AV-Comparatives June (May 2007) Results (Retrospective / Proactive Tests)

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

thats not the case as the signatures are from 2nd february.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

35 percent is pretty damn good for it being so new.. especially considering it will likely be tweaked further.

Not to mention with Kaspersky's rapid signature updates and proactive defense module... 35 percent in most cases for heuristics would be more than sufficient.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

Then KAV's heuristics are better than I thought

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

It simply doesn't matter if a detection is based on "real" heuristic or variant detection. If you take a already existing malware and repack it then you are creating a new variant of already existing malware. Because the file has afterwards a completely different MD4/MD5 checksum. If you included a signature months ago and if you're able to unpack the "new" variant and detect your "old" signature in it then you also protected proactive against this new threat. That's at least as good as finding something "unknown" suspicious. Because you can tell already to which group a file belongs.

The difference is that Variant detection triggers already seen malware (for example repacked) and that heuristic is able to detect completely unknown malware were no variant must exist before something is flagged. BOTH methods belong to proactive detection.

HOWEVER, that doesn't mean that testers are "allowed" to manipulate/change malware in order to test variant detection. That's first forbidden by law in some countries (Germany, paragraph 202 StGB) EVEN IF YOU ONLY INTEND TO TEST SOFTWARE. Let alone the fact that most testers 1. damaging files because they change something stupid, 2. create completely new files without being malicious and testing such files, 3. creating a variant of a completely un-important file which will most likely not be reproduced by any malware writer.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

I think the good Inspector, already explained this to us last week.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

I wasn't criticizing AV-comparatives by saying what I did in my previous post, just for the record. I was merely stating a fact for those who were in doubt of whether this is a "pure heuristic" test or whether this is a measure of overall proactive detection. I think the Inspector understood this, but still I want to clear the record here.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

By the way, in the report it says that KAV has also PDM feature which protects proactively. Does anyone know if it actually does anything under Vista as all the options disappear there? Is it any use to install PDM under Vista anyway?

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

Those options will most likely be implemented after Vista SP1.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

The problem with Avira is two fold. It detects FP's way too often. Yes, some of those are fixed promptly. However, MOST FP's are NEVER fixed by Avira because Avira says they are not FP's. I disagree strongly with that attitude. NO AV has EVER detected all these programs I use as being malware except for Avira. None of the stuff Avira detects is malware but Avira says it won't fix these FP's. To me, for an AV to detect any Systinternals files as malware is utterly ludicrous and makes Avira look stupid. Avira detects a lot of other files of mine that are not malware. It irritates the heck out of me. I think Avira should detect real malware and stop detecting stuff that is not malware.

Even when the malware detected is fixed by Avira, I still have to stop running Avira until they fix it because when excluding in Avira it is very difficult to find all the paths. I never had problems excluding with other AV but Avira is a mess in this regard. Of course, excluding was very rare for me until I got Avira which seems to think half my programs are viruses. It is the "SPR" category of the extended risk categories that has to be turned off as Avira thinks just about everything is a virus if that is checked. Ridiculous.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

@Mele20
Sysinternals?...like autoruns?...like tcpview?...like precess explorer?
On my comp Avira and these don't have "conflicts".

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

Hi mele20,

I don't understand you : SPR are unchecked by default so you checked it voluntarily and then you complain that antivir is efficient

Just downloaded sysinternals suite and scanned it with Antivir ( high setup : high heuristics and all threat categories checked ) and Antivir found nothing and no warning

MaB

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

Might use a little caution with the word "stupid"

Even when someone appears to be a fool and is acting stupid, to call them on that should be reserved for Very Close Friends, or absolute enemies.

As for AntiVir's False Positives, I have had a total of eight detections in seventeen months with ALL settings at maximum, including SPR, four of those were False Positive and four were True Positive and the FP's were quickly corrected.

It is no-doubt preferred for AntiVir to have settings (like turn-off SPR or reduce Hueristic sensitivity) for those who want or need to run software that is considered to be a Security Private Risk. For AVIRA to 'fix' the SPR detections might mean that I could have a Security Private Risk go un-detected and where would my setting be then, to tell me about the problem.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

someone could say the same for trhe riskware catogerie in kaspersky.
it is there to identify software that could be used for the wrong perpose.
e.g. if you have ultravnc installed on your machine but you didnt install it then someone could use be using ultravnc to remote control your machine without your knowledge.
lodore

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

New test, new results and hundreds of new AV installations.......man oh man....every fanatic AV user changing his/her program again

Just try sticking to a program that feels good on your system and belongs to the 'advanced' outcome or better, it won't change all that much all of a sudden.

I'm getting all light in my head reading all these posts. But, maybe it's just me!

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

I have been running Avira off and on for a year. I very rarely had false positives. I also use Zone Alarm Security Suite but used Avira when they used the VET engine as I wasn't impressed with the detection rate. I uninstalled Avira when Zone Alarm SS started using the Kaspersky engine. A month before my Avira licence expired I disabled the ZA AV and reinstalled Avira and did a scan. It found 5 viruses/trojans missed by Kaspersky. They were found in files I downloaded from questionable sites. No AV is perfect but for now I'll stick with Avira and use Zone Alarm Pro when I renew.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

That's why I made the point earlier that if today's signatures were used, we would probably see a different picture.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

AntiVir-PE has given zero alerts for the several sysinternal apps on my computer. In fact the only app I ever had to exclude (because of an FP) was Freespell. Excluding it from AV-PE was easy & effective.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

SPR is unchecked by default NOW. But that only occured with the April 18 major changes. Before that SPR was checked by default. Less things are identified as viruses if SPR is unchecked.The Sysinternals files are not alerted on if that category is unchecked. But why have the category if one cannot use it because it alerts on stuff like pskill.exe? Avira told me that pskill.exe and ps.exe are alerted on in SOME VERSIONS of Sysinternals package but not others. I have a version from July 2006 and also the last version from before Microsoft changed the Eulas (Steve Gibson's package). I don't want the Microsoft versions at this time. Avira alerts on both of the versions I have. Avira is the ONLY AV to do this and there was considerable discussion in Sysinternals forums when Avira started doing this (before I got Avira). I read those threads and it makes Avira look ridiculous. Avira still alerts if SPR is checked which it was by default until April 18.

I don't like for an AV to be scanning for spyware anyway. It shouldn't. An AV should scan for viruses, worms and some trojans. Leave the spyware stuff to scanners like Counterspy (which now wants to be an AV and shouldn't ..it should just be a spyware scanner) or Spybot or AdAware. I don't want an all in one Suite. I hate Suites. The name is ANTIVIRUS and should concentrate on viruses not on privacy "risks". I want my antivirus to protect my computer against damage from viruses, trojans and worms. That is why I use an antivirus. I don't use one to find other possible "problems". I never get spyware. I don't need a spyware scanner. If I ever see something strange on HijackThis or my computer acts odd, THEN I will scan with a variety of antispyware scanners but I don't want my AntiVIRUS software doing this on a routine basis. Yeah, I can turn all that off but it shouldn't be there in the first place and if it is a paid AV, I don't want to pay for a firewall or antispyware scanning, etc even if I can turn it off. I really object to how bloated all the AVs are getting.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

I rarely if ever have FP's from Avira and certainly never from a systems file.
It's detection rates are the best, better than Nod's and nothing has ever gotten by it. It runs light on my machine and I love it.

This FP business has really gotten out of hand and reached the point of absurdity.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

Uh, yeah......and the continuous chest-thumping, hand-wringing, and seemingly uncontrolled anxiety over detection rates among the top products, that are only a couple of percentage points apart (at worst), hasn't?

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

i think your taking this to far.
pskill can be used for malicous perposes.
kaspersky detects pskill if you use tick the riskware box in options.
its not an fp its just warning you it could be used for the malicous perposes.
simple as that.
i know i had pskill on this pc because of the tools that BT use to help with connection problems.
both kaspersky and f-secure detected it.
they didnt do anything with it since its riskware.
end of discusson IMO.
everyone should get back on topic since my post explains that its not an fp.
the topic is AV-Comparatives June Results (Retrospective / Proactive Tests)
not avira fp riskware catogerie.
ps im trying to keep my posts on topic.
its up to mods but i think this stuff about avira riskware catogorie should have its own thread.
ive clearly explained the situation.
lodore

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

Yeah I agree detecting PSkill is not an FP,
@mele20 - SPR is not a spyware detection, it's 'security/privacy risk' and is used to detect apps that can be used by a third party to do potentially 'unwanted' things to your setup, but they are usually harmless if you've installed them purposely.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

Hi All

Mele20, I was not aware that before using Avira, SPR was checked by default but i agree with lodore and Londonbeat notifying about a SPR is a warning about a potential dangerous prog

I'm very happy to have a prog based on blacklist that is more than a pure AV but an antimalware.

Regards,

MaB

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

SPR and APPL should never ever be enabled by home users, they are only useful for tests for corporate environments. Actually, APPL was enabled by default by accident but that was changed a while ago. People don't really understand what detections with SPR/ and APPL/ mean (any detection = PANIC!) so I think the best would be to completely disable both detections in the Classic and Premium editions.

What we don't fix are false positives on cracks, keygens and cracked programs. You don't suppose we should support that type of software, don't you?

However, there, there are still some false positives, both with the heuristic and from signatures. We always try to avoid these and fix them fast, if they occur.

I think Avira would have been rated Advanced+ if the default setting (heuristic = medium) had been used for the test. There is a reason for the description text of the "high" setting mentioning an increased chance of false positives... After all, if you don't do much heuristic detection then you most likely won't have false positives, except with signatures. IMO, anything below 40% proactive detection is not even worth mentioning it. It is SO easy to achieve that level of heuristic detection. You don't even need emulation nor unpacking for it. The things start to get interesting with > 50% and if you can achieve 70% or higher with few false positives, you really put alot of hard work into the detection.

And people, just stop that silly AV switching after every test. There is no perfect product that can protect you 100%. Every security software fails sometimes. The biggest security risk sits *before* the computer.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

I cant imagine anyone being this idiotic. Good to hear from you and nice to know Aviras team is hard at work.