A personal opinion : AV rankings in order of net pop.

If the both are true, then we have a bit different point of view to that RANDOM samples.

Random picked samples consists in my mind mainly already known samples supplemented with the newest samples (or the rebased and repacked one's). This kind of zoo collection represents in my mind "the universe of nasties" in a miniature example.

Best regards,
Firefighter!

 

Hey, how about assigning weightages to different categories of performance of an AV?
I mean resource usage, percentage detection of malware (on a per category basis) by both on demand and on access components?
you think we need a new thread for that discussion? or should we assign such weightages ourselves and apply them to previous studies like virus.gr and av-comparatives.org on this thread only?

 

Yes, I have wondered the same thing.

 

Licensing regime. KAV engine is tremendously popular (they've contributed).

 

RejZoR, do you know the statistics for Nod32 ? Could you please past it here (or in a private message if you find it more convenient) ? Based on my observations, of jotti's website I'd say that they are probably pretty good, but I'd like to have the figures.

Another question : does Jotti make statistics on which scanners picked these "pieces of malware no vendor used knew about at the time of uploading" ? Do you have access to it ?

 

NOD32
40.67% / 53.55%*

After latest heuristics engine update few days ago,the heuristic score jumped by 3-4%.

This score may not represent the real detection rate,so take it with good dose of reserve The same applies to all other antiviruses at Jotti.

 

Is that the reason why I had with NOD and Advanced Heuristics only (so without signatures) a bit confusing scanning results in here post 104?

https://www.wilderssecurity.com/showthread.php?t=14186&page=5

I thought that the scanning engine 2.12.3 was the same during these both tests.

Best regards,
Firefighter!

 

err... I know I'm the "Resident Nutcase", but I thought that this particular idea was nice. I feel sad seeing no comments.

 

Good idea! I think the hard part would be coming to a concensus as to what weight to assign to each category. As many varying opinions as there are for which AV is the best.

 

Let's make FF a temp mod for our discussions (he's completely impartial between AVs AFAICT) and he's one of the "premier" AV testers.

 

Can someone answer to my last question, Please? That's really irritating me without an answer.

Best regards,
Firefighter!

 

Firefighter,i belive that 2.12.3 is just a program version number. You have many sub-versions for specific modules like Advanced Heuristics

Here is my info from NOD32:
NOD32 Antivirus System information
Virus signature database version: 1.936 (20041130)
Dated: 30. november 2004
Virus signature database build: 5017

Information on other scanner support parts
Advanced heuristics module version: 1.011 (20041126)
Advanced heuristics module build: 1067
Internet filter version: 1.002 (2004070
Internet filter build: 1013
Archive support module version: 1.024 (20041125)
Archive support module build version: 1104

Information on installed components
NOD32 For Windows NT/2000/XP/2003 - Base
Version: 2.12.3
NOD32 For Windows NT/2000/XP/2003 - Internet support
Version: 2.12.3
NOD32 for Windows NT/2000/XP/2003 - Standard component
Version: 2.12.3

Operating system information
Platform: Windows XP
Version: 5.1.2600 Service Pack 2
Version of common control components: 5.82.2900
RAM: 512 MB
Processor: AMD Athlon(tm) XP 2800+ (2254 MHz)

See the text marked with red color... thats Advanced Heuristics engine version

 

Thank you for this information. Something interesting : this score is almost similar to the one obtained by NOD at the latest av-comparatives.org test. Probably because Jotti's scanner receives a lot of very new malware. Conversely, KAV's impressive detection rate is due to their incredible reactivity when it comes to adding new samples to the signature database.

 

Thank you! I just wonder where is the limit of heuristics detecting that false positives begin to disturb the everyday use of PC?

That 37 % detecting rate against the "Common PC Protection" samples what I got with NOD Advanced Heuristics only, is already quite impressive.

Best regards,
Firefighter!

 

@FF...
What about the wightage system?
What do you think... is it possible to do it?

 

If you mean the weighting of different infection categories by multiplying those average category detecting numbers with certain priority factor in all categories separately and dividing the sum result with a weighted total sample size.

I think that it's quite hard work, because at least I haven't that data to do these weightings properly. All that I remember with DrWeb's definition category stakes was about 80 % were trojanlike nasties, 5 - 10% worms etc. But because everybody has their own needs, it's best that we check only those category detectings as an absolute detecting percents. So, everyone can make a conclusion of his own against his needs.

Best regards,
Firefighter!

 

well, i mean assigning wightages to EVERYTHING....
from detection in various categories to resource usage to "cleaning" of virii (which NAV is unable to EVER do)....
What about assigning credit based on ranks in categories like IBK, and then assigning weightages to each category?

 

I'm not so fond of fixing detecting results or those factors that are also coming to everyone's sight concerning anti-viruses. You just can't say the average priority to update procedure. If you have a fast cable or (A)DSL connection, it doesn't have a high priority, but by using a dial-up connectection, it has almost the highest priority. The same with memory consumption. I don't care less about av's memory consumption, if I have a brand new 3.2 GHz AMD what so ever PC with 1536 Megs RAM, but with a 200 MHz PC with 48 Megs RAM, it has also almost the highest priority.

As a summary, we all have so unique needs, that it is impossible to make all possible factor's of an av to any honest order, the order is always in front of each customer.

Best regards,
Firefighter!

 

~~~UPDATED ~~~ PLEASE RECHECK
Rokop.de's test translated to english (as best as I could)
here's a screenshot.

 

~~~UPDATED: PLEASE RECHECK~~~~
I can't understand properly what has been highlighted as yellow.
here's the excel file....
Just rename to .xls

 

I think that we have to change places with runtime packers and verbr. trojaner, or shall we say just common trojans.

Best regards,
Firefighter!

 

****... you're right FF....
changing...

 

S..t happens.

No problem.

Best regards,
Firefighter!

 

Forgot to add a "Thank You" to www.google.com
I don't know any german (save a couple of words that we picked up in 8th grade... )
I'd say it's a decent job at it, no?
BTW: I'm working on an updated list like the one at the start of the thread - one for AVs and one for Security software in general. I hope you will enjoy the ensuing discussions...

 

I'm not so good either in german. When I read 3 years german at school and it was at last time to the final test, my school-ma'am said to me: "Save me from misery, don't participate to this test". I answered to her: "Thank you very much, it is the most honorable gift I ever have got".

Best regards,
Firefighter!