of real-world samples. But its not standardized enough to be made the AV test bible.

-{ Quote: "My friend is a Microsoft Certified Engineer and he says Microsoft Forefront and Symantec Endpoint Protection is more effective than Avira." }-

Since when does MSCE gives you qualification for inside knowledge of anti-malware technology?

-{ Quote: "Didn't notice the sig. Someday Sandboxie will work with all x64 bit OS.

Ice" }-

No, it wont. Read the SB forums. They delete any debate on 64bit versions. Sandboxie will die a slow and painful death come windows 7. I'm sure someone who cares will write something better.

-{ Quote: "Since when does MSCE gives you qualification for inside knowledge of anti-malware technology?" }-

Not, but from his personal experience on a company Windows 2000 network with industry strength endpoint protection and a strict LUA + SRP policy, Microsoft problably was sufficient

On a desktop running admin, behind a router. . . . I prefer Avira beta Proactive ;D Simular to the MSCE friend I have no inside knowledge (no clue better said) on AV's, just looking at lowest amount of blacklist fingerprints in the data base and highest detection score on some AV tests.

Avira beta Proactive only for German speaking users?

-{ Quote: "who has limited resources? and why? can you please explain little more? ??? also i have a question why avira dont have an advanced heuristic which the malware while scanned avira opens it in limited environment and see what it does make general activiaties malwares often do (you make 3 point to say its malware example 1- send data and downloads files, 2-modify system ..etc) so when avira run it if it made 1 from 2 points avira say (probably a malware or suspicious and if it made all the points which you perviously made it then you say a variant of...(malware name) also and you can use this idea on specific variants of malware (zbot does a-..., b-... c-....) so when you catch malware do the (a,b,c or a,b only or even a only) then its malware or variant or suspicious depends on the how much points the malware scores (a,b,c) thats what eset (nod32) does and its very good as you know malware is easy to encrypted when detected so a very advanced and strong herustic is better and important and you will be able to catch the new malwares before it even created!! last thing why you dont catch an executable values on the malwares so that it cant be encrypted anymore (it will be broken if they tried to encrypt it). finally i have to say that avira and specially you do a very very good job and all uses and company appreciated it and and i have to say thank you on all your efforts for protecting us. thank you Stefan Kurtzhals, thank you AVIRA :-*" }-

stefan please answer :)

-{ Quote: "But implementing better security measures, patching OS, LUA, SRP and DEP can block most. In that sense, nothing is infallible, not even HIPS." }-
So is using HIPS, which can block most. But the issue you told about is layered security is not good, I proved my point then, that it is better, and can keep our system safe to the extreme(you are urself suggesting that);)

-{ Quote: "No, it wont. Read the SB forums. They delete any debate on 64bit versions. Sandboxie will die a slow and painful death come windows 7. I'm sure someone who cares will write something better." }-

That is terrible. I hope they change their views and make SBIE compatible.

Ice

-{ Quote: "Sigh... Security is security. All these tests are probably not even reliable because all tests show different results. My friend is a Microsoft Certified Engineer and he says Microsoft Forefront and Symantec Endpoint Protection is more effective than Avira. =/" }-
That's only "his opinion"(or one he's told to have!):-I know a few "Microsoft Certified Engineers" who I wouldn't let loose on any system,all it tends to prove is that they have paid to gain a qualification

My 2 cents on this matter .

I wonder if anyone ever thought about using the vast amount of unbiased data already on the web to do a study ?

It should be easy enough to get a rough idea as to what % of the general population uses each of the major antivirus vendors .

Take those same vendors and track how frequently they should up in help forum threads where the user is asking for additional malware removal help .

Now you will have how frequently each vendor is used and also how frequently these vendors also show up in an environment where they have failed .

You could then devise a scoring system where their score is determined by scaling the frequency of failure against what % of the population is using them .

This of it like this :

Vendor (A) is used 75% of the time .
Vendor (B) is used 30% of the time .

Vendor (A) shows up in 90% of help request threads .
Vendor (b) shows up in 15% of help request threads .

(does not have to add up to 100% as some people do double up)

Vendor (A)'s score would be 90 * (100-75) or 2250
Vendor (B)'s score would be 15 * (100-30) or 1050

Obviously 0 is the best you could do by having no help forum requests regardless of your popularity . The best scores would always be a combination of massive popularity yet still very low failure rates .

The scores should reflect a more accurate representation of real time and real world performance . Each help request stops time for each individual infection and vendor making the age of the sample irrelevant . Age of samples is becoming a growing complaint and rightfully so , this type of research would at the very least take the age of the samples out of the equation .

Any test where the sample are more than a few hours old only represents how well an application adds legacy defs AFAIK . Think of it this way . You can get a 99% one most of the current testing models while scoring a perfect 0 in the real world and here is how .

The test has 100,000 samples from the last year . 99% would be 99,000 . What if the 1,000 missed were all from this week and the other 99,000 were from before that . The test would give wildly inaccurate and dead on accurate results at the same time depending on how you looked at them .