AV Comparatives - August 2007 report

Re: AV Comparatives is Almost Due

Wasn't Norton the only one with a big goose egg last time?

 

Re: AV Comparatives is Almost Due

I would take 10 FPs over 1 missed zero day attack. I really think some are missing the point of what it takes for a AV to move forward.

 

Re: AV Comparatives is Almost Due

IBK says it all, to the user with, "delete or quarantine a file ," if your AV is setup to do a quarantine, then a FP is really never a issue thanks to folks that will scan this stuff.

 

Re: AV Comparatives is Almost Due

I'll still take that goose egg and hope I don't lay an egg. Waiting for Netzero to put up 2008 (free with ISP) and give it a go. Peace....I'm gonna go get a shower!

 

Re: AV Comparatives is Almost Due

fp is more an issue, because all av's will miss 'that threat', all of them are far from perfect, its only arrogance that makes a user think 'my av has 99%, im safe'

if you can get your head around this, then you will realise that deleting a safe file is more of an issue.

 

Re: AV Comparatives is Almost Due

I'd rather have a false positive than a missed sample... A missed piece of malware can be the end of privacy or really give you hardships for a while... A false positive can be ignored and fixed in a matter of hours (With Kaspersky the one FP I've had with it got fixed in 4 hours).

 

Re: AV Comparatives is Almost Due

Depends on my mood

 

Re: AV Comparatives is Almost Due

It seems clear in my thread here, there are 2 perfectly valid (but different) positions on FP's. That is good! Clarifying issues is always best. I have my security policy and others have theirs!

Fortunately, with IBK's reports we can select from a number of very good AV's that meet our own needs and beliefs about FP's to a greater or less extent.

In my own case, with BD, I have the use of it's options see attached jpg:

1) MY first option is when BD hits a real virus, action 1 is disinfect and if that fails action 2 is MOVE it to quarantine.

2) MY second option when BD hits a "suspect" file/virus (this is likely our FP case) action 1 is deny access and continue processing. Action 2 if that fails MOVE it to quarantine.

If a user is really concerned about damaging FP's, he can alter the actions to COPY the files to quarantine and make other changes in BD's options to be as passive as possible in dealing with "hits" that users feel may be FP's and to dangerous to remove.

Just some thoughts, we should all manage our own PC's to reflect our own security policies not someone elses policies.

Got to go now and run a full scan! Last one found zip!

 

Re: AV Comparatives is Almost Due

why dont you upgrade to the new version? Its free.

similar setup, but quarentine is only used on suspicous files for me, same for my drweb.

 

Re: AV Comparatives is Almost Due

im curious to know why av-comparatives have stated they have tested 4.44 in their latest test.

didnt think it was released yet, to be tested in this new one.

/look IBK

 

Re: AV Comparatives is Almost Due

Interesting. TY

Are you asking me this question?

If so, I will consider ALL options after the AV data comes out and an analysis is done. Not before!

When completed I will publish my results here for all the members to see and comment on. This would be the 3rd time I have done this for Wilder's.

There is no rush! My Av is working away.

 

Re: AV Comparatives is Almost Due

Dr.Web wanted to have the 4.44 version tested and I had nothing in contrary as it was expected to be released some days later...
@C.S.J: ehm..., sorry... (don't ask)

 

Re: AV Comparatives is Almost Due

That is like saying its OK for the cops to shoot 10 innocent bystanders rather than let one felon get away.

 

Re: AV Comparatives is Almost Due

im sure they did want it tested IBK,

as it was due out at the end of july, still not here though, something must have gone wrong.

im a little more curious about the results now then, if this was the version tested

lets hope it can scrape out of that standard rating, even just...

you never know, it might do

 

Re: AV Comparatives is Almost Due

Fortunately, there is no blood involved here. We just put them in protective custody until they can be shown to be innocent!

Yes, this is not the justice system!

 

Re: AV Comparatives is Almost Due

Offcourse most people rather have no fp at all but at the same time we don't wanna go back to norton.

 

Re: AV Comparatives is Almost Due

The analogy is somewhat flawed. If an AV tells me that process "X" is a nasty, I am quite able to verify/falsify that allegation by use of my on-demand AV programs, Jotti, Virustotal, processlibrary.com, & lots of other such sources.

The analogy should be: It's okay for the cops to arrest 10 suspects, given probable cause, and take them in for questioning.

As for those who insist on near-zero FP -- because they won't or can't research as to whether an alert is (or is not) an FP -- best of British luck to you.

 

Re: AV Comparatives is Almost Due

I'd really like to see August summary data

 

Re: AV Comparatives is Almost Due

Bellgamin.

Its not that I can't or won't research FP's, its that I think it should not be necessary. How do you research a FP, upload it to Jotti's? What if most AV's were sloppy on FP's and some harmless packed file that you need showed positive on several. What do you do next?

Any fool could write a program that will detect 100%, but with lots of FP's. The whole point of AV programs is to find the bad and leave the good alone. I will say it again, VB100 has got it right with their 1 FP fails you policy. Perhaps fans of AV's known for lots of FP's think they know better.

The stuff folks post in forums completely amazes me.

-Diver & I am too far from the sea today for comfort.

 

Re: AV Comparatives is Almost Due

"Its not that I can't or won't research FP's, its that I think it should not be necessary"

You are correct, in a perfect world, with an 100% detection, 100% removal and 0% FP from an omniscient AV vendor no one would have to research any FP's

Some users will no doubt implement a minimum FP choice model and live another day!

But don't be shocked if in the future that choice finds a FP. It's only necessary to wait long enough and all AV's in the real world will label a non virus as a virus and bingo we have a FP. So I will set my options and actions to deal with that event when it comes!

Other will do differently as this thread shows, but there is no need for amazement about the existence of different policy and views!

 

Re: AV Comparatives is Almost Due

Isn't Panda supposed to return to the Comparatives soon? It would be interesting to see how their new Mega Detection engine and HTML scanning would perform....

 

Re: AV Comparatives is Almost Due

They said in 2008.

I'm more curious about Comodo and PCTools. IBK, are you going to use Threatfire/PCTools AV or Spyware Doctor + PCTAV or... Both?

 

Re: AV Comparatives is Almost Due

im a little more curious than i usually am this time around, as the beta drweb has been tested instead.

new heuristics and all that, surely this has to help detection.

we shall see, but i wont get my hopes up, but it doesnt matter to me anyway, but still, im interested

 

Re: AV Comparatives is Almost Due

We are like the parents waiting anxiously for the children's report cards.
No matter what grade they get, what's important is the improvement regardless of decimal scale. Always give them a nice pat on the back rather than dismembering them and adopting a new AV.

 

Re: AV Comparatives is Almost Due

there will always be people who change on a test result.

maybe drweb gets an advanced+ and 99% and everyone finally realises the potential

ha ha, like it matters