AV-Comparatives Real-World Test April 2015

http://www.av-comparatives.org/dynamic-tests/

http://www.av-comparatives.org/wp-content/uploads/2015/05/avc_factsheet2015_04.pdf

 

I cannot acces the website ? i have a white screen with these words :

Your access to this site has been limited
Your access to this service has been temporarily limited. Please try again in a few minutes. (HTTP response code 503)

Reason: Exceeded the maximum number of 404 requests per minute for a known security vulnerability.

Important note for site admins: If you are the administrator of this website note that your access has been limited because you broke one of the Wordfence firewall rules. The reason you access was limited is: "Exceeded the maximum number of 404 requests per minute for a known security vulnerability.".

If this is a false positive, meaning that your access to your own site has been limited incorrectly, then you will need to regain access to your site, go to the Wordfence "options" page, go to the section for Firewall Rules and disable the rule that caused you to be blocked. For example, if you were blocked because it was detected that you are a fake Google crawler, then disable the rule that blocks fake google crawlers. Or if you were blocked because you were accessing your site too quickly, then increase the number of accesses allowed per minute.

If you're still having trouble, then simply disable the Wordfence firewall and you will still benefit from the other security features that Wordfence provides.

If you are a site administrator and have been accidentally locked out, please enter your email in the box below and click "Send". If the email address you enter belongs to a known site administrator or someone set to receive Wordfence alerts, we will send you an email to help you regain access.
--------------------------------------
I do have acces to the pdf-file
Anyone from av-c that can explain this ?

 

Hi, the hoster does still not support IPv6. Could you please try to deactivate IPv6 on your system and try again?
http://www.informationweek.com/how-to-disable-ipv6-on-windows-7-/d/d-id/1099490?
Sorry for the inconvenience.

 

Panda Free outperformed almost all the paid products.

 

Usual players on top, a lot of FPs from Trend Micro.

... and no Quihoo ...

 

Hi,
Okay when IPv6 is disabled i have acces thx

 

But tencent is still there ?

Again good results Avira, Bitdefender ..

 

Thanks c2d for posting.

 

Winners for April were Avira, Bitdefender, and Panda

Winners for most FPs were Trend and F-Secure

 

Avira is doing extremely well lately

 

The false positive numbers look a little different this time. Only ESET had no false positives and several others had one. Usually, it seems like there are a handful with zero. Having said that, I don't know if those numbers mean anything significant. I really don't put much weight on the false positive numbers. I think I have only had one or two false positives in the past 15 years with all the different products I have tried. The detection/blocking numbers are more meaningful to me.

 

as i always said i saw lots of fp's from trend. one of the reasons i dont use it. someone always said to me i was crazy but this is more like what i saw when i ran it. we are starting to see a number of 100% scores. makes me wonder are the av's getting that good or do the tests need to be harder...

 

Good Evening! Many Thanks for the update c2d! Sincerely...Securon

 

Results are pretty much similar to the ones in the March fact-sheet.

http://www.av-comparatives.org/wp-content/uploads/2015/04/avc_factsheet2015_03.pdf

A few quick observations based on comparing the 2:

1. Avira, BD and Panda remained consistent with high protection rates, only having increased by 1 FP each.
2. Eset remained with 0 FP.
3. F-Secure and Trend Micro still has high FP rates.
4. BullGuard and Quick Heal are still heavily user dependent.
5. Emsisoft has increased in user dependence and FP rate.

 

http://chart.av-comparatives.org/chart1.php?chart=chart2&year=2015&month=4&sort=1&zoom=3

 

anon's enclosed linked chart above appears to be listing the vendors in a ranking order of performance ("Duh"... never mind). In which case, Emsisoft sure is taking a beating on the "user dependent" factor. Five vendors showing red, an outright system "compromised," listed in order of detection performance over and above Emsisoft? Never mind F-Secure with 33 false positives listed as shown superior to EAM. Apparently I missed the "listed in no particular order" shticker.

 

Is Panda tested with the URL blocking toolbar or without it?

 

with it

 

Previous fiascos addressing default issues aside, it's a safe assumption that the default settings were used unless otherwise requested by the vendor and explicitly published accordingly by AV-Comparatives.

Edit: As I was typing this out, IBK quicker on the uptake than I was to reply. All things considered...

 

Impressive, indeed.

 

Fully agree with you, it seems that Emsisoft is being punished for leaving some minor aspects of its behavior blocker in the hands of the user.
In normal usage, the behavior blocker will almost all the time whitelist good software and block or recommend to quarantine bad/suspicious files.

http://www.emsisoft.com/tl_files/images/screens/eam/en/alert_pup.png

It isnt fair this "penality" and I almost sure that the false positives came from the Surf Protection.

Emsisoft Surf Protection doesnt slowdown or make browser vulnerable to FREAK and similar attacks, I can totally live with occasional domain false positives.

In my opinion AV Comparatives really needs to adress this situation, because it simple doesnt reflect reality.


https://blog.hboeck.de/archives/869...irus-software-lowers-your-HTTPS-security.html

 

They are. We discussed this with AV-C already. Bottom line is, we block based on domain names and IP addresses. We are aware that this approach is a bit coarse, but it is the only approach, that:

• Maintains the user's privacy as it does not snoop around in user traffic.
• Does work with encrypted connections without breaking the encryption or removing any of the security guarantees provided by the connection.
• Works across all browsers.

In the past AV-C accepted domain and IP based blocks on non-malicious URLs, if the AV was able to proof that the same server/domain was hosting malicious files as well. Unfortunately some vendors tried to gamble that system so they stopped accepting these types of disputes.

Personally I completely get their reasoning and if I was put into that position, I would have likely done the same. Still kind of sucks for us though.

 

We all know that Emsi kicks ~ Snipped as per TOS ~ too....no matter how they test.

 

False positives have caused me more problems than malware over the years. I just uninstaled NS because it was deleting a file I was trying to download. No warning, no choice, nothing. It was just not there. I thought they were past that. Anyway, when a product delets a system file and makes your machine unbootable, that's when you appreciate a lack of false positives.

 

It is good to see Avast moving up towards the top again.