According to Prevx's homepage, avira missed 49 rootkits yesterday on computers cleaned / detected by prevx.

Are these numbers pure marketing or is this true. Some clarification would be nice.

Hawk

I'll let pleonasm and others comment but I just wanted to clarify: surely the claim is the same one or few rootkit(s) on 49 different machines rather than 49 different rootkits?

I haven't looked on the page myself, I'm just trying to clarify for the sake of info content of this thread.

Here is the link from prevx's homepage.

http://www.prevx.com/avgraph/19_9/Avira-Rootkit.html

It appears to be more than one rootkit.

Hawk

Thanks for the link. DANG, the table at bottom of that page shows close to 49 different rootkit names - whether variable names for same rootkit, I wouldn't have a clue, but surely this represents many different rootkits.

I will look forward to some informed response on this.

yes its true. Prevx has broken the mold and decided to step out of the box and call other vendors to the carpet with their claims. OMG the sky is falling. I applaud Prevx for not being fearful, to tell it like it is. And if it holds true for Prevx, then others will find it out.

We spend every 3 months running IBK and his findings through the grinder. And in the end, it is the same crappy thread with everyone feeling they are right. I say, instead of beating on Insbruck, let the damn vendors fight it out amongst themselves as to who is cream, and who is crap.

Why dont other vendors do this?

Because they don't have to..... it's marketing whichever way you look at it.



AV X can come up with a BS graph just like that and say "hey buddy- look what WE find that prevx doesn't- Time to jump ship!!".....its pure and simple- we all know no AV can detect every single variant and prevx are exploiting that fact to the maximum without drawing attention to their own flaws, of which there more than a few.


Their data collection for the graphs is BS too- too many variables which are unaccounted for and they use WSC for detecting the other av installed, very accurate method considering WSC track record for correctly reporting the status of an installed av.

{QUOTE-> Are these numbers pure marketing or is this true. Some clarification would be nice. <-QUOTE}
Take your time to read this whole thread (http://www.wilderssecurity.com/showthread.php?t=239141) and you'll find your answer ;)

{QUOTE-> Why dont other vendors do this?

Because they don't have to..... it's marketing whichever way you look at it.

AV X can come up with a BS graph just like that and say "hey buddy- look what WE find that prevx doesn't- Time to jump ship!!".....its pure and simple- we all know no AV can detect every single variant and prevx are exploiting that fact to the maximum without drawing attention to their own flaws, of which there more than a few.

Their data collection for the graphs is BS too- too many variables which are unaccounted for and they use WSC for detecting the other av installed, very accurate method considering WSC track record for correctly reporting the status of an installed av. <-QUOTE}
It might be marketing but I tend to think it is not BS, simply because Prevx provides so much info on the infected files they claim other AVs missed... pretty easy to verify or contest, in my opinion. I'd say Prevx is putting it all out there real transparent-like, and if Avira or avast! or Symantec disagrees, then have at it. In other words, it looks to me like Prevx can substantiate their claims. That's not BS. :thumb:

As far as I'm aware, it's completely true. But you need to keep in mind

1. Results depend on the popularity of software, so you can't compare the results against each other, only against prevx.
2. Prevx doesn't check for outdated AVs

{QUOTE-> It might be marketing but I tend to think it is not BS, simply because Prevx provides so much info on the infected files they claim other AVs missed... pretty easy to verify or contest, in my opinion. I'd say Prevx is putting it all out there real transparent-like, and if Avira or avast! or Symantec disagrees, then have at it. In other words, it looks to me like Prevx can substantiate their claims. That's not BS. :thumb: <-QUOTE}

The only thing they can substantiate is that they caught a variant that the other vendors have ether came in contact with or don't feel its a threat. This kind of marketing will just bite them in the ass if they do get the attention of the big boys. Which will do nothing but run circles around this av.

things you don't do... Gloat and mess with company's with bigger budgets then you. ;D


Also keep in mind. Those graphs may not show FALSE POSITIVES that prevx is detecting. Only that it detected it why having X and Y on the computer. For all we know they could just be FP's

{QUOTE-> As far as I'm aware, it's completely true. But you need to keep in mind
1. Results depend on the popularity of software, so you can't compare the results against each other, only against prevx.
2. Prevx doesn't check for outdated AVs <-QUOTE}
Hi funkydude
I don't quite understand what you mean by, "Results depend on the popularity of the software"?
As for your #2, okay, it's important to keep in mind, as you say (and I assume it's true), but really, how could Prevx possibly make that check? :)

Mostly it is marketing, and as such there is some truth in it, it couldn't be totally bogus BS. This approach tends to work better than "Hey come use our product even though there are better programs out there, you should use ours". I doubt that approach would work very well.

{QUOTE-> The only thing they can substantiate is that they caught a variant that the other vendors have ether came in contact with or don't feel its a threat. <-QUOTE}
That's saying something right there, if you ask me.
{QUOTE-> This kind of marketing will just bite them in the ass if they do get the attention of the big boys. Which will do nothing but run circles around this av. <-QUOTE}
The "big boys" (hello Symantec) have proven over the years that they have trouble keeping their own business on a straight course. They are in no position, nor are they competitively capable, of running circles around a company like Prevx.
{QUOTE-> things you don't do... Gloat and mess with company's with bigger budgets then you. ;D <-QUOTE}
I don't know about that, lots of companies with big budgets have imploded lately. It's the lean and mean companies that are taking share, not the fat pigs.
{QUOTE-> Also keep in mind. Those graphs may not show FALSE POSITIVES that prevx is detecting. Only that it detected it why having X and Y on the computer. For all we know they could just be FP's <-QUOTE}
I don't know about if they are fp's. A Prevx rep would have to address that for us. I appreciate your opinions... but I don't agree with many of them! ;)

{QUOTE-> Take your time to read this whole thread (http://www.wilderssecurity.com/showthread.php?t=239141) and you'll find your answer ;) <-QUOTE}

Very interesting read.

{QUOTE-> Also keep in mind. Those graphs may not show FALSE POSITIVES that prevx is detecting. Only that it detected it why having X and Y on the computer. For all we know they could just be FP's <-QUOTE}I assumed at least some were FP's as well. Thenew (1.5 days) Prevx install on my machine has had a couple of FP's already. I'm not complaining about the FP's at all, just wondering if they'll end up in today's scorecard of malware that Avira didn't catch.

Of course all this matters very little - just about every product's marketing involves at least a little hyperbole.

No doubt about it, Prevx is one of the better apps at detecting malware. See my 5 apps thread.

I just wish the app was recoded in order that we could maximise the windows to full, or at least, near full screen. Anybody else agree that they are too small ?

{QUOTE->
things you don't do... Gloat and mess with company's with bigger budgets then you. ;D
<-QUOTE}
This review may help to show how good that Prevx is- an advanced technology that, well, blows other companies out of the water. Not to mention the great support they offer but that's another topic.

http://www.pcmag.com/article2/0,2817,2347577,00.asp

{QUOTE-> I just wish the app was recoded in order that we could maximise the windows to full, or at least, near full screen. Anybody else agree that they are too small ? <-QUOTE}The option to enlarge the screen would be nice. You have to click around the display to find things you are looking for...:o ;D

{QUOTE-> Here is the link from prevx's homepage.

http://www.prevx.com/avgraph/19_9/Avira-Rootkit.html

It appears to be more than one rootkit.

Hawk <-QUOTE}
IMO, they (PREVX) are desperate. This is the kind of marketing that is to say the least unethical, and will have a boomerang effect in the long run. They can show any figures, prove whatever they like, if it is not coming from an independent party it remains BS.

That is not to say that Avira or any other companies are better or worse than PREVX. There are too many parameters with users at large, to claim what they found.

I've had Avira for a year now and had no AV for about a year before installing Avira, which remains my unique antimalware application with the firewall.
I scanned with PREVX 3.0 and found nothing, it lasted 2 minutes and 31 seconds.

{QUOTE-> According to Prevx's homepage, avira missed 49 rootkits yesterday on computers cleaned / detected by prevx.

Are these numbers pure marketing or is this true. Some clarification would be nice.

Hawk <-QUOTE}

Marketing with no proof to back it up,period.

Like anything in life,you better have the proof to back it up.Until then,it's just talkin in the wind.

Looks like its not unique malware for each listed sample, alot of malware use generated file names and you see similar name schemes here. Also some of the detections looks like false positives.

But the worst mistake of the chart is that is basing on the popularity of the scanner. If a product is very popular and has many installations like AVG or Avast, it will do worse in this chart. They should add the information "we checked xxx machines with product aaa and yyy of those were infected". Then you can see the actual percentage of systems that got infected.

{QUOTE-> This review may help to show how good that Prevx is- an advanced technology that, well, blows other companies out of the water. Not to mention the great support they offer but that's another topic.

http://www.pcmag.com/article2/0,2817,2347577,00.asp <-QUOTE}

This made me blow my coffee all over my monitor from laughing so hard. :'(

PC mag ya there is a review that holds water lets try a real review like maybe Av-Comparatives or AV-Test or hell Ill even take a VB100 over PC Mag review / Thoughts on anything anytime. :dry:

{QUOTE->
The "big boys" (hello Symantec) have proven over the years that they have trouble keeping their own business on a straight course. They are in no position, nor are they competitively capable, of running circles around a company like Prevx.
<-QUOTE}

I don't know whats harder to believe. That you thought I was implying Symantec, or that you really think that other av's don't / are not already running circles around this joke of a AV. :argh:

IMHO Prevx is a great product and they have great support, but their marketing is a bit dubious.

I agree with Fajo. AV-Comparatives have done cloud-tests for McAfee Artemis. And are capable of doing a test of PrevX, if they step up.

Until they get certification/comparison test from a well known n reputed third party. Their claims of superiority are propaganda material, at best.

Hello all,
You can read another discussion about this which has already been extensively hashed out (over hundreds of posts :)) on: http://www.wilderssecurity.com/showthread.php?t=225190&page=160 (starting with lodore's post #3990)


However, to prevent going full circle again:

> Our vendor charts show threats which the other vendors miss. That is all they are meant to do and that is all that they do. There is no need to interpret them further and we won't interpret them further behind the scenes because that obscures the meaning.

> We detect threats that other vendors miss

> We are logically included in the statement "Every day, popular security products are missing thousands of infections"

> Prevx scans for active infections, not for infections in archives or dormant in subfolders on the disk so logically if we detect an infection and another AV is active on the system, it allowed that threat through

> Out of 20,000+ unique detections per day, far less than 1% are false positives so the statistics are not terribly skewed because of them

> Older/outdated antivirus software is not a problem for AV companies and makes no difference on the charts, being that they must logically try as hard as possible to keep backward compatibility with new technology to protect their users better to reduce complaints and fuel renewals

> Internet security suites have functions which can block a fraction more samples, but in the end they ARE still letting thousands of threats through, just as their anti-malware counterparts are

> On-demand, massive collection AV testing is flawed by concept and most new products today cannot be adequately assessed in this manner (and obviously AVs aren't catching 99% of threats in the true wild)

{QUOTE-> Looks like its not unique malware for each listed sample, alot of malware use generated file names and you see similar name schemes here. Also some of the detections looks like false positives. <-QUOTE}

If you could please elaborate and let us know exactly which files appear to be false positives, we'd be glad to fix them :)

EDIT: I've gone through each of the rootkits missed by Avira detected today and none of them are false positives :-\. The only questionable one in my eyes by filename was NEATIMAGE.EXE but it is found by 33/37 on VT.

{QUOTE-> But the worst mistake of the chart is that is basing on the popularity of the scanner. If a product is very popular and has many installations like AVG or Avast, it will do worse in this chart. They should add the information "we checked xxx machines with product aaa and yyy of those were infected". Then you can see the actual percentage of systems that got infected. <-QUOTE}

The fact is that we aren't trying to compare AV companies - we are just showing threats missed which is correctly represented by the charts and data. If you click "Explain this chart" on the homepage, you will see this clarification :)

{QUOTE-> I don't know whats harder to believe. That you thought I was implying Symantec, or that you really think that other av's don't / are not already running circles around this joke of a AV. :argh: <-QUOTE}
Well, unless you explain yourself better, a lot of people are going to think you are referring to a company like Symantec when you make a statement like this... {QUOTE-> This kind of marketing will just bite them in the ass if they do get the attention of the big boys. <-QUOTE} Who were you referring to?

{QUOTE-> Well, unless you explain yourself better, a lot of people are going to think you are referring to a company like Symantec when you make a statement like this... Who were you referring to? <-QUOTE}

Sorry to say but you can only speak for you. People on this forum are smart enough to know most the tech behind there av's and what is really on top and what can use improvement.

My Examples
Eset, Avira, Kaspersky, Gdata, hell even Dr. Web (less Known) could run Circles around this but unfortunately for prevx In the cloud tech is really just that In the clouds. People really need to know whats behind the tech before they try to preach about it. :dry:

{QUOTE-> Hello all,
You can read another discussion about this which has already been extensively hashed out (over hundreds of posts ) on: http://www.wilderssecurity.com/showthread.php?t=225190&page=160 (starting with lodore's post #3990)


However, to prevent going full circle again:

> Our vendor charts show threats which the other vendors miss. That is all they are meant to do and that is all that they do. There is no need to interpret them further and we won't interpret them further behind the scenes because that obscures the meaning.

> We detect threats that other vendors miss

> We are logically included in the statement "Every day, popular security products are missing thousands of infections"

> Prevx scans for active infections, not for infections in archives or dormant in subfolders on the disk so logically if we detect an infection and another AV is active on the system, it allowed that threat through

> Out of 20,000+ unique detections per day, far less than 1% are false positives so the statistics are not terribly skewed because of them

> Older/outdated antivirus software is not a problem for AV companies and makes no difference on the charts, being that they must logically try as hard as possible to keep backward compatibility with new technology to protect their users better to reduce complaints and fuel renewals

> Internet security suites have functions which can block a fraction more samples, but in the end they ARE still letting thousands of threats through, just as their anti-malware counterparts are

> On-demand, massive collection AV testing is flawed by concept and most new products today cannot be adequately assessed in this manner (and obviously AVs aren't catching 99% of threats in the true wild) <-QUOTE}


You Detect FP's then call them threats. Your testing is all based on you and your Internal tests. Hell I could wright a virus make a sig detect it then say the other av's of the world cant detect this. Better get mine now. God how flawed this concept is.

AV being active on the system. You don't even check to see if its out of date the AV could be a copy of NIS 2005 that has not been updated sense it was installed. your covering the facts to make your self look better.

Saying tests are flawed is a desperate act of a dieing company. Yes no test is 100% but by your own admission you use tests "Internally" to promote your own product. The only AV's that wont test to them or try to dumb them down, are ones that could not pass the test or simply would be bad marketing to be compared to other AV's :dry:

There is alot of talk about your charts your testing your statistics. Not one mention of anything out side your company if you come in here to promote something show something with some backing not a bunch of dumbed down text that shows nothing accept Your word on it.

This thread is a lost cause lol I wont be reposting here as My point has been made and its pointless to go in circles.

I think that is very clear that this chart isn't correct, in all aspects, and is just a bad way to do marketing...

Would be nice to have in that chart the number of false-positives of Prevx! ;D

It is just not for me.

{QUOTE-> You Detect FP's then call them threats. Your testing is all based on you and your Internal tests. Hell I could right a virus make a sig detect it then say the other av's of the world cant detect this. Better get mine now. God how flawed this concept is. <-QUOTE}

Every product produces FPs once in a while - many popular AVs have infamously produced FPs against explorer.exe, excel.exe, and other very popular system files :) The samples which we report and count are all found active on user's PCs.

{QUOTE-> Also AV active on the system. You don't even check to see if its out of date the AV could be a copy of NIS 2005 that has not been updated sense it was installed. your covering the facts to make your self look better. <-QUOTE}

It could, but the charts are made to show the threats found on users PCs that were protected by x AV. If a user is still using NIS 2005, they think they are still protected by it. Sure, the newest, shiniest product from every company may have better protection but isn't it in every companies best interest to protect their customers as well as possible? If NIS 2005 didn't work at all anymore, surely Symantec would discontinue it and automatically upgrade customers :-\ Otherwise, their customers would never pay for the subscription renewals, and subscription renewals is the primary way that AVs make money.

{QUOTE-> Saying tests are flawed is a desperate act of a dieing company. Yes no test is 100% but by your own admission you use tests "Internally" to promote your own product. The only AV's that wont test to them or try to dumb them down, are ones that could not pass the test or simply would be bad marketing to be compared to other AV's :dry: <-QUOTE}

We are hardly dying, but conventional AV tests are flawed by concept. alexeck, the CEO of Sunbelt explains it very well in this post:

http://www.wilderssecurity.com/showpost.php?p=1477156&postcount=96

Older samples are trivial to detect but useless. We've looked at some samples from these "massive" tests in the past and checked in our database for the number of users that had seen the samples - unsurprisingly, a massive portion of them had only been seen by one user, the tester, and had never actually infected ANY user of Prevx. :-\ Should we spend resources detecting these archaic "threats" when we have enough data to deal with on a daily basis (upwards of 200 new samples every minute)?... I don't think so.

{QUOTE-> Sorry to say but you can only speak for you. People on this forum are smart enough to know most the tech behind there av's and what is really on top and what can use improvement.

My Examples
Eset, Avira, Kaspersky, Gdata, hell even Dr. Web (less Known) could run Circles around this but unfortunately for prevx In the cloud tech is really just that In the clouds. People really need to know whats behind the tech before they try to preach about it. :dry: <-QUOTE}
Thanks for providing examples this time. It's clear to me now that your use of terms like "big boys" and "company's with bigger budgets" should have tipped me off immediately that you were talking about those corporate giants, Dr.Web and G-Data.

.

The Avira rootkit statistics posted by Prevex on it's website are totally consistent with Independent Lab Testing.

The sad fact is that Avira apparently sux at removing active rootkits.

Here are results of two May 2008 anti-rootkit tests conducted and reported by AV-Test.org :

Avira had its struggles in removing active rootkits and malware being hidden by rootkits - -- it was only able to clean up seven out of thirty in each case

http://www.av-test.org/down/papers/2008-04_vb_rootkits.pdf

These results were also reported by Darkreading.com:

http://www.darkreading.com/security/management/showArticle.jhtml?articleID=211201080


On the other hand, Prevx's excellence at detecting and removing rootkits was displayed in the statistics of the PC Mag review mentioned earlier in this thread. (You may believe that PC Mag has its biases, but if you also believe it would post phony stats there is no point in discussing this.)

"For the current round of testing, I've broken out a separate rootkit score, drawn from both malware and keyloggers that use rootkit technology. Prevx tied with Webroot for detection again: both got 89 percent. Webroot scored 7.1 overall against rootkits, while Prevx scored 6.7. None of the rest scored as high."

http://www.pcmag.com/article2/0,2817,2346868,00.asp


.

{QUOTE-> Hi funkydude
I don't quite understand what you mean by, "Results depend on the popularity of the software"?
As for your #2, okay, it's important to keep in mind, as you say (and I assume it's true), but really, how could Prevx possibly make that check? :) <-QUOTE}

If 1000 Prevx users use Symantec and 50 Prevx users use AVG, the missed results are in most cases going to be higher for symantec because of the more users, this is explained on the chart, which is why you cannot use it to compare AV v AV, only AV v Prevx, and even that you can't really do since you don't know what Prevx missed and AV didn't.

The Security Center tells you if an AV is out-of-date, Prevx already have code that finds what AV is in use via the Security Center but don't for checking if it's up-to-date, that's my only annoyance I have with Prevx at the moment.

{QUOTE-> If 1000 Prevx users use Symantec and 50 Prevx users use AVG, the missed results are in most cases going to be higher for symantec because of the more users, this is explained on the chart, which is why you cannot use it to compare AV v AV, only AV v Prevx, and even that you can't really do since you don't know what Prevx missed and AV didn't. <-QUOTE}

We welcome these statistics from other vendors :)

{QUOTE-> The Security Center tells you if an AV is out-of-date, Prevx already have code that finds what AV is in use via the Security Center but don't for checking if it's up-to-date, that's my only annoyance I have with Prevx at the moment. <-QUOTE}

The reasoning for this is that every AV is immediately outdated as soon as they update because new threats are constantly being released. It is in the best interest of the security company to keep their users updated (so that they will then renew their subscription which they wouldn't do if a threat got through) and the user should be made well aware if their signatures are outdated (and the product should manage the updating automatically and silently, as most do). Because of this, I think being updated is a non-issue (at least at the conceptual level :) If users of an antivirus product are not being kept up to date on a massive scale, then the AV company has some fundamental problem ;))

{QUOTE-> If you could please elaborate and let us know exactly which files appear to be false positives, we'd be glad to fix them :)
<-QUOTE}

I'm sure If you provide Stefan with the samples he'll give it a spin. With the information you give on your website he can't do all that much, although I have to agree, a lot of the files look like FPs judging by their names.


What these stats of course do not take into account:
- Were the AVs on that system up to date?
- Were these systems actually _real_ systems or just testbeds by some 'enthusiasts' or even malware authors? I mean, ~5000 'infection scans' per day could easily be achieved just by enthusiasts, although i doubt all of them have PREVX installed :)
- Installation base of the AVs, and how many were _not_ infected according to PREVX.
- The numbers lose their complete meaning without the ability of putting them into a relative context...

With a sufficient user base, I'm pretty sure I could achieve similar results by implementing an idiotically simple AV that produces the same kind of 'additional protection' comparison...

I'm sure many people active in the anti-malware and malware-writing crowd have multiple AVs installed either on test machines, VMs etc... Did you check for multiple installations, virtual environments to -kind of- 'exclude' these, or at least whether they had their resident protection active?

There's lies, damn lies .... and statistics....

{QUOTE-> I'm sure If you provide Stefan with the samples he'll give it a spin. With the information you give on your website he can't do all that much, although I have to agree, a lot of the files look like FPs judging by their names. <-QUOTE}

I'm really struggling to find which files you think are false positives ??? I've checked each one of rootkit detections and NONE of them are false positives

{QUOTE->
What these stats of course do not take into account:
- Were the AVs on that system up to date? <-QUOTE}

Explained: http://www.wilderssecurity.com/showpost.php?p=1478552&postcount=35

{QUOTE-> - Were these systems actually _real_ systems or just testbeds by some 'enthusiasts' or even malware authors? I mean, ~5000 'infection scans' per day could easily be achieved just by enthusiasts, although i doubt all of them have PREVX installed :) <-QUOTE}

We only look at active infections or infections hidden by rootkits (files active and running in memory or files registered in the registry which would cause it to run on bootup) so this would not be the case.

{QUOTE-> - Installation base of the AVs, and how many were _not_ infected according to PREVX. <-QUOTE}

We aren't trying to test this - we are merely providing the data on threats which were missed, not the percentages or further interpretation of the data (as that is not relevant to the point we're trying to make).

{QUOTE-> - The numbers lose their complete meaning without the ability of putting them into a relative context... <-QUOTE}

No, you're just looking too deeply into them :) The numbers are not meant to be interpreted any further than they are displayed on the charts.

{QUOTE-> I'm sure many people active in the anti-malware and malware-writing crowd have multiple AVs installed either on test machines, VMs etc... Did you check for multiple installations, virtual environments to -kind of- 'exclude' these, or at least whether they had their resident protection active? <-QUOTE}

We only included data from our consumer product which finds threats in an on-demand scan which are active on the system and we only include data from AVs registered in the Security Center with protection Active.

To answer the title of this thread: "prevx home page claims other AV's missed malware" - yes we do, and they do. There really should be no further argument, we're just proving the point that other AVs miss malware by showing some of the raw data behind it. The average home user does not understand that the antivirus program they just bought for $50 will not block all viruses and we're working to clear up that misconception :)

Did I mention anything specific about rootkits? I mean throughout all categories.

{QUOTE-> Did I mention anything specific about rootkits? I mean throughout all categories. <-QUOTE}

Most of the posts previously have been about the rootkit chart, however, if you have any specific filenames which look like FPs, let me know and I can dig out the underlying data behind them.

{QUOTE-> No, you're just looking too deeply into them The numbers are not meant to be interpreted any further than they are displayed on the charts.
<-QUOTE}

Sorry, but i like to chew and taste before I swallow statistics :) Isn't this basically what I am saying? Yay, we've got some numbers! But once you start thinking about what this actually _means_ you end up with nothing useful. I think noone here wants to start a debate about whether any security software finds 100%, and that one solution might prove additional protection when added to another. All I mean to say is, that with the numbers provided (and especially those omitted), your marketing dept. is leaving out those bits that might shed some light into the state of affairs, and provide us enthusiast with something actually meaningful.

I am not debating the fact that PREVX probably provides additional protection to AV users, whichever product they chose. The extent and quality of this however cannot be judged with these numbers.
I believe that to be done on intent of course - no offense intended -, as basically the job of marketing is to sell the product.

Personally, I'd love to be able to put things into a context though, the statistics could be really interesting. Like this however I don't really find much use in them once you "look too deep".

{QUOTE-> Sorry, but i like to chew and taste before I swallow statistics :) Isn't this basically what I am saying? Yay, we've got some numbers! But once you start thinking about what this actually _means_ you end up with nothing useful. I think noone here wants to start a debate about whether any security software finds 100%, and that one solution might prove additional protection when added to another. All I mean to say is, that with the numbers provided (and especially those omitted), your marketing dept. is leaving out those bits that might shed some light into the state of affairs, and provided us enthusiast with something actually meaningful.

I am not debating the fact that PREVX probably provides additional protection to AV users, whichever product they chose. The extent and quality of this however cannot be judged with these numbers.
I believe that to be done on intent of course - no offense intended -, as basically the job of marketing is to sell the product.

Personally, I'd love to be able to put things into a context though, the statistics could be really interesting. Like this however I don't really find much use in them once you "look too deep". <-QUOTE}

I agree that these statistics would indeed be interesting... however, they are horribly flawed. Around 18 months ago we had these exact statistics on our charts (number of infections relative to the number of users) but we had yet another round of outrage towards them because everyone said we were fabricating the statistics.

The reason why we can't show the more detailed interpretation of the statistics is that most users find out about Prevx because they search for specific filenames on Google which they suspect are malicious because they think their computer is already infected. These results lead to Prevx pages which lead to our downloads and scans which result in infection counts logged against their active AV.

Therefore, the percentage of users which we find as infected is highly unrepresentative of the true population of users so publishing these statistics would be misleading (and would result in similar threads to this one ;))

{QUOTE-> Most of the posts previously have been about the rootkit chart, however, if you have any specific filenames which look like FPs, let me know and I can dig out the underlying data behind them. <-QUOTE}
Hello PrevxHelp,

a 'high risk worm' false positive

'launch winrar.exe' is a legitimate application included in winrar unpluged 3.8.0.1 (http://www.win-rar.com/download.html)

Panagiotis

{QUOTE->
Therefore, the percentage of users which we find as infected is highly unrepresentative of the true population of users so publishing these statistics would be misleading (and would result in similar threads to this one ;)) <-QUOTE}

Sorry for being such a pain about this, but do you think that if the complete statistics are -in your words- 'misleading' and 'unrepresentative', a reduced subset of statistics somehow magically introduces meaning that was not present before? :what:

Again, I am not doubting the benefit of an additional layer such as PREVX. Just trying to produce some food for thought for anyone trying to interpret the numbers provided :)

{QUOTE->
'launch winrar.exe' is a legitimate application included in winrar unpluged 3.8.0.1 (http://www.win-rar.com/download.html) <-QUOTE}

Fixed :) Thanks!

{QUOTE->
To answer the title of this thread: "prevx home page claims other AV's missed malware" - yes we do, and they do. There really should be no further argument, we're just proving the point that other AVs miss malware by showing some of the raw data behind it. The average home user does not understand that the antivirus program they just bought for $50 will not block all viruses and we're working to clear up that misconception :) <-QUOTE}

Whether you are right or wrong with your claims it is inappropriate from a vendor to create such a confrontational situation, particularly when it is coming from an in house statistical analyses.

I would suggest it is high time you join AV Comparatives and see how you fare according to their parameters. From my point of view you will never be a choice on my systems because of your marketing tactics and let me add it, plain arrogance.

{QUOTE-> Sorry for being such a pain about this, but do you think that if the complete statistics are -in your words- 'misleading' and 'unrepresentative', a reduced subset of statistics somehow magically introduces meaning that was not present before <-QUOTE}

Trying to interpret the data further makes them unrepresentative/misleading, however the statistics currently are not misleading - they say that X AV missed Y file, which is the extent of the data and the point we're trying to make.

However, trying to find what percent of users using X AV are infected is what is misleading because we don't have a true random sampling of users.

fix/review also those:
http://www.prevx.com/filenames/X777253225653453169-X1/DNDEBUG.DLL.html
http://www.prevx.com/filenames/X841033922331275891-X1/DNDEVENUM.DLL.html
http://www.prevx.com/filenames/X471968871526154503-X1/DNSCRAMBLE.DLL.html
http://www.prevx.com/filenames/1769194444768136373-X1/TMPGENCDVDAUTHOR3.EXE.html
etc.

if the point is just to "show that no AV detects 100%", just write in bold on your website: "No Anti-Virus product can protect against 100% of all malware. Neither Prevx can" ;) ;D
Beside that, some peoples may use Prevx on machines they know that are infected and want a second opinion. This introduces a further bias.

{QUOTE-> fix/review also those:
http://www.prevx.com/filenames/X777253225653453169-X1/DNDEBUG.DLL.html
http://www.prevx.com/filenames/X841033922331275891-X1/DNDEVENUM.DLL.html
http://www.prevx.com/filenames/X471968871526154503-X1/DNSCRAMBLE.DLL.html
http://www.prevx.com/filenames/1769194444768136373-X1/TMPGENCDVDAUTHOR3.EXE.html <-QUOTE}

Thanks :) I've fixed these - the first three have only ever seen by one user, the last was a more popular FP.

{QUOTE->
if the point is just to "show that no AV detects 100%", just write in bold on your website: "No Anti-Virus product can protect against 100% of all malware. Neither Prevx can" ;) ;D
Beside that, some peoples may use Prevx on machines they know that are infected and want a second opinion. This introduces a further bias. <-QUOTE}

Indeed, but we use the vendor information as a "portal" to then get more information about each file and we do feel that the point of "no product provides 100% protection" needs to be emphasized more than it is, especially with products being released that have the names "Total Security or "Total Protection". If a user is using Prevx as a second opinion, I would suspect that would bring truth to our point as the AV wouldn't have blocked/removed the files.

We have the text prominently displayed:

"Every day, popular security products are missing thousands of infections"

And we aren't excluding ourselves from this fault ;D

actually my point is that in your stats there are indeed a lot of false alarms (i say a lot because by just looking at names and not at files, within few minutes severals can be seen); plz review/fix also those:
http://www.prevx.com/filenames/X366539983059780800-X1/WSPACK.DLL.html
http://www.prevx.com/filenames/X472743809247753697-X1/BDUTILS.DLL.html
http://www.prevx.com/filenames/X3260541718321045296-X1/BDCH.DLL.html
http://www.prevx.com/filenames/X1150491720540635385-X1/BDGUICTL.DLL.html
http://www.prevx.com/filenames/X3277012160878131244-X1/BDSUBWIZ.EXE.html
http://www.prevx.com/filenames/1264098127848573549-X1/BDSUBMIT.DLL.html
http://www.prevx.com/filenames/2542117181953297725-X1/PAV.EXE.html
http://www.prevx.com/filenames/739648604638159905-X1/MBAM-SETUP%5Bn%5D.EXE.html

{QUOTE-> actually my point is that in your stats there are indeed a lot of false alarms (i say a lot because by just looking at names and not at files, within few minutes severals can be seen); plz review/fix also those:
<-QUOTE}

I don't think these are FPs, all of them are found by quite a few products on VT and do indeed look malicious (many are KAVCop-related infections, some are file infectors):

http://www.prevx.com/filenames/X366539983059780800-X1/WSPACK.DLL.html - Found by 8/40

http://www.prevx.com/filenames/X472743809247753697-X1/BDUTILS.DLL.html - Found by 9/40

http://www.prevx.com/filenames/X3260541718321045296-X1/BDCH.DLL.html - Suspicious by 7/38

http://www.prevx.com/filenames/X1150491720540635385-X1/BDGUICTL.DLL.html - 11/40 on VT

http://www.prevx.com/filenames/X3277012160878131244-X1/BDSUBWIZ.EXE.html - 11/40 on VT

http://www.prevx.com/filenames/1264098127848573549-X1/BDSUBMIT.DLL.html - 8/40

http://www.prevx.com/filenames/2542117181953297725-X1/PAV.EXE.html - 26/40

well, PER Antivirus is a legitimate application. Try to download it from the website and scan with virustotal:
http://www.virustotal.com/analisis/9ab9b3799b5579bb145f48ecb6b7d1f1454b8a479dc04844f91a99347e21de08-1236226410
Only Prevx detects it as "Medium Risk Malware"

Beside that, not only no AV detects 100% (incl. Prevx), but also all AV's have FP's (incl. Prevx), so even if many AV's detect something according to Virustotal, its does not make it malicious.

{QUOTE-> well, PER Antivirus is a legitimate application. Try to download it from the website and scan with virustotal:
http://www.virustotal.com/analisis/9ab9b3799b5579bb145f48ecb6b7d1f1454b8a479dc04844f91a99347e21de08-1236226410
Only Prevx detects it as "Medium Risk Malware" <-QUOTE}

Fixed :) Security applications detecting other security applications is common being that they each modify the system similarly to malware (many AVs produce regular FPs against our new releases as well).

{QUOTE-> Beside that, not only no AV detects 100% (incl. Prevx), but also all AV's have FP's (incl. Prevx), so even if many AV's detect something according to Virustotal, its does not make it malicious. <-QUOTE}

Yes, this is true, but its hard to say with many of these as they do have some very suspicious attributes which are causing them to be flagged (and a sizable chunk of the antivirus industry also detecting them tends to make me think they are indeed malicious).

{QUOTE-> Personally, the point is that you say "Fixed" about 10 times a day, and that's just on Wilders forums haha. It's good that you fix things though. Pity so many things have to be broken in the first place haha. <-QUOTE}

I don't though. On average, I fix far less than one FP per day here (with mionr spikes because of signatures which have overstepped their bounds) and we don't have a sample submission form on our website so users tend to just paste them here publicly - no one sees the FPs from other vendors because they are submitted silently :)

http://www.prevx.com/filenames/2829477802708873910-X1/DOWNTESTER.EXE.html
http://www.virustotal.com/analisis/01c064dcfa5dec5348e227a4649a2e9679a42651d1d06a47ee6f3e8e70343cdd-1243949520

another FP. Please note that you count all those FPs as "misses" by the other AVs on your website..

i suggest to start fixing more than just 1 FP per day ;)

{QUOTE-> another FP. Please note that you count all those FPs as "misses" by the other AVs on your website.. <-QUOTE}

When we detect a file, we only report it against that day's chart, not against future charts by default. The file you just sent was seen just 4 times between May 21st and June 2nd.

{QUOTE-> i suggest to start fixing more than just 1 FP per day ;) <-QUOTE}

I fix the FPs reported here :) The research team handles the rest via the customer support inbox.

{QUOTE->
I fix the FPs reported here :) The research team handles the rest via the customer support inbox. <-QUOTE}
ok, please review also those (plz note that as i do not have the files, except those that i googled for, i have to rely mainly on the names - i wish you would send the files you list as misses of the vendors to the vendors so they could crosscheck):
http://www.prevx.com/filenames/1589501347734697139-X1/HDINSPECTOR.EXE.html
http://www.prevx.com/filenames/1964358450737102365-X1/DLA.EXE.html
http://www.prevx.com/filenames/X2079170817261148648-X1/FXSCOVER.EXE.html
http://www.prevx.com/filenames/2465687340589112146-X1/FXSSVC.EXE.html
http://www.prevx.com/filenames/2068767318989685327-X1/WINSOUND.DLL.html

{QUOTE-> I don't though. On average, I fix far less than one FP per day here (with mionr spikes because of signatures which have overstepped their bounds) and we don't have a sample submission form on our website so users tend to just paste them here publicly - no one sees the FPs from other vendors because they are submitted silently :) <-QUOTE}
Why don't you add a submission module in PrevX? If a user marks a file as FP in the program it could ask him if he wants to submit it and to provide additional info (where you can download it etc).

Anyway, most of the FP's that I usually see in PrevX do have some 'malicious' behaviour.

Panagiotis

{QUOTE-> ok, please review also those (plz note that as i do not have the files, except those that i googled for, i have to rely mainly on the names - i wish you would send the files you list as misses of the vendors to the vendors so they could crosscheck): <-QUOTE}

http://www.prevx.com/filenames/1589501347734697139-X1/HDINSPECTOR.EXE.html - found by 17/40

http://www.prevx.com/filenames/1964358450737102365-X1/DLA.EXE.html - found by 33/37

http://www.prevx.com/filenames/X2079170817261148648-X1/FXSCOVER.EXE.html - (Can't find the MD5 to check)

http://www.prevx.com/filenames/2465687340589112146-X1/FXSSVC.EXE.html - (Can't find the MD5 to check)

http://www.prevx.com/filenames/2068767318989685327-X1/WINSOUND.DLL.html - found by 3 as "Game/Casino.GEN", probably better categorized as riskware/adware than malware

We do share the missed samples with a number of other vendors. (I believe Avira is getting in contact with our director of malware research as well to get copies of the samples which they are missing.)

{QUOTE-> Why don't you add a submission module in PrevX? If a user marks a file as FP in the program it could ask him if he wants to submit it and to provide additional info (where you can download it etc).

Anyway, most of the FP's that I usually see in PrevX do have some 'malicious' behaviour.

Panagiotis <-QUOTE}

We have this feature - if you right click a file and click "Report as a false positive" it will get forwarded onto our research team. Unsurprisingly, however, it is abused in massive volumes - malware authors trying to submit their creations as FPs to get us to remove the detection :-\

{QUOTE-> http://www.prevx.com/filenames/1589501347734697139-X1/HDINSPECTOR.EXE.html - found by 17/40 <-QUOTE}

ehm, sorry, but what md5's are you using? even by looking at the prevx site, its clear that it does not refer to a single/specific md5 (files with different sizes). I downloaded HDInspector from the original website (altrixsoft) and scanned it with Virustotal now, and only Prevx detects it (false alarm):
http://www.virustotal.com/analisis/12d3b1ccdfa0750d9bf7706d5c0897c1e159cd54481f147dcbcfce7fd78aec70-1243952666

Beside that, I see that you add files uploaded from virustotal, giving the origin SPAIN (of course) and renaming the files to an 8-digit number.

{QUOTE-> ehm, sorry, but what md5's are you using? even by looking at the prevx site, its clear that it does not refer to a single/specific md5 (files with different sizes). I downloaded HDInspector from the original website (altrixsoft) and scanned it with Virustotal now, and only Prevx detects it (false alarm):
http://www.virustotal.com/analisis/12d3b1ccdfa0750d9bf7706d5c0897c1e159cd54481f147dcbcfce7fd78aec70-1243952666

Beside that, I see that you add files uploaded from virustotal, giving the origin SPAIN (of course) and renaming the files to an 8-digit number. <-QUOTE}

There are quite a few:
3BD1F213246C5F22E286BEF4500B67CE
3790A3CA7957B5A83968DA483CC70FD6
0FBE1E35BDFA05FB8F07FD0EAA9BD35B
3436F108F35361BC75F9DC91DACDCAB5
950ADAB403DDD5C25368CD4A0CEE203F

The list goes on...

{QUOTE-> IMHO Prevx is a great product and they have great support, but their marketing is a bit dubious. <-QUOTE}

I agree, prevx is a great product.. some more dubios claims made by other AV's on their respective websites:

Malwarebytes' Anti-Malware can detect and remove malware that even the most well known anti-virus and anti-malware applications fail to detect.

Comodo Internet Security has all the functionality of a paid AV without the price. It eliminates ALL known Viruses, Worms and Trojans from desktops and networks with no license fees or hidden costs.

I could easily find dozens more...

Actually i think showing this kind of info on a daily and/or real time basis really does benefit people.

Now if Prevx would also include their own misses, then who could complain.

Let's have and keep these results out in the open for all to see, including All the vendors.

Publishing things like this in plain sight often is what makes vendors step up a gear or 3, and quite a few of them need to !

{QUOTE-> Now if Prevx would also include their own misses, then who could complain.
<-QUOTE}

We don't know our own misses (as we would just detect them ;D) but we're interested in the opposite view if other vendors have this data against real world samples :)

{QUOTE-> As a Prevx user & reseller, that blog post (http://www.prevx.com/blog/129/Prevx-Suggests-Pandas-Cloud-Antivirus-Is-Bloatware-With-A-Fancy-Name.html) by Mel Morris {CEO of Prevx} is embarrassing (as are the stupid comparison charts on the Prevx home page).

Source: this thread (http://www.wilderssecurity.com/showthread.php?t=240731&page=8) <-QUOTE}
The cacophony of voices expressing dismay at the troubling marketing tactics of Prevx continues to grow in volume, and now even includes a reseller of the Prevx product . . . .

:(

{QUOTE-> We don't know our own misses (as we would just detect them ;D) but we're interested in the opposite view if other vendors have this data against real world samples :) <-QUOTE}
I think the table on prevx site is misleading; if you want, let's say "indirectly misleading". Almost all average users will look at the graph and compare the various products together, thinking that the one with the lowest number is better than the one with the highest number, no considering that the one with the low number is just not represented often in the chart. if you want to keep the chart at any cost, at least make it statistically valid. Tell how many PC's were scanned in total, how many were protected by an AV, how many had which AV, and on how many Prevx found something where an AV was installed, etc. You do not even need to name the other companies.

{QUOTE-> Tell how many PC's were scanned in total, how many were protected by an AV, how many had which AV, and on how many Prevx found something where an AV was installed, etc. You do not even need to name the other companies. <-QUOTE}

We had this in the past and still received massive complaints about it. We are adding a line to the "Explain this chart" which will clarify our intent:

"These statistics cannot be used to compare the effectiveness of one product to another."

If you look at what we're claiming, we really aren't misrepresenting the data at all and I think adding this line to "Explain this chart" should clarify any complaints.

In contrast, other vendors have similar charts and don't give any underlying data and are directly comparing the other products (i.e. http://www.threatfire.com/)

IBK, I think that the term “indirectly misleading” is a fair description of the problem.

The issue of whether or not “almost all average users” will misinterpret the data is an empirical question. Prevx could, for example, display a pop-up window with a few simple questions to a random selection of visitors to the “missed threats” details webpage asking:Would you do us a favor? Based upon your examination of the “missed threats” statistics on our website, we’re interested in learning about your perspectives. There are no “right” or “wrong” answers to the following two questions – just provide your honest viewpoint.

1. Security vendors with lower number of “missed threats” statistics are better than those with higher numbers.

Strongly____________________________Strongly
Disagree_____________________________Agree
___1________2________3________4________5

2. Prevx misses threats that other anti-virus vendors are detecting.

Strongly____________________________Strongly
Disagree_____________________________Agree
___1________2________3________4________5
I retain the hope that Prevx is interested in really learning the truth about the extent to which the “missed threats” are misinterpreted, and will deploy a research initiative of the form recommended here -- perhaps including questions that other forum community members can suggest.

{QUOTE->
I retain the hope that Prevx is interested in really learning the truth about the extent to which the “missed threats” are misinterpreted, and will deploy a research initiative of the form recommended here -- perhaps including questions that other forum community members can suggest. <-QUOTE}

With the next website change going out, we will circumvent the issue entirely by making it blatantly clear by saying:

"These statistics cannot be used to compare the effectiveness of one product to another."

;D

IBK,
It seems you will have all day to find them... :D :D :D

Unfortunately, we haven't a chart of them, if not the users will be scared...

The Threatfire link may directly compare products, however they state that they've tested 1300 samples. This approach also has its issues of course, however it is more valid in terms of comparing different AVs, as the same testbed has been used 'against the specific product'. They are not comparing "instances found on user PCs" like your statistics do.

Both representations of the data (PrevX and Threatfires) are relatively meaningless. Threatfires because of the low amount of samples used, and PrevXs because of the missing number of total installations per AV product.

Pointing fingers at them is like saying, "But look, they're posting flawed statistics too!".

From my POV, both sites/stats are effectively meaningless in their current state.

I would consider myself an average (or slightly above) user along the lines of a "hobbyist" more than an "enthusiast." I cannot understand why this chart would cause such problems. I had an issue not too long ago about how they (Prevx) captured this information from my computer so I contacted them and it was quickly explained, and adequately at that. With that being said it appears to me that Prevx is being open and transparent about their intentions. I think the problem comes from trying to make more out of the chart/data than is intended. In fact other vendors (Sophos Threat Detection Test for example) make a similar claim, albeit more subtle and without a chart. In the end Prevx has found several active infections, not dormant files like whats used in 3rd- party test, that others missed minus FP's of course (which EVERY vendor has).

{QUOTE-> We had this in the past and still received massive complaints about it. <-QUOTE}
PrevxHelp, to clarify, from whom did these complaints occur? Users? Vendors?

Just for purposes of illustration, can you kindly post in this forum the count of the number of “missed threats” statistics for each vendor together with the number of PCs upon which that count is based? I am not asking that you redesign the website – only that you share these summary details with this forum community for one day’s “missed threats” report.

{QUOTE-> We are adding a line to the "Explain this chart" which will clarify our intent: "These statistics cannot be used to compare the effectiveness of one product to another." <-QUOTE}
PrevxHelp, this action is certainly a step in the right direction! You sincerely deserve credit for listening and responding to the forum community. :)

Two additional questions:

Would you consider elevating the prominence of this statement from the “Explain this chart” section to the main body of the chart itself?
Would you consider editing the statement to read, “These statistics cannot be used to compare the effectiveness of Prevx or of any other product to another,” since the number of threats detected by the other products and missed by Prevx is not displayed?

{QUOTE->
Both representations of the data (PrevX and Threatfires) are relatively meaningless. Threatfires because of the low amount of samples used, and PrevXs because of the missing number of total installations per AV product <-QUOTE}

But it is NOT meaningless for what we're trying to say - we're saying that AVs miss threats and here is the list of threats which they miss. We're not trying to say X AV is better than Y AV at all, we're just giving the raw data.

It may be meaningless to you if you only find meaning in data which directly compares products but the conclusion we want users to draw is that no one product is perfect and they should use multiple products if they want to achieve the best security possible.

{QUOTE-> With the next website change going out, we will circumvent the issue entirely by making it blatantly clear by saying:

"These statistics cannot be used to compare the effectiveness of one product to another." <-QUOTE}Since there is no way one could provide proof, I'll speculate and say that "website change" is like fine print on any product. The majority of visitors seeing the marketing tool will go home with the chart foremost in their minds....right or wrong. They will not have read the fine print and Company A"s marketing group will simply shrugg their shoulders and only be worried about the bottom line :dry:

I'm Sorry Could not stay away from this one....


Im sorry but every time you say FIXED is another user that thought they were infected when they used your product do you have any idea how many systems you guys screwed up all because of this.

I know other AV's have FP's there no doubt but this kind of marketing and then the stuff its detecting is very misleading. The main reasion other AV's are missing what your detecting is becuse there was no virus on there system in the first place, until they installed your product and it became the virus. :dry:

{QUOTE-> Since there is no way one could provide proof, I'll speculate and say that "website change" is like fine print on any product. The majority of visitors seeing the marketing tool will go home with the chart foremost in their minds....right or wrong. They will not have read the fine print and Company A"s marketing group will simply shrugg their shoulders and only be worried about the bottom line :dry: <-QUOTE}

Yes, it is true that some users may not be inclined to read further, assuming they have understood the meaning of the chart.

Being that the chart has the title: "Threats missed by other security vendors" and the caption "The chart below shows how many infections Prevx 3.0 found yesterday, on PCs protected by security products from the following vendors:" I'd assume that anyone who didn't fully understand the chart from the captions alone would click "Explain this chart".

We've turned on some web analytics to see just how often people click "Explain this chart" and should have some statistically significant results in a few hours.

{QUOTE-> I'm Sorry Could not stay away from this one....

Im sorry but every time you say FIXED is another user that thought they were infected when they used your product do you have any idea how many systems you guys screwed up all because of this.

I know other AV's have FP's there no doubt but this kind of marketing and then the stuff its detecting is very misleading. The main reasion other AV's are missing what your detecting is becuse there was no virus on there system in the first place, until they installed your product and it became the virus. :dry: <-QUOTE}

I disagree - far less than 1% of our users have ever experienced a FP. This is completely within the range of normal AVs - you may hear the users complaining on a forum saying: "Prevx has too many FPs!!" but that is just because they were one of the few which encountered them. In some of my own small testing Prevx against other AVs for compatibility, I have yet to find an AV (out of 6) which did NOT find a FP on one of my average-user test systems. One notable case was of a particular AV finding 29 Photoshop files as malicious :-\ Last I checked, memory hogging software doesn't mean malicious ;D

Feel free to add a 5%, or even a 10% bias to the numbers on the homepage - the actual numbers really don't matter much at all, just the fact that the AVs are missing real threats and we can prove it.

{QUOTE-> PrevxHelp, to clarify, from whom did these complaints occur? Users? Vendors? <-QUOTE}

Users.

{QUOTE-> Just for purposes of illustration, can you kindly post in this forum the count of the number of “missed threats” statistics for each vendor together with the number of PCs upon which that count is based? I am not asking that you redesign the website – only that you share these summary details with this forum community for one day’s “missed threats” report. <-QUOTE}

We do not have this data easily available but I will see if we can generate these reports easily.

{QUOTE->
PrevxHelp, this action is certainly a step in the right direction! You sincerely deserve credit for listening and responding the forum community. :) <-QUOTE}

Thank you :)

{QUOTE->
Would you consider elevating the prominence of this statement from the “Explain this chart” section to the main body of the chart itself? <-QUOTE}

Probably not, being that it would then be illogical (explaining a chart you have yet to encounter).

{QUOTE-> Would you consider editing the statement to read, “These statistics cannot be used to compare the effectiveness of Prevx or of any other product to another,” since the number of threats detected by the other products and missed by Prevx is not displayed? <-QUOTE}

As a compromise, we've now changed the line to read:

"These statistics are provided to show that all vendors miss threats and cannot be interpreted to compare the effectiveness of one product to another."

{QUOTE-> I disagree - far less than 1% of our users have ever experienced a FP. This is completely within the range of normal AVs - you may hear the users complaining on a forum saying: "Prevx has too many FPs!!" but that is just because they were one of the few which encountered them. In some of my own small testing Prevx against other AVs for compatibility, I have yet to find an AV (out of 6) which did NOT find a FP on one of my average-user test systems. One notable case was of a particular AV finding 29 Photoshop files as malicious :-\ Last I checked, memory hogging software doesn't mean malicious ;D

Feel free to add a 5%, or even a 10% bias to the numbers on the homepage - the actual numbers really don't matter much at all, just the fact that the AVs are missing real threats and we can prove it. <-QUOTE}

Or one of the few that figured out how to use the forum or even knew you had one. :dry:

The only thing you can prove is how shady your marketing is and how misleading your charts are.


I'm done talking to someone with there head stuck in the mud thinking all is fine. As its pointless to talk to someone that's preaching his own gospel.

{QUOTE-> I disagree - far less than 1% of our users have ever experienced a FP. This is completely within the range of normal AVs - you may hear the users complaining on a forum saying: "Prevx has too many FPs!!" but that is just because they were one of the few which encountered them. In some of my own small testing Prevx against other AVs for compatibility, I have yet to find an AV (out of 6) which did NOT find a FP on one of my average-user test systems. One notable case was of a particular AV finding 29 Photoshop files as malicious :-\ Last I checked, memory hogging software doesn't mean malicious ;D

Feel free to add a 5%, or even a 10% bias to the numbers on the homepage - the actual numbers really don't matter much at all, just the fact that the AVs are missing real threats and we can prove it. <-QUOTE}

To be fair, you can't deny that the FPs are still coming in a straight, steady flood, can you? :-\ I've yet to see a FP from the AVs that I use really - completely serious. NOD32 had FPs - I stopped using it as it caused troubles.

{QUOTE-> I agree, prevx is a great product.. some more dubios claims made by other AV's on their respective websites:

Malwarebytes' Anti-Malware can detect and remove malware that even the most well known anti-virus and anti-malware applications fail to detect.



<-QUOTE}
What exactly is misleading about that statement?

@Prevxhelp:
You could state something like this (just an idea):

Yesterday 1000000 PC's were scanned with Prevx. From those, almost all had an installed and running AV (from various vendors). Prevx found suspected malicious files on 8000 of those PC's (see missed files here).
<here you put a graph showing 8000 from 1000000>
This should make you clear that no AV is able to protect against 100% of all malware and that an(y) additional product like PREVX may be able to detect malware that your current AV has overseen.
Disclaimer: our product, like other products, may also report false alarms.

This would support your scope (tell that no AV detects 100%) and could not be interpreted by anyone as misleading. ;D

{QUOTE-> To be fair, you can't deny that the FPs are still coming in a straight, steady flood, can you? :-\ I've yet to see a FP from the AVs that I use really - completely serious. NOD32 had FPs - I stopped using it as it caused troubles. <-QUOTE}

They are coming steadily for us and for every other AV because there are new threats and new legitimate programs created every day. We receive data on more than 250,000 brand new programs every day.

Most of the FPs reported here are on security software or new OS builds and if you look through the historic list of FPs reported in the "Introducing" thread, there actually are not a lot which are on software used by normal users every day (granted every AV's goal is to have 0 FPs, but this is logically unattainable).

Oddly enough, we have only a marginal amount more FPs come into our support inbox every day as we have here, even though we have many more users who actually contact us in customer support than on here (and a much larger user base behind the customer support inbox), which shows that our FPs tend to occur from more "techie" users who are more likely to use alpha/beta software than your average home user.

{QUOTE-> They are coming steadily for us and for every other AV because there are new threats and new legitimate programs created every day. We receive data on more than 250,000 brand new programs every day.

Most of the FPs reported here are on security software or new OS builds and if you look through the historic list of FPs reported in the "Introducing" thread, there actually are not a lot which are on software used by normal users every day (granted every AV's goal is to have 0 FPs, but this is logically unattainable).

Oddly enough, we have only a marginal amount more FPs come into our support inbox every day as we have here, even though we have many more users who actually contact us in customer support than on here (and a much larger user base behind the customer support inbox), which shows that our FPs tend to occur from more "techie" users who are more likely to use alpha/beta software than your average home user. <-QUOTE}

Or more likely able to see its a FP unlike a normal user that just clicks remove.

{QUOTE-> @Prevxhelp:
You could state something like this (just an idea):

Yesterday 1000000 PC's were scanned with Prevx. From those, almost all had an installed and running AV (from various vendors). Prevx found suspected malicious files on 8000 of those PC's (see missed files here).
<here you put a graph showing 8000 from 1000000>
This should make you clear that no AV is able to protect against 100% of all malware and that an(y) additional product like PREVX may be able to detect malware that your current AV has overseen.
Disclaimer: our product, like other products, may also report false alarms.

This would support your scope (tell that no AV detects 100%) and could not be interpreted by anyone as misleading. ;D <-QUOTE}

I agree that these statistics would be good to have, except that this is almost exactly what we had before. Our charts included data like (from a while back):

"
* Users:1,383,025
* Scans:3,603,248
* Files Checked:11,345,488,205
* Bad Files:1,332,640
* PCs Infected:34%
"
However, the percent of PCs infected is highly skewed because people come looking for Prevx because they suspect their PC is infected (and now the statistics are higher as well) so showing these numbers causes people to claim we're spreading FUD. :-\

We're definitely interested in a solution to this, however :)

{QUOTE-> Or more likely able to see its a FP unlike a normal user that just clicks remove. <-QUOTE}

Our system is able to find the number of unique instances of a program across the community. If any signature could result in a file being determined which exists on more than 100 PCs, we are immediately given a warning and manual intervention is required. Therefore, we're able to prevent any major FPs from happening so I this is why most normal users, who are using software used by a majority of normal users (Word, Powerpoint, Adobe Reader, etc.) would rarely see any FPs at all.

{QUOTE-> We're definitely interested in a solution to this, however :) <-QUOTE}
:-\ hm, then i suggest removing it completely. that will also avoid any complaints ;)

{QUOTE-> What exactly is misleading about that statement? <-QUOTE}

Misleading marketing and advertising practices;)

The statement from malwarebytes is no different to the statements made by prevx.

At least very similar

Yes their products do that, but so do other AV's

On the other hand this marketing statement by Comodo is outright deception

Comodo Internet Security has all the functionality of a paid AV without the price. It eliminates ALL known Viruses, Worms and Trojans from desktops and networks with no license fees or hidden costs.

Don't get me wrong, they're all great products. Personally I don't give a damn for advertising or their marketing strategies .
If they deliver I buy If the don't then I don't...:argh:

{QUOTE-> We've turned on some web analytics to see just how often people click "Explain this chart" and should have some statistically significant results in a few hours. <-QUOTE}
PrevxHelp, I do like the empirical approach, and look forwarding to seeing the total number of visits to the Prevx home webpage and the number of visits to the “Explain this chart” section during the same period. I recommend that you wait a full 24 hours, to ensure that a sample across the globe is captured.

{QUOTE-> We do not have this data easily available but I will see if we can generate these reports easily. <-QUOTE}
PrevxHelp, thank you for your willingness to be transparent. Again, the request is for a simple spreadsheet containing 12 rows (for each security vendor) and three columns: the security vendor’s name, the number of “missed threats,” and the count of the number of PCs upon which the former is based.

{QUOTE-> Q: Would you consider elevating the prominence of this statement from the “Explain this chart” section to the main body of the chart itself?

A: Probably not, being that it would then be illogical (explaining a chart you have yet to encounter). <-QUOTE}
PrevxHelp, not sure that I understand the logic. The chart is displayed in its entirety on the home webpage with a partial explanation of its contents (“The chart below shows how many infections Prevx 3.0 found yesterday, on PCs protected by security products from the following vendors”). Why couldn’t the new clarifying statement be added immediately thereafter?

{QUOTE-> As a compromise, we've now changed the line to read: "These statistics are provided to show that all vendors miss threats and cannot be interpreted to compare the effectiveness of one product to another." <-QUOTE}
PrevxHelp, that’s another step in the right direction! :)

{QUOTE-> {False positives} are coming steadily for us and for every other AV <-QUOTE}
PrevxHelp, why not simply inform the forum community about (a) the total number of malware instances detected by Prevx and (b) the total number of detected malware instances that were incorrectly classified as malware, over (c) the same historical time period? The ratio of “b” to “a” is the false positive rate. I have to believe that someone inside of Prevx is monitoring that key performance indicator closely, and sharing the “a,” “b” and “c” information will advance the discussion from “opinion” to “fact.”

{QUOTE-> I suggest removing it {the “missed threats” chart} completely <-QUOTE}
IBK, there is considerable merit in the idea. Prevx could, in its place, publish a quarterly document similar to Symantec’s Internet Security Threat Report (http://www.symantec.com/business/theme.jsp?themeid=threatreport), which is highly professional presentation of issues that are of interest to the broad user community. Such a report – unlike the single “missed threats” graph on the Prevx home webpage – could contain additional analyses and details that might help to alleviate misinterpretation. A link to the report – rather than the display of the “missed threats” graph – could appear on the Prevx home webpage.

PrevxHelp, what do you think of this recommendation?

What is all this nonsense?
I really do not understand those that are complaining about PrevX advertising (and I am not one of their customers).
Kaspersky, Eset use similar misleading charts http://www.eset.com/products/compare-NOD32-vs-competition.php?pm=1 http://www.kaspersky.com/comparative_tests?id=207575621
Norton has a list of awards http://www.symantec.com/norton/theme.jsp?themeid=awards for their publicity.
Firewall companies (comodo,agnitum,tallemu,jetico,etc.) use (or used in the past) matousec tests as advertising.

And I never saw, much complaints about those advertisments. :dry:

Panagiotis

For PrevxHelp,

You may have answered this already but does Prevx notify the other AV/AM companies to let them know what they missed?

{QUOTE-> I really do not understand those that are complaining <-QUOTE}
It's what they do. A few do an admirable job at it. That is to say, they mask their chronic complaining in a cloak of studiousness. The great majority of these complaining types are nothing more than electronic vampires... navel contemplaters who get all wrapped up in themselves and their mini-causes. Recognize them for who and what they are: people who take themselves too seriously. They have no stake in your computer's security. :thumb:

{QUOTE->
Kaspersky, Eset use similar misleading charts http://www.eset.com/products/compare-NOD32-vs-competition.php?pm=1 <-QUOTE}

:-\ What? Do you really think that the statistics made by the vendor itself is not biased at all and you compare it to tests performed by prestigious testing organizations, such as Virus Bulleting or av-comparatives??? The statistics that doesn't take into account if the AVs are up to date and running properly, if more data is gathered from systems with more famous AVs installed or if the files detected by the product in question are actually functional malicious files... I'm speechless, sorry.

This forum is full of very intelligent people!!!

Fortunately, I still find some that really think a bit and care about the things, and is a pleasure to talk with them...

{QUOTE-> What is all this nonsense?
I really do not understand those that are complaining about PrevX advertising (and I am not one of their customers).
Kaspersky, Eset use similar misleading charts http://www.eset.com/products/compare-NOD32-vs-competition.php?pm=1 http://www.kaspersky.com/comparative_tests?id=207575621
Norton has a list of awards http://www.symantec.com/norton/theme.jsp?themeid=awards for their publicity.
Firewall companies (comodo,agnitum,tallemu,jetico,etc.) use (or used in the past) matousec tests as advertising.

And I never saw, much complaints about those advertisments. :dry:

Panagiotis <-QUOTE}

Gotta agree with pandlouk. If people believe in this that strongly, then they need to hold all vendors/companies to the same standard. If this is the case, I would expect to see several new threads started about other companies PR/marketing practices.

{QUOTE-> You may have answered this already but does Prevx notify the other AV/AM companies to let them know what they missed? <-QUOTE}

We do if they request information about the samples.

{QUOTE-> Again, the request is for a simple spreadsheet containing 12 rows (for each security vendor) and three columns: the security vendor’s name, the number of “missed threats,” and the count of the number of PCs upon which the former is based.
...
PrevxHelp, why not simply inform the forum community about (a) the total number of malware instances detected by Prevx and (b) the total number of detected malware instances that were incorrectly classified as malware, over (c) the same historical time period? <-QUOTE}

Unfortunately we are unable to easily generate this data in a reasonable/economically sound amount of time. We have made various web changes due to the suggestions by the members here but there is a limit to our openness and we have to put the good of our userbase ahead of the requests of an individual.

I suspect regardless of how much I support our views, there will always be people completely against our vendor charts, and then there will always be the other 99+% who are indifferent or thankful of our data :-\

These are very busy times for Prevx - filled with building intricate new components into our engines and improving the usability and impact of our products. While we are interested in any input which can help us improve our offerings, it would be a better use of everyone's time, in my opinion, to focus discussions away from topics that are frequently rehashed unnecessarily :)

This thread is largely a repeat of what was posted into the "Introducing" thread in the "other anti-malware software" sub-forum, which is a repeat of what was posted into another thread in that sub-forum, which is answering questions which have been posted and reposted periodically since we started putting the vendor information on our website in 2007 :) We're always interested in new opinions/viewpoints on this data, but most of the points discussed in this thread have already been made previously in other discussions (or within this thread itself :)).

Please let me know if you do have any questions/comments, but I think it would be more effective to forward direct requests for web changes into our customer service inbox where our web team will consider any suggestion.

{QUOTE-> :-\ What? Do you really think that the statistics made by the vendor itself is not biased at all and you compare it to tests performed by prestigious testing organizations, such as Virus Bulleting or av-comparatives??? The statistics that doesn't take into account if the AVs are up to date and running properly, if more data is gathered from systems with more famous AVs installed or if the files detected by the product in question are actually functional malicious files... I'm speechless, sorry. <-QUOTE}
Dear Marcos,

with all the respect, it was not an attack versus Eset or any other company.

But since you want bring av-comparatives as an example where exactly is Avira, Microsoft and GData on the chart you display here (May 2009 proactive test)http://www.eset.com/products/compare_heuristic_detection.php ? ;)
Or is it not misleading, by selective using only the data that makes Eset look better?

regards,
Panagiotis

*crickets*

I don't quite get the brouha about Prevx's website. While browsing through 5 pages here I opened a tab and checked the homepages of 7 other AV/AntiMalware products and found they all blow their own horns about their software. Hey they are trying to get customers. Many of them are very good at what they do, as is Prevx. As has been said here many times, Try them before you buy then and use what works good for you...:)

Always the same. Companies start to make strange charts and leave out important competitors or other relevant data. Seems those companies ran out of better arguments to convice customers buying their product?

Thank god my job is to make detections and not to "produce" charts.

http://www.wilderssecurity.com/showthread.php?t=243498&page=7

Go to the post by nosirrah and read it. Even though he is referring to something else, in his explaination he hits on something relevent to this thread; and thats how an av that does well in tests can fail a user in the real world. I think that is the part of the point PrevxHelp is making. In their chart they are seeing active infections from products that have done very well in testing. In the end what's it matter its just a chart anyway?

{QUOTE->
Pointing fingers at them is like saying, "But look, they're posting flawed statistics too!".

From my POV, both sites/stats are effectively meaningless in their current state. <-QUOTE}

I missed this portion of your post before so I thought I'd clarify what I meant :) Before being bought out by Symantec, Threatfire had this chart:

http://web.archive.org/web/20071102080141/http://www.threatfire.com/

See the difference? :)

The Threatfire test may indeed have been conducted in a scientific manner by a third party, but they have recently doctored the results to benefit themselves.

One of the core reasons behind not interpreting the vendor data on our homepage further is so that we don't obscure anything - we give the raw data and there really isn't anything to argue with once you have that.

@vlk: is it this one :D -> http://www.prevx.com/filenames/X1188528126574293895-X1/ETHPDRV.SYS.html

btw, its not true that Prevx counts only active infections (like some users claimed here). it does count also "dormant" files and traces as misses.

{QUOTE-> @vlk: is it this one :D -> http://www.prevx.com/filenames/X1188528126574293895-X1/ETHPDRV.SYS.html

btw, its not true that Prevx counts only active infections (like some users claimed here). it does count also "dormant" files and traces as misses. <-QUOTE}

Dormant files only existing in system folders and in areas which can be easily executed (i.e. the desktop). Traces like registry entries and shortcuts and non-executable files are not counted as a miss.

but files with *.VIR, *.FNE, *.TMP, etc. are counted..

{QUOTE-> but files with *.VIR, *.FNE, *.TMP, etc. are counted.. <-QUOTE}

We don't look at the file extension, just the file contents, as a file can still be loaded in any number of ways even if the extension is not executable by default. The filename shown in the page with an extension of .vir is probably just an artifact of a file having many names associated with it all pointing back to the same unique file.

However, if you right click and scan a folder with 5,000 .vir files, we won't report those into the chart.

i know, what i try to say is that an AV could have already renamed the file extension that you still count as miss... (in other words: there are so many possible variables that make the chart "not very reliable").

P.S.: FP -> http://www.prevx.com/filenames/X41038405478808615-X1/KAVPASSPORT.DLL.html

{QUOTE-> i know, what i try to say is that an AV could have already renamed the file extension that you still count as miss... (in other words: there are so many possible variables that make the chart "not very reliable"). <-QUOTE}

I checked through every filename missed by Avast (picked a random vendor) and they have 7 .VIR named files which we found out of 8567, so 0.08% of the files may have been renamed.

I'm willing to live within this range :)

{QUOTE-> This thread is largely a repeat of what was posted into the "Introducing" thread in the "other anti-malware software" sub-forum, which is a repeat of what was posted into another thread in that sub-forum, … <-QUOTE}
PrevxHelp, repetition is a signal that a topic is (a) important and (b) unanswered, in my opinion.

{QUOTE-> we give the raw data and there really isn't anything to argue with once you have that <-QUOTE}
PrevxHelp, to be precise, Prevx doesn’t actually give the “raw data”: neither the individual “missed threats” records for a single day, nor the number of PCs corresponding to each vendor’s “missed threats” statistics, nor the actual false positive rate for Prevx, nor the number of website visitors to the “Explain this chart” webpage versus the Prevx home webpage (at least so far). There hasn’t been much “data giving” to-date, unfortunately. :(

{QUOTE-> PrevxHelp, repetition is a signal that a topic is (a) important and (b) unanswered, in my opinion. <-QUOTE}
Pleonasm, repetition is a signal that a topic is (a) not as important to others as it is to you and (b) overanswered, in my opinion.

Hi @all!
Sry but I don´t understand the whole excitement over these graphs, too.

Every business company has it´s own marketing strategy. Please take a closer look at all these phrases written on the boxes or websites of other av-companies. Why don´t you discuss about these ones? I don´t get the point. Why is Prevx particularly criticized?
And it´s overanswered, indeed!

Regards,
Nightwatch

{QUOTE-> :-\ What? Do you really think that the statistics made by the vendor itself is not biased at all and you compare it to tests performed by prestigious testing organizations, such as Virus Bulleting or av-comparatives??? The statistics that doesn't take into account if the AVs are up to date and running properly, if more data is gathered from systems with more famous AVs installed or if the files detected by the product in question are actually functional malicious files... I'm speechless, sorry. <-QUOTE}

I completely agree, this the crux of the debate, they are publishing data that right or wrong doesn't come from independent organizations. Boasting about awards, is the only way to correctly advertise your product.

{QUOTE-> Hi @all!
Sry but I don´t understand the whole excitement over these graphs, too.

Every business company has it´s own marketing strategy. Please take a closer look at all these phrases written on the boxes or websites of other av-companies. Why don´t you discuss about these ones? I don´t get the point. Why is Prevx particularly criticized?
And it´s overanswered, indeed!

Regards,
Nightwatch <-QUOTE}

I'm starting to see the reason

{QUOTE-> Hi @all!
Sry but I don´t understand the whole excitement over these graphs, too.

Every business company has it´s own marketing strategy. Please take a closer look at all these phrases written on the boxes or websites of other av-companies. Why don´t you discuss about these ones? I don´t get the point. Why is Prevx particularly criticized?
And it´s overanswered, indeed!

Regards,
Nightwatch <-QUOTE}


People are bored and want something to argue about I guess. It seems to happen every 2-3 months here.

{QUOTE-> Hi @all!
Sry but I don´t understand the whole excitement over these graphs, too.

Every business company has it´s own marketing strategy. Please take a closer look at all these phrases written on the boxes or websites of other av-companies. Why don´t you discuss about these ones? I don´t get the point. Why is Prevx particularly criticized?
And it´s overanswered, indeed!

Regards,
Nightwatch <-QUOTE}

So you think that people are just mobbing PREVX because they finally revealed the truth of the matter? People see the whole thing under their own perspective and only time will tell if their vile "strategy" will pay off in terms of sales. Considering how this thread is progressing I wouldn't take it as a good omen for PREVX.

Is there a free version of Prevx besides the 30 day trial version?

xMarkx

You thining of jumping ship ? lol

hi,

Like some users i have already poited out in this thread http://www.wilderssecurity.com/showthread.php?t=240920 the absence of deontologya of theses charts that might be considered as comparative tests by the average users PrevX web site visitor.
Since there is no clear disclaimer, i maintain that this here a dishonest marketing.
And if i really wish to be as dirty as Sentenza i will for instance:
1/ buy a license, take a lawyer that will study the Eula, and find the way to begin a class action.
2/ buy a license and prove:
-that some av detect malwares that PrevX has missed,
-how PrevX scanner engine can be easily defeated and evaded by using various methods, some perhaps unknown from the developers...
But i have other things to do than these kidding games (even serious, i am here for the fun).
Another thing to add in the "bad list":
When an user install the trial version, he is involved automatically in the community without a clear disclamer as in the past: this is here Fist F..K..G user's privacy.
And due to the number of FPs, the user is incited to buy a license in order to cure an infection that has never existed...MAGIC!
I already love the PrevX marketing mantra ("we detect ...missed"), but here the marketing is really genious! I suggest for those who have time to scan a fresh install of Windows, maybe PrevX will detect something that Microsoft has missed....

On the other hand i understand PrevX dev. team frustration: they have worked hard for releasing an effective product, and they wish legitimately to see their product being considered as good as any AV leader.
But i am sure that this wish can not be realized by av comparative testing: av testing is already an equation quite impossible to resolve, and the in the cloud approach makes it much more impossible to resolve...
The security soft industry is a highly competitive market which has never been a catholic world: the av industry has been selling placebo products deliberately (they know that black list is a dead end concept) since years, helped by fully corrupted av test organization (VB 100)...
Finally, even vicious, pretentious and quite dishonest, i see nothing scandalous in PrevX which is just a company with an aggressive marketing as thousands and thousands in the software market.
At least anyone is free to use it or not, as i have not seen a computer sold with an installed trial version of PrevX, as it is the case for most av...
Some organization provides single test reviews with a financial participation, AV-Comparative for instance, but not done for profit goals, and much more worse, CascadianLabs
( http://cascadialabs.com/index.html ): it's up to PrevX to sign a big check to Cascadian Labs and they will tell us how wonderful life is when using PrevX...
If PrevXhelp is interested, i can give by PM a contact of a french lab that belongs to a military department, and that sometimes provides technical AV tests published in a System Engineer confidential publication.

Any editor tries to push up its product in order to sell more and more licenses, and ethical corruption has never been an obstacle to this business religion.
More than in the cloud statistics or av comparative tests, the key for becoming a or THE leader has been showed by Symantec: trade-marketing and partnerships with PC manufacturers: Norton is the leader in France, not because it is the most effective av, not because it performs very well in av tests...NO...Norton is the leader because 25% or 35% of users have their first av experience with it...
In a few words, it is a question of cash flow: "to have or to have not"...

rgds

As the OP, I asked because at work I have been investigating prevx for an additional layer. When I first visited prevx's site, my initial response from the graph was mixed. On one hand, they are blasting other AV's in a self righteous way when they suffer from same problems. However, they do point out that AV's miss malware and that no single product will protect the user 100% of the time.

We have purchased prevx for a number of PC's and will see how it goes.

On a sidenote, our IT infrastructure uses fortigate and it blocks the downloading of prevx due to classifying it as malware.

Hawk

{QUOTE-> :-\ What? Do you really think that the statistics made by the vendor itself is not biased at all and you compare it to tests performed by prestigious testing organizations, such as Virus Bulleting or av-comparatives??? The statistics that doesn't take into account if the AVs are up to date and running properly, if more data is gathered from systems with more famous AVs installed or if the files detected by the product in question are actually functional malicious files... I'm speechless, sorry. <-QUOTE}
Virus Bulletin's results seem to be rather dubious if this (http://www.eweek.com/c/a/Security/The-AntiMalware-Certification-Problem/) is anything to go by.

{QUOTE-> Is there a free version of Prevx besides the 30 day trial version? <-QUOTE}
Prevx has an unlimited trial version which can detect but can't remove malware.

{QUOTE-> I suggest for those who have time to scan a fresh install of Windows, maybe PrevX will detect something that Microsoft has missed... <-QUOTE}
Apparently that's already happened (http://www.techsupportalert.com/freeware-forum/5794-post8.html). ;D :ouch:

{QUOTE-> So you think that people are just mobbing PREVX because they finally revealed the truth of the matter? People see the whole thing under their own perspective and only time will tell if their vile "strategy" will pay off in terms of sales. Considering how this thread is progressing I wouldn't take it as a good omen for PREVX. <-QUOTE}

Oh!? Yaah!...I just told five of my friends to buy Prevx if they want good protection for their PCs. ;D

{QUOTE-> Oh!? Yaah!...I just told five of my friends to buy Prevx if they want good protection for their PCs. ;D <-QUOTE}
Vote in the Prevx Website poll (http://www.wilderssecurity.com/showthread.php?t=243993). :)

The more I read this thread, the more I love avira :-*

{QUOTE-> Or more likely able to see its a FP unlike a normal user that just clicks remove. <-QUOTE}
I thought you were done talking?

{QUOTE-> Prevx has an unlimited trial version which can detect but can't remove malware. <-QUOTE}
Hello,

Thanks for your answer.

A lot of people on this forum are talking about it, and I'm wondering is it one of those anti-malware applications which detect basic tracking cookies, etc, that you delete yourself 2-3 times a week or more anyway? Or is it more phisticated than that?

Just wondering, because I know ParetoLogic (maker of RegCure, XoftSpy, DriverCure, etc) has unlimited trials for their products. They don't remove the malware either, but do detect every single tracking cookie, scaring users into buying their ($) products to remove them. The programs don't even detect the serious viruses very well, so I've heard.

And yes, if it's a good app, I want to try it out sometime. :thumb:

Regards,

Mark.

{QUOTE-> So you think that people are just mobbing PREVX because they finally revealed the truth of the matter? People see the whole thing under their own perspective and only time will tell if their vile "strategy" will pay off in terms of sales. Considering how this thread is progressing I wouldn't take it as a good omen for PREVX. <-QUOTE}

Luckily enough, looks like the biggest percentual of our customers is not focused on charts at all but instead they find themselves well with Prevx 3.0, with really few (to none) false positives

{QUOTE-> You'd hope the people who pay hard earned money for Prevx are finding it a good product. <-QUOTE}

I think so, if they renew every year I think they find it a good product

{QUOTE-> Oh!? Yaah!...I just told five of my friends to buy Prevx if they want good protection for their PCs. ;D <-QUOTE}

As far as I'm concerned, you can tell hundreds of people to buy whatever you fancy. You are just doing exactly what has been debated in this thread:talking hot air. Any claim which is not confirmed by an independent party remains suspicious. Besides, as I mentioned it could turn out to be productive for PREVX, but certainly unethical.

{QUOTE->
A lot of people on this forum are talking about it, and I'm wondering is it one of those anti-malware applications which detect basic tracking cookies, etc, that you delete yourself 2-3 times a week or more anyway? Or is it more phisticated than that? <-QUOTE}

Not at all - we don't detect tracking cookies and never will :)

{QUOTE-> You'd hope the people who pay hard earned money for Prevx are finding it a good product. <-QUOTE}

We also guarantee our malware cleanup so if someone doesn't find us completely effective, they contact us and we fix it ;)

{QUOTE-> Apparently that's already happened (http://www.techsupportalert.com/freeware-forum/5794-post8.html). ;D :ouch: <-QUOTE}

I suspect that this is why Wilders has taken the stance to not allow users to post VirusTotal links. The engine behind VirusTotal is completely different to the consumer engine - causing it to produce more FPs and detect less as we can't actually scan the way that the consumer product scans. I suspect that this was indeed a false positive, but there are many cases where we are the only product to detect a threat and it is indeed malicious :-\

{QUOTE-> Any claim which is not confirmed by an independent party remains suspicious. <-QUOTE}
Prevx names the vendors and Prevx names the threats. I'm thinking, if Prevx is wrong, then they could be taken to task by any or all the vendors who feel wronged. Is avast! or Symantec or Kaspersky or AVG or any of the others protesting? Has Prevx offered to supply info to any of the vendors who contact them?

--> Let me supply you with that answer...

Q. (from 1000db) "does Prevx notify the other AV/AM companies to let them know what they missed?"
A. (from PrevxHelp) "We do if they request information about the samples."

{QUOTE-> So how do you know you're the only product to detect the threat if virustotal results are unreliable? <-QUOTE}

It depends on the file ;D Ironically, we actually just corrected a fundamental VirusTotal scanner issue yesterday which should improve detections and reduce FPs significantly from today onward (affecting our results for the last two months).

{QUOTE-> That didn't answer the question. Good game. <-QUOTE}

Well, to clarify - "It depends on the file" means that there is variation in the results, inherent in the design/purpose of VT. The engines at VirusTotal are only commandline programs which just use a subset of the technology of the full products so they fundamentally behave quite different than the actual consumer scanner and they have to work with what data they have. Many pieces of our technology which cannot be included in the VT engine reduce FPs and many pieces improve protection (and I suspect this is the case with the other products as well).

{QUOTE-> Excellent post on techsupportalert. Keep in mind, that is just his experience only. Others may have had better experiences.

Personally, I've had bad experiences with Prevx giving me false positives too. It's never picked up a single genuine malware on my system. Then again, Avira has never picked up anything either haha. <-QUOTE}
Of course. Personally the only FPs I've had with Prevx is on relatively obscure applications. Just wanted to point out Prevx sometimes has more severe FPs.

{QUOTE-> I suspect that this is why Wilders has taken the stance to not allow users to post VirusTotal links. The engine behind VirusTotal is completely different to the consumer engine - causing it to produce more FPs and detect less as we can't actually scan the way that the consumer product scans. I suspect that this was indeed a false positive, but there are many cases where we are the only product to detect a threat and it is indeed malicious :-\ <-QUOTE}
Well the poster there had FPs with the actual Prevx program and not just on VT. He was just showing the point that it was an FP.

{QUOTE-> Well the poster there had FPs with the actual Prevx program and not just on VT. He was just showing the point that it was an FP. <-QUOTE}

Ah ok :) Missed that point ;D I've responded on there as well just to ensure that we take care of everything properly.

{QUOTE-> Indeed, and it's not just Prevx that suffers a hit on virustotal.

But I was asking how you know Prevx has detected genuine malware that no other product detected. That is a bold claim haha, and I'm just wondering how you know. <-QUOTE}

I see this often, usually when users come into the support inbox saying: "Prevx is the only AV to find this file on VirusTotal, is the file malicious?" We have them send us the file and then we analyze it - in many cases we are indeed the only company which has correctly identified it as malicious.

But of course, in the interest of full disclosure (and in the best interest of beating a dead horse, so to speak), there are cases where other products find malware which we don't find ;D)

{QUOTE-> Right, but based on virustotal only, which as you have admitted, has stripped down versions of each anti-malware program. Just trying to make that point clear for everyone. Also virustotal does not include all anti-malware programs out there. Maybe SAS or MBAM would have picked it up haha. <-QUOTE}

Yes, sorry about that :-[ Not fully awake yet apparently :) The file may indeed have been blocked by the realtime protection of other products or other products like MBAM which look for active infections.

*goes and gets some coffee*

{QUOTE-> The more I read this thread, the more I love avira :-* <-QUOTE}

You can use both and they work seamlessly. :)

I use Prevx as a paid user. I trust the software too and i really believe it gives me more chance to prevent an infection that my antivirus software can miss. Also, i think that it is the only company that answers comments of users this much and directly. But i also think that;

1) "We detected this much" is a bad way of advertising. It doesn't matter that you put a "what this chart means" link or try to explain. At the end, we all know it means "we are that good, all other programs you see the names below sucks". As mentioned, there is no perfect software. For example, Prevx has some serious fp's. Using 2 months for now, reported more then 20 samples as fp's. Everytime i see that "we detected this much" window, i just smile. Today, Prevx "found" 5 infections on my pc that Avira "missed". (This also means i can't install Prevx to my grandma's pc for example. That big threat window, red colors forces you to click the "clean" button. An average user will do this and make the computer unstable.) Ow and is this a real threat or fp? http://www.prevx.com/filenames/X463470545119034194-X1/FIREFOX.EXE.html

2) Prevx interface needs serious work. Really. Please do that. Me wants more shiny.

{QUOTE-> 2) Prevx interface needs serious work. Really. Please do that. Me wants more shiny. <-QUOTE}
Any suggestions are more than welcome. Are your problems with the actual usability of the GUI, or you would just prefer it to be more "glossy"?

Joe's always badgering me for a shinier GUI, so I MIGHT take your feedback on board ;)

{QUOTE-> Ow and is this a real threat or fp? http://www.prevx.com/filenames/X463470545119034194-X1/FIREFOX.EXE.html <-QUOTE}
That is real and a nasty one. Besides downloading it's 'buddies', it reads your OS key, email adresses and passwords and other personal data and sends them out.

Panagiotis

plz review/fix those:
http://www.prevx.com/filenames/X1220429107452997371-X1/VISCOM3GPENC.DLL.html
http://www.prevx.com/filenames/X762841558059792689-X1/VISCOMAMRENC%2EDLL.html
http://www.prevx.com/filenames/290369346457699271-X1/VISCOMDATA1%2EDLL.html
http://www.prevx.com/filenames/289117751750034375-X1/VISCOMDATA3%2EDLL.html
http://www.prevx.com/filenames/X126841389193799056-X1/VISCOMFLVENC%2EDLL.html
http://www.prevx.com/filenames/X245943522974632249-X1/VISCOMM4AENC%2EDLL.html

I've yet to see Prevx,or any other anti-malware vender release something on the lines of:-
"look at all these things we missed that other vendors caught"
Every company is in the business of making their product seem better than the competition,so if Prevx can find things that they catch and others miss of course they are going to brag,just like they are going to keep quiet about the things their software misses that others catch

{QUOTE-> plz review/fix those: <-QUOTE}Wouldn't it be a better idea for those users who know of or see files which they believe to be FPs to report them directly to PrevX rather than on this forum? That way communication can be done between the two of you with regards to resolving any issues concerning these files.

they get fixed faster by posting here :)

{QUOTE-> they get fixed faster by posting here :) <-QUOTE}
It shouldn't have to be this way. If they can check here, they can check their email inbox surely. If they can't, and this is indeed the best way for them, it says a lot about the level of communication possible. :/

{QUOTE-> It shouldn't have to be this way. If they can check here, they can check their email inbox surely. <-QUOTE}

Indeed - or via PM, or email to me directly they will all be fixed equally as fast (and will reduce clutter to the forum :))

(And FWIW - I've fixed these, the ones which we had FPs on were components from a version > 2 years old, and we detected a few which had been infected with Nsag)

Not a false positive but I love this one
http://www.prevx.com/filenames/X712162694334927910-X1/PREVX_3.0_KEY.EXE.html
;D ;D ;D ;D

Panagiotis

{QUOTE-> Not a false positive but I love this one
http://www.prevx.com/filenames/X712162694334927910-X1/PREVX_3.0_KEY.EXE.html
;D ;D ;D ;D

Panagiotis <-QUOTE}

It's impressive that they are able to not only provide a key for Prevx 3.0, but also for "MICROSOFT_OFFICE_2007_2007_3_SERIAL[n].EXE" in the same exe ::) ;D

{QUOTE-> It's impressive that they are able to not only provide a key for Prevx 3.0, but also for "MICROSOFT_OFFICE_2007_2007_3_SERIAL[n].EXE" in the same exe ::) ;D <-QUOTE}
See what you do with your chart?
People download PrevX and then get infected by trying to find a keygen. :D :P

Panagiotis

Attention Prevx

Whilst comments are been made about the look, can you please make the GUI a lot larger, or expandable, and SOON ! It's far too small as it is, and when i did my 5 Apps test, now 6 with late addition Prevx, it was a nightmare trying to scroll down the list of malware to make a screeny. In the end i gave up as it would have taken too much time copy/pasting numerous shots together. In the end i used data from the log and posted that.

Thanx for listening.

{QUOTE-> Attention Prevx

Whilst comments are been made about the look, can you please make the GUI a lot larger, or expandable, and SOON ! It's far too small as it is, and when i did my 5 Apps test, now 6 with late addition Prevx, it was a nightmare trying to scroll down the list of malware to make a screeny. In the end i gave up as it would have taken too much time copy/pasting numerous shots together. In the end i used data from the log and posted that.

Thanx for listening. <-QUOTE}

Afraid that's one for Joe to answer, and how likely that a larger / expandable GUI would be to break our 1MB filesize limit ;)

{QUOTE-> Any suggestions are more than welcome. Are your problems with the actual usability of the GUI, or you would just prefer it to be more "glossy"?

Joe's always badgering me for a shinier GUI, so I MIGHT take your feedback on board ;) <-QUOTE}
Shinier? More glossy? Man, it's pretty good just the way it is! Imagine leaving something alone. Heck of a concept! :thumb:

{QUOTE-> it was a nightmare trying to scroll down the list of malware to make a screeny. In the end I gave up as it would have taken too much time copy/pasting numerous shots together. <-QUOTE}
StevieO, FYI – the SnagIt (http://www.techsmith.com/screen-capture.asp) “snapshot” utility may be of interest, since the tool is able to automatically scroll a window (horizontally or vertically) and capture its contents as an image.

{QUOTE-> Man, it's pretty good just the way it is! Imagine leaving something alone. Heck of a concept! :thumb: <-QUOTE}
Agree! I like the GUI and never had any problems with it. Looks pretty nice :)

Regards,
Nightwatch

{QUOTE-> Agree! I like the GUI and never had any problems with it. Looks pretty nice <-QUOTE}I like it, too.

However, I'm actually starting to understand how to use Prevx, & that worries me. After all -- security apps that are understandable can't be all that good, right? :blink:

Pleonasm

"the tool is able to automatically scroll a window (horizontally or vertically) and capture its contents as an image"

I never knew you could do that ! I wish i'd been aware of Snagit's abilities ages ago, would have saved me a lot of time on numerous occassions over the years lol. Anyway better late than never hey.

I have both XnView and FastStone, and just tried to do it with those. I couldn't find a way, maybe there isn't ?

Thanx a bunch for the tip and link.

This App is a keeper, here's something i knocked up in seconds, not minutes as before, using it.

{QUOTE-> I have both XnView and FastStone, and just tried to do it with those. I couldn't find a way, maybe there isn't ? <-QUOTE}
FastStone has "Capture Scrolling Window" capability. Depending on version (which might mean this won't work), try Ctrl+Alt+PrtSc. :)

{QUOTE-> After all -- security apps that are understandable can't be all that good, right? :blink: <-QUOTE}
Exactly why I am impressed with GeSWall Pro... so difficult to understand!! 8)

Page42

Just tried your suggestion on FS v 3.8, no joy !

Thanx anyway for posting.

I'll PM you so as to not take up further OT space. ;)

Good idea, just replied.

Thanx

how about putting on chart all legal files you removed from systems which other AVs not removed...
seriously, how much FPs you guys need to fix (remove from detection) daily?

{QUOTE-> how about putting on chart all legal files you removed from systems which other AVs not removed...
seriously, how much FPs you guys need to fix (remove from detection) daily? <-QUOTE}

Barely any compared to how much they are detecting?

{QUOTE-> seriously, how much FPs you guys need to fix (remove from detection) daily? <-QUOTE}
Funkydude, I have asked (on several occasions) for PrevxHelp to share this information with the forum community, but to-date it has not been forthcoming. I have to believe that someone inside of Prevx has her or his finger on the pulse of false positive activity, and could easily share the proportion of all “positives” (i.e., malware detections) that are “false” (i.e., incorrectly classified as malware) over a specified time period.

In the spirit of being “fair & balanced,” PrevxHelp has previously stated that the company’s resources are quite limited at the moment. Nonetheless, it certainly seems that the FP issue is of importance to many in this forum community and is thus worthy of attention, in my opinion.

{QUOTE-> You can use both and they work seamlessly. :) <-QUOTE}
Thanks.
I might give it a try later ;)

{QUOTE-> Funkydude, I have asked (on several occasions) for PrevxHelp to share this information with the forum community, but to-date it has not been forthcoming. I have to believe that someone inside of Prevx has her or his finger on the pulse of false positive activity, and could easily share the proportion of all “positives” (i.e., malware detections) that are “false” (i.e., incorrectly classified as malware) over a specified time period.

In the spirit of being “fair & balanced,” PrevxHelp has previously stated that the company’s resources are quite limited at the moment. Nonetheless, it certainly seems that the FP issue is of importance to many in this forum community and is thus worthy of attention, in my opinion. <-QUOTE}
Pleonasm, do you realize that you are essentially spoiled rotten by the transparency that already exists with regard to Prevx, and by the degree and detail of responses that you get from a company representative? I don't think you do. Try your endless probing and questioning and suggesting with any other vendor.... PLEASE, I implore you.... try it with anyone else (a few of us around here could use the respite) and see if you get anywhere close to the attention you have received in this forum from these Prevx reps. Other vendors, if they don't ignore you outright, will tell you that the information you are requesting is proprietary. It is amazing to me that PrevxHelp has coddled you to the extent that he has.

{QUOTE-> Pleonasm, do you realize that you are essentially spoiled rotten by the transparency that already exists with regard to Prevx, and by the degree and detail of responses that you get from a company representative? I don't think you do. Try your endless probing and questioning and suggesting with any other vendor.... PLEASE, I implore you.... try it with anyone else (a few of us around here could use the respite) and see if you get anywhere close to the attention you have received in this forum from these Prevx reps. Other vendors, if they don't ignore you outright, will tell you that the information you are requesting is proprietary. It is amazing to me that PrevxHelp has coddled you to the extent that he has. <-QUOTE}

You are on the right page, Page42! ;D

TH ;)

{QUOTE-> As far as I'm concerned, you can tell hundreds of people to buy whatever you fancy. You are just doing exactly what has been debated in this thread:talking hot air. Any claim which is not confirmed by an independent party remains suspicious. Besides, as I mentioned it could turn out to be productive for PREVX, but certainly unethical. <-QUOTE}

I don't come here to have ~Snip~ contest with any one. I come here to learn from experts who use the product and learn from their experiences. From what I have come across is 50 % of posters are not even using Prevx.... but they have all these :wacko: questions.

UNETHICAL!... What's so unethical about what Prevx is saying! Every other security company is doing the same thing!

{QUOTE-> I don't come here to have pissing contest with any one. I come here to learn from experts who use the product and learn from their experiences. From what I have come across is 50 % of posters are not even using Prevx.... but they have all these :wacko: questions.

UNETHICAL!... What's so unethical about what Prevx is saying! Every other security company is doing the same thing! <-QUOTE}


Yes If I wanted a program that told me my legit software was a virus I would use it. But sense I really want virus caught instead Ill use a something else.


Placabo AV anyone ;D

{QUOTE->
UNETHICAL!... What's so unethical about what Prevx is saying! Every other security company is doing the same thing! <-QUOTE}
Let's see an example: PREVX and AVIRA home pages. 90% of what is written is about how others fail, they don't even bother to explain what or how PREVX works. As I have already mentioned if it works for them commercially, good luck to PREVX, I personally think it is unethical.

"More than security. For more than 20 years."
More than security? What's that mean? It's a toaster oven too? ;D

"The new Avira Premium Security Suite
Cause viruses sleepless nights!"

Now there's a bit of nonsensical imagery... viruses tossing and turning. ::)

So what's your point? Avira makes claims that are impossible to understand?

:thumbd:

{QUOTE-> "More than security. For more than 20 years."
More than security? What's that mean? It's a toaster oven too? ;D

"The new Avira Premium Security Suite
Cause viruses sleepless nights!"

Now there's a bit of nonsensical imagery... viruses tossing and turning. ::)

So what's your point? Avira makes claims that are impossible to understand?

:thumbd: <-QUOTE}
Come on man! You are changing the context of the thread. We are talking about naming competitors as failures. We are not talking about semantics of home pages and what AVs companies claim in terms of percentages. It was a big mistake for me to get involved in this thread which after all will benefit PREVX.

{QUOTE-> Come on man! You are changing the context of the thread. <-QUOTE}
Okay, I accept that. But it wasn't until you put Avira's home page up that I saw how ridiculous some of their claims are. Maybe Avira and Prevx should not be judged too critically for what their home pages say. I mean, viruses having sleepless nights and a program that is more than security? Maybe some of the participants on this thread should focus on the job Prevx does with malware and less on how it represents itself. For those of us who have no problem with the statistics that Prevx displays, and no problem with their method of calling other vendors on the carpet, it sure gets old listening to the whining. :)

{QUOTE-> "More than security. For more than 20 years."
More than security? What's that mean? It's a toaster oven too? ;D

"The new Avira Premium Security Suite
Cause viruses sleepless nights!"

Now there's a bit of nonsensical imagery... viruses tossing and turning. ::)

So what's your point? Avira makes claims that are impossible to understand?

:thumbd: <-QUOTE}
IMHO there's a difference between marketing claims (which are practically unavoidable) and directly attacking competitors, especially using internal statistics (ie Prevx and Emsisoft).

{QUOTE-> Sure thing Page42 and good points.

Prevx for me has never found any genuine malware, but has found several false positives (so I am glad I have never paid for Prevx...paying for it would mean I would have lost valuable money, and also could have meant that I'd remove files that were completely safe and necessary...the "rogue-ware" nature of the Prevx trial actually comes in handy haha).

This is, of course, my own personal experiences, and I'm sure many others have had the same experience, and many others still have had more positive experiences, like you, Page42.

Personally, when I try programs and find they don't do their job properly (from my experiences), I get rid of them. The most recent program/component I got rid of permanently was Comodo's Antivirus, as it was giving out far too many false positives. I've tried giving Prevx a shot, and it's not done any good for me.

Prevx can advertise all they want and how they want to (as long as it meets legal requirements). In the end though, personal experience is the most important aspect of all. <-QUOTE}
You look like you have a pretty good security set up. And you obviously put a lot of thought into what goes onto your machine and what comes off. I agree with you 100% about personal experience being most important.

One difference between you and me is that when you installed Prevx and it found nothing, you sounded disappointed. I was glad. And where you said, "I am glad I have never paid for Prevx...paying for it would mean I would have lost valuable money", I decided to pay for it and look to the future and what Prevx would do to keep crap off of my system for years to come, as part of my overall security.

I wish you well with your security programs. :thumb:

{QUOTE-> IMHO there's a difference between marketing claims (which are practically unavoidable) and directly attacking competitors, especially using internal statistics (ie Prevx and Emsisoft). <-QUOTE}
Hi Someone, see this post (http://www.wilderssecurity.com/showpost.php?p=1479147&postcount=141), and kindly give us your thoughts on that. I'd like to hear your response. :)

{QUOTE-> Okay, I accept that. But it wasn't until you put Avira's home page up that I saw how ridiculous some of their claims are. Maybe Avira and Prevx should not be judged too critically for what their home pages say. I mean, viruses having sleepless nights and a program that is more than security? Maybe some of the participants on this thread should focus on the job Prevx does with malware and less on how it represents itself. For those of us who have no problem with the statistics that Prevx displays, and no problem with their method of calling other vendors on the carpet, it sure gets old listening to the whining. :) <-QUOTE}

It is amazing how people will circumvent the issues at hand, with off topic issues in order to have the upper hand in a discussion. The point, Page42, is that Avira doesn't mention anywhere a single competitor whereas PREVX's homepage is a mantra of repetitions of how bad the others are:
{QUOTE-> "Current security products are failing" "Popular security products are missing thousands of infections" "...and to protect where others are failing" "Threats missed by other security vendors" "...by security products by the following vendors" "Latest threats bypassing other security vendors" "...found on PCs that other products completely missed" <-QUOTE}
Seven times the words security, failing, popular,others,missed,vendors, bypassing have been used in different combinations. This is outright brainwashing which isn't just unethical but dishonest.

{QUOTE-> Seven times the words security, failing, popular,others,missed,vendors, bypassing have been used in different combinations. This is outright brainwashing which isn't just unethical but dishonest. <-QUOTE}
Hi Osaban, see this post (http://www.wilderssecurity.com/showpost.php?p=1479147&postcount=141), and kindly give us your thoughts on that. I'd like to hear your response. :)

And btw, I'm not circumventing the issues at hand. I said quite clearly to you, "For those of us who have no problem with the statistics that Prevx displays, and no problem with their method of calling other vendors on the carpet, it sure gets old listening to the whining."

{QUOTE-> Sure thing Page42 and good points.

Prevx for me has never found any genuine malware, but has found several false positives (so I am glad I have never paid for Prevx...paying for it would mean I would have lost valuable money, and also could have meant that I'd remove files that were completely safe and necessary...the "rogue-ware" nature of the Prevx trial actually comes in handy haha). <-QUOTE}

We would have immediately given you a refund if this were the case :)

{QUOTE-> Personally, when I try programs and find they don't do their job properly (from my experiences), I get rid of them. The most recent program/component I got rid of permanently was Comodo's Antivirus, as it was giving out far too many false positives. I've tried giving Prevx a shot, and it's not done any good for me. <-QUOTE}

I suspect that, like many of the users here with other FP issues, you tend to be a more techie user which is why Comodo and Prevx both have caused you FP issues. Users 4-5 standard deviations above the mean population tend to run into far more problems than the average user - the other 99+% are sitting happily with either no detections or with detections of real malware.

As I've said many times before, we find/fix 5-10 FPs per day in the customer support inbox and the handful which come here. We don't need someone managing these statistics on a daily basis because the volume is very low :)

One thing I don't understand with the complaints in the last few posts is that people are saying that it is OK for a vendor to make claims and then not back them up with hard fact but it isn't OK to support our claims? :-\

In that case, I am the sexiest man alive. :gack:

{QUOTE-> Hi Osaban, see this post (http://www.wilderssecurity.com/showpost.php?p=1479147&postcount=141), and kindly give us your thoughts on that. I'd like to hear your response. :)
[/I] <-QUOTE}
{QUOTE-> Prevx names the vendors and Prevx names the threats. I'm thinking, if Prevx is wrong, then they could be taken to task by any or all the vendors who feel wronged. Is avast! or Symantec or Kaspersky or AVG or any of the others protesting? Has Prevx offered to supply info to any of the vendors who contact them?

--> Let me supply you with that answer...

Q. (from 1000db) "does Prevx notify the other AV/AM companies to let them know what they missed?"
A. (from PrevxHelp) "We do if they request information about the samples." <-QUOTE}

First, I think that PREVX is taking advantage of the fact that being constantly connected to the host computer they can analyse data that can be used against their competitors (here at Wilders there are members screaming only at the thought of their application phoning home once). Which means nobody can check at PREVX's own performance.

Secondly, we all know that no matter what application we use there can be hundreds of variables that can make such an application useless most of the time a distracted (see obtuse) user, installing an AV in an already infected computer, failing to update or configure properly etc.

Thirdly, how can you possibly start legal action with arbitrary data? Data taken from computers that cannot be identified for privacy reasons. I also think that from the big players point of view, there's no need to worry as home pages making outlandish claims are more than abundant on the internet.

I have followed a lot of posts from the likes of Eraser, PrevxHelp, and I think they are honest and talented people. I don't want to sound disrespectful towards them as I truly believe their application is improving all the time and in the near future their system will probably be adopted by others (McAfee is already using something similar).

{QUOTE-> First, I think that PREVX is taking advantage of the fact that being constantly connected to the host computer they can analyse data that can be used against their competitors (here at Wilders there are members screaming only at the thought of their application phoning home once). Which means nobody can check at PREVX's own performance. <-QUOTE}
Of course they are taking advantage of this constant connection to the host computer. And why shouldn't they? Is this not the very advantage that Prevx users benefit from? Would you suggest that Prevx somehow handicap itself because you don't think such an industry advantage is fair?

{QUOTE-> Secondly, we all know that no matter what application we use there can be hundreds of variables that can make such an application useless most of the time a distracted (see obtuse) user, installing an AV in an already infected computer, failing to update or configure properly etc. <-QUOTE}
And what does this have to do with Prevx being willing to supply companies with samples of threats that Prevx says they missed?

{QUOTE-> Thirdly, how can you possibly start legal action with arbitrary data? Data taken from computers that cannot be identified for privacy reasons. I also think that from the big players point of view, there's no need to worry as home pages making outlandish claims are more than abundant on the internet. <-QUOTE}
What if from the big players point of view, Prevx is right in their claims? What if the big players agree that they are missing threats that others are finding? Almost all security professionals seem to agree that the malware authors are outpacing the security industry.

{QUOTE-> I have followed a lot of posts from the likes of Eraser, PrevxHelp, and I think they are honest and talented people. I don't want to sound disrespectful towards them as I truly believe their application is improving all the time and in the near future their system will probably be adopted by others (McAfee is already using something similar). <-QUOTE}
That's encoraging to hear you say that.

But the essential part of the post that I asked you to respond to has still not been responded to. What I would like to know from you is, if Prevx is so out of line in their figures and their claims, why would they be willing to provide companies with information on the threats that they missed?

One thing the statistics have highlighted for me is that if PrevX is catching legitimate malware - leaving FPs out of the equation - on users' systems that some AVs have apparently missed, it says a lot about the internet habits of those users. I know mainstream websites can fall prey to exploits et al., but if you ignore that aspect for a moment, it's quite an eye opener if so many people are getting infected in this manner.

A number of people, myself included, have said they've used PrevX to scan their system to find nothing detected even after running a scan with their AV of choice, which also finds no malware. Of course, it doesn't mean they'll never get an alert in the future, but it clearly shows a difference in computer usage patterns.

The subject of educating users has been brought up before on Wilders, and I think most agree it's no easy task. This is possibly another area PrevX could tackle to inform users how best to try keep malware off their systems as much as possible, and make more of this than the vendor v. vendor approach we're seeing.

{QUOTE-> Of course they are taking advantage of this constant connection to the host computer. And why shouldn't they? Is this not the very advantage that Prevx users benefit from? Would you suggest that Prevx somehow handicap itself because you don't think such an industry advantage is fair?


And what does this have to do with Prevx being willing to supply companies with samples of threats that Prevx says they missed?


What if from the big players point of view, Prevx is right in their claims? What if the big players agree that they are missing threats that others are finding? Almost all security professionals seem to agree that the malware authors are outpacing the security industry.


That's encoraging to hear you say that.

But the essential part of the post that I asked you to respond to has still not been responded to. What I would like to know from you is, if Prevx is so out of line in their figures and their claims, why would they be willing to provide companies with information on the threats that they missed? <-QUOTE}

{QUOTE-> Of course they are taking advantage of this constant connection to the host computer. And why shouldn't they? Is this not the very advantage that Prevx users benefit from? Would you suggest that Prevx somehow handicap itself because you don't think such an industry advantage is fair? <-QUOTE}
Advantage to analyse files for malware, or advantage to gather information which can be used against their competitors? I don't know who is really handicapped here.

{QUOTE-> And what does this have to do with Prevx being willing to supply companies with samples of threats that Prevx says they missed? <-QUOTE}

Do I have to take your word or theirs?

{QUOTE-> What if from the big players point of view, Prevx is right in their claims? What if the big players agree that they are missing threats that others are finding? Almost all security professionals seem to agree that the malware authors are outpacing the security industry. <-QUOTE}

I think you are a bit naive (if, if, if,).

{QUOTE-> That's encoraging to hear you say that. <-QUOTE}

The thread topic is about "prevx home page claims other AV's missed malware"
This isn't a personal attack at PREVX, but whoever from them who had the idea to have this kind of tactic (they really don't need such an aggressive approach). I have scanned my system with PREVX and it found no malware and no FPs. The French would say "Chapeau to PREVX".

{QUOTE-> But the essential part of the post that I asked you to respond to has still not been responded to. What I would like to know from you is, if Prevx is so out of line in their figures and their claims, why would they be willing to provide companies with information on the threats that they missed? <-QUOTE}

Nobody is saying they are out of line in their figures and their claims, I'm saying it's their word against the establishment. Can't you see that there is huge conflict of interest? Willing to provide... The good samaritan... You say it , they say it, therefore I should believe it.

Look, let me reiterate that nobody is questioning PREVX performance, the whole thread was about tactics and strategies, and I think by now we all know what our opinions on the matter are.

{QUOTE->
Do I have to take your word or theirs? <-QUOTE}

Both of ours :)

{QUOTE-> if Prevx is so out of line in their figures and their claims, why would they be willing to provide companies with information on the threats that they missed? <-QUOTE}

Good point...:)

Marketing PrevX detecting samples that others miss, is a complete non-issue, the others find malware that PrevX misses to. It is true, but NOT an unique quality of PrevX. Here are a few examples of how stupid PrevX's claim is:

Toyota advertising : "Our cars have wheels"

Nike: "With our shoes you can run"

American Airlines: "Our planes fly"

London Symphony Orchestra "We produce a sound"

Kruger Park: "We have animals you can watch"

Australian Open "We have tennis play grounds"

Texaco: "Our Fuel is grade 95"

Nikon "Our cameras make pictures"

LG: "Our TVs display colour"

Etc.

no, no, their (prevx) claim is very similar to:
Yugo (http://en.wikipedia.org/wiki/Yugo): our car have better wheels than: Ferrari, Porsche etc. ... ::)

{QUOTE-> Yugo: our car have better wheels than: Ferrari, Porsche etc. ... ::) <-QUOTE}I hope this turns into a thread about automobiles. I looove the smell of exhaust fumes in the morning. *puppy*

{QUOTE-> Let's see an example: PREVX and AVIRA home pages. 90% of what is written is about how others fail, they don't even bother to explain what or how PREVX works. As I have already mentioned if it works for them commercially, good luck to PREVX, I personally think it is unethical. <-QUOTE}
I wholeheartedly agree. link (http://www.wilderssecurity.com/showpost.php?p=1447911&postcount=161)

{QUOTE-> Hi Someone, see this post (http://www.wilderssecurity.com/showpost.php?p=1479147&postcount=141), and kindly give us your thoughts on that. I'd like to hear your response. :) <-QUOTE}
Of course Prevx will detect some threats which other vendors miss, but other vendors will also detect threats that Prevx miss. But with Prevx's charts it seems to imply that Prevx detects all malware that AV's detect plus more, which isn't true.

{QUOTE-> no, no, their (prevx) claim is very similar to:
Yugo (http://en.wikipedia.org/wiki/Yugo): our car have better wheels than: Ferrari, Porsche etc. ... ::) <-QUOTE}
What's wrong with my car? >:( ;)
(No kidding, I drive one weekly. Superb car :thumb: )

Your statement is actually not weird at all, they Yugo car has way better wheels for the roads around here then a Ferrari or a Porsche. My guess is that in a Ferrari you can drive 50 meters before you get stuck in a hole and break your carbon under plate... In this perspective, everything is relative.

{QUOTE-> Thanks.
I might give it a try later ;) <-QUOTE}

I am using them on a Gateway FX laptop running Vista 64-bit Home Edition. I don't ever notice them on my machine. However, I am not running Webguard on Avira which speeds up web page loading slightly.

The theory is that if one misses something, the other should catch it. I am a high risk surfer and never, ever had malware get by them.

{QUOTE-> ...imply that Prevx detects all malware that AV's detect plus more, which isn't true. <-QUOTE}You are omniscient? :dry:

{QUOTE-> But with Prevx's charts it seems to imply that Prevx detects all malware that AV's detect plus more, which isn't true. <-QUOTE}
Actually, Prevx charts aren't implying anything. They are stating how many infections they found that the others missed, and then they identify the infections. I fail to see the implication you refer to. I see statements.

{QUOTE-> Actually, Prevx charts aren't implying anything. They are stating how many infections they found that the others missed, and then they identify the infections. I fail to see the implication you refer to. I see statements. <-QUOTE}

Second that. Seems to me that these bashers of Prevx statistics make the assumption that most people visiting the site are scientifically illiterate. At least that is the only way I can see the statistics leading anyone astray in the way pictured in these threads.

{QUOTE-> Seems to me that these bashers of Prevx statistics make the assumption that most people visiting the site are scientifically illiterate. <-QUOTE}
And it is the bashers' job to protect the scientifically illiterate from themselves... and from Prevx. ;)

I guess the problem still escapes me. When I read the charts, they tell me that Prevx still has a lot of value added, even if one is already using a good antivirus. No comment on whether one should throw out the existing AV. I wouldn't, but am not always online anyway. Seems much more reasonable than claiming 100% effectiveness by having a user manually look at the popups from a HIPS-actually the third line of defense sequentially, behind the firewall and AV-and not make any mistakes. Of course, being alerted to the fact that all of the popups are due to malware does help, as in Matt's reviews. Kind of like making sure all of the malware has previously been submitted to the vendor before an anti-malware test is run.