AV-Comparatives - File Detection Test - March 2013

Discussion in 'other anti-virus software' started by SweX, Apr 10, 2013.

Thread Status:
Not open for further replies.
  1. ZeroDay

    ZeroDay Registered Member

    Joined:
    Jul 9, 2011
    Posts:
    716
    Location:
    UK
    Thanks for the advice.
     
  2. spywar

    spywar Registered Member

    Joined:
    Oct 23, 2012
    Posts:
    583
    Location:
    Paris
    Norton is one of the best to protect you against web based malware thanks to its File Reputation system. Most of the malware come from the web. Nowadays, detection rate is useless (for me ofc).
     
  3. spywar

    spywar Registered Member

    Joined:
    Oct 23, 2012
    Posts:
    583
    Location:
    Paris
    Symantec are mainly protecting their users against real widespread malware thanks to Download Insight which works very well ...
    Srsly, who really cares about detection rate ? ...
     
  4. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    So am I to assume that AV-C no longer gets paid by Symantec to be included in the tests...so AV-C includes Symantec this time anyway and they get the worst detection score of of the entire group? The conspiracy/ retaliation theorists will be going ape over this one. It would have been better for AV-C to leave Symantec out of the test.
     
  5. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    2,177
    Location:
    Canada
    Thanks acr1965 for that explanation.:) Anyway I feel safe and I am not going to change my AV because because of this.
     
  6. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    I don't feel to tell the story about AV-C and Webroot again, so I will point you over here where you will find a test including Webroot: https://www.wilderssecurity.com/showthread.php?t=344835
     
  7. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
  8. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    Last time you posted you were happy about WSA. And this date back to a quite old build. Something smell wrong here. Have you actually tested the latest version? Or this is just a retaliation post :)
     
  9. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,642
    Location:
    Sneffels volcano
    Got a hat-trick with GData, Avira and F-Secure :thumb: :thumb: :thumb:
     
  10. ZeroDay

    ZeroDay Registered Member

    Joined:
    Jul 9, 2011
    Posts:
    716
    Location:
    UK
    Does anyone know if Bitdefender IS is still buggy?
     
  11. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    838
    Location:
    Germany
    Something to keep in mind and will be also reflected in the false positive paper as soon as it is up:

    What most testers do to build these clean file tests is essentially harvest FTP servers and download portals for new files. Some of them have been doing so for decades, without ever actually removing any files that were obsolete. As a result a large percentage of those files is no longer in circulation and may not even be available publicly on the internet anymore. Most of them won't even work on modern Windows versions. Both also means that users never encounter these files in normal usage, so unless your product gets tested by someone with such clean file collection those false positives will never be found and therefore fixed. What that means is that if you enter these type of tests for the first time, you need to catch up on false positives first. Other products most likely had the same amount of false positives, but spread out over a longer period of time. So it is less obvious than a sudden spike in the first test :).

    Last but not least about the switch from IKARUS to Bitdefender: You remember the 2011 test of EAM 5.1.0.4? We had 127 false positives then. What most of you don't know is that we never received those files, so these false positives were never actually fixed. Now, 2 years later, with most likely hundreds of thousands of files more in the clean test set, we have just 34 false positives. That's a huge improvement in my book and can be directly attributed to the fact that we switched engines.
     
    Last edited: Apr 10, 2013
  12. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,205
    Location:
    USA
    From reading around over at the Kasperky forum....they have a patch currently in beta that is compatible with Firefox 19 and 20, and that corrects the problems that the latest versions of Firefox creates. Apparently it is working well and will be released soon.

    Of course, the way that Firefox has gotten silly about releasing a new version every few months, I'm sure it won't be long before they've crashed the patch and any other Kaspersky add-ons/extensions.

    Speaking of which...how can a user keep Firefox from "AUTOMATICALLY" updating from one version to the next? :doubt:
     
  13. Charyb

    Charyb Registered Member

    Joined:
    Jan 16, 2013
    Posts:
    679
    Go to options -> advanced -> then to the update tab and change the option.
    see attached.
     

    Attached Files:

  14. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,205
    Location:
    USA
    Thanks, Charyb. I hope that this works, because from reading other FF users comments, even this method doesn't seem to stop FF from auto-updating:

    https://support.mozilla.org/en-US/questions/939518



    .
     
    Last edited: Apr 10, 2013
  15. qakbot

    qakbot Registered Member

    Joined:
    Aug 25, 2010
    Posts:
    380
    Small correction.. Symantec focuses its resources on protection users from real-world attacks. Widespread or not, it doesn't really matter. Real users get infected through a browser, email attachments, USB sticks, network worms, P2P clients etc. They DON'T get infected using av-comparatives-style infection, which is a) disable product b) copy millions of samples into some random folder c) scan just using the static scanner.

    Av-Comparatives says its 'users' are asking for it.. I think its bull!!
     
  16. Charyb

    Charyb Registered Member

    Joined:
    Jan 16, 2013
    Posts:
    679
    Thanks for the explanation but...

    Bitdefender only had 9 false positives and EAM had 38. Why do these differ so much if you are using the same engine and defs? When these false positives are fixed, are they just added to a whitelist or are they removed from detection via the definitions?

    What are the chances that the in-house engine (A) and defs were what detected these?

    Would some of these be caused from being unsigned and low prevalence?

    Does EAM use a clould lookup for these files?

    Is the public able to view the list that is given to you by AVC? Just curious to see what type of false positives these are, the names , age, signed, unsigned, etc.

    So, in the next test or two, we should see the false positives drop down to more of an average rate?

    Yes, 127 down to 38 is a great improvement.

    Thanks
     
    Last edited: Apr 10, 2013
  17. Sher

    Sher Registered Member

    Joined:
    Oct 19, 2005
    Posts:
    366
    Location:
    Pakistan
    Well done to the top dogs -- for them, it was business as usual. The star of the show is, without a shadow of a doubt - Norton. :D

    And a special mention: well done -- avast! (Advanced rating is still good for a free product).

    Cheers!
     
    Last edited: Apr 10, 2013
  18. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    838
    Location:
    Germany
    9 of those 38 false positives were caused by BitDefender, 29 by our.

    Those detections have been fixed.

    None of the files were signed if I remember correctly.

    No.

    Those information are included in the FP report which has been published a few moments ago.

    Pretty much, yeah.
     
    Last edited: Apr 10, 2013
  19. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    8,251
    Location:
    The land of no identity :D
    Norton's performance can be attributed to several reasons:

    1) Using Smart Definitions by default - this setting implies a heavier reliance on Insight and SONAR. As Insight and SONAR are less effective for on-demand scans, this means Norton will naturally have a lower score.

    I advise users to switch to the full definitions set for maximum protection.

    2) Symantec is dependent on their automatic malware analysis systems. They miss some of the more complex malware, and in my experience they take a longer time to add such malware that their analysis systems fail to identify.

    There are times (actually, observed it several times) where PC Tools adds detection for files that Norton doesn't....

    3) The file reputation system flags new legitimate files with a low trust rating, often causing FPs. I have seen many FPs this way even on PC Tools products (as they use similar reputation based techniques for files downloaded from the web), but PC tools AFAIK queries a cloud server to see if a file is clean or not for such detections. I would think Norton does it too, but these test results imply otherwise.

    Does this mean Norton is bad? No, just switch to the full definitions set and you should still have good protection. Symantec will probably improve in the upcoming months as they have committed to increasing R&D on their products as part of the reorganization.
     
  20. Senhor_F

    Senhor_F Registered Member

    Joined:
    Oct 18, 2012
    Posts:
    54
    Retaliation post? No idea what you're on about...

    Keep sniffing around though, Inspector Clouseau.

    *puppy*
     
  21. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,614
    Location:
    Milan and Seoul
    You've won the trifecta!
     
  22. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,983
    Oct.2012 = Avast! 7 => Pos.8 / 98,6% => Pos.10 / ADVANCED+ (***)
    Apr.2013 = Avast! 8 => Pos.9 / 97,8% => Pos.13 / ADVANCED (**)
    Evo-Gen, Evo-Gen, Evo-Gen! :p
     
    Last edited: Apr 10, 2013
  23. nine9s

    nine9s Registered Member

    Joined:
    Feb 8, 2013
    Posts:
    310
    Location:
    USA
    AV-Comparatives might be forcing Symantec to pay for full tests.

    Background: Symantec wanted Real World tests etc. but not File Detection tests for reasons you gave above. For a few years AV-COmparatives allowed that - it tested Norton in most, if not all, other tests but not File Detection at request of Symantec. In 2012, AV-Comparatives would no longer exclude File Detection tests for Norton, so Symantec withdrew from all testing.

    Now, AV-Comparatives is only including Symantec in the File Detection test. Symantec will probably either sue AV-Comparatives not to include it in that test or if not successful or it does not choose that route, will pay to be in all tests if AV-Comparatives is showing only in the test it does not want if it does not pay.

    Seems almost like extortion.
     
    Last edited: Apr 10, 2013
  24. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,926
    lol
    :D
     
  25. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,854
    When it says Windows 7 built-in security, does it mean Windows Defender, or MSE, and then the new Windows Defender in Windows 8?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.