Av-Comparatives February '08

Which, BTW, is the only important thing for those who don't run real-time AVs/suites. I know that flat file scanning doesn't say much about how well or bad a product protects against malware, but for my specific pattern usage, flat file scanning is the only meaningful parameter.

Come on. Automatic updates for both the OS and 3rd-party applications are becoming the norm. Even more, there's software designed to inform you about older/EOL software present on your system.

 

av comparatives is member of AMTSO so i think we will see some changes in the next test.

 

being "member of amtso" has nothing to do with it. I announced already in September 2007 that we will do dynamic tests as soon we are ready for that and some "approved" test methods exists. Both is not the case so far and we said that we will do it starting from 2009 (additionally, not replacing). amtso is not restricted to dynamic test standards only, but dynamic tests are due their importance of course where the focus is and has to be.

 

Good luck if you dont run real-time AV.

Good luck if you think there is software that can keep every ActiveX on your machine up to date.

 

I've been doing this for at least 5 years and zero infections. I'm really lucky or I have an infrastructure in place to prevent being infected and easy recovery.

I don't use IE. FF + NoScript allow easy control of browser plug-ins.

 

Good for you. For me FF + NoScript is a horrible user experience. I just couldn't live with it long term even though I know its good for me. But that irrelevant. AV products are meant for the vast majority of the connected population that do use IE. 80%+ does. And they are getting infected by visiting trusted websites and getting infected. Thats why THEY need the best drive-by download protection out there.

From what you've said, sound like you dont even need an AV at all, so these test are really irrelevant to you.

 

Agreed. But how the average Joe (who is getting infected at every turn on the Internet) will ever know of a reliable test to base his decisions to buy XXX or YYY AV/suite? This is a nice paradox, the people who are interested in AV tests are the ones less likely to get infected in the first place. In the meanwhile, the average Joe goes to the computer shop of his preference and buy the shiny Norton/McAfee/Trend/panda box.

Quite difficult to measure, IMO. And quite difficult to offer reliable detection of drive-bys. How to detect obfuscated scripts without a JS engine? And a full JS engine is highly likely to slow down the browsing speed.
IDS signatures. Do they really work?

I might get infected, nobody can say the opposite, altough I'm aware that the odds are really low. OTOH, I do like to know the technological evolution of AV engines and how they perform as time goes by.

 

Thanks for the thread! I am amazed at the results. I am going to be changing my AV for sure ...

 

Panda's inclusion for 2008 was mentioned recently. Is it included in the soon coming results?..

 

it will be tested separatly for a magazine in some weeks. I do not know yet much details, e.g. if the results will be available only for the magazine or if I will also be allowed to put them on the website.

 

bad news folks,

Direct from av-comparatives-
Comparative results will be available for all officially at those dates:
15th March and 1st September: comparative results of on-demand detection of virus/malware
1stJune and 1st December: retrospective/proactive test results

 

whats bad about this.

 

isn;t it supposed tp be 1st of march? bad news=delayed.

 

things happen. Ibk I am sure has his reasons. I can wait a little longer.

 

any ideas what happenned? since the individual test for... forgot what it was has also been delayed. whats going on? hunting for malware?

 

When the new results come out it will be completely earth shaking. Everyone will abandon their old favorite and buy the new champion. Mountains will move. Rivers will change their course.

And, zero day exploits will continue to fool most AV's.

 

...and I will make no changes based on the comparatives...

...unless the one I am using just goes off a cliff...NOT!

Still I will wait and will enjoy reading the results and the Wilder's membership reaction

 

yes, i agree with you Diver, since this is a major test too, lots of people new to the computing world will change.
P.S. how do you know it will be earthshaking?

 

i am not sure that results will be delayed. at the moment it looks like it could be still 1st march, but as i will be away the first week of march, i will maybe postpone the release to my return.

 

I was going to bump it to say yay 3 days away...

But on the site it says March 10th now.

Still can't wait.

 

Can't wait? It will not make any difference. Even the most professional AV testing is badly flawed. Those that are not the best are fatally flawed.

 

And none of these products are going to be terribly bad for a user of an average risk profile.

For most people here, the additional information that we have are AV tests opinions of other users. Do we really know that more about a malware product and the average Joe?

 

If you step back a bit, the average reader of this site and these tests would tend to:

• Know whether a product has been examined by any of the many testing organizations or not, so they'll be more likely to discern the rogue and charlatan applications from the bona fide products
• Have access to some objective metric of performance. It may not really reflect the entirety of real world performance, but it reflects performance in at least one idealized world.
• Understand that none of these products impart absolute invulnerability to your computer. One may address that by augmenting them in some fashion, or by easing the challenge that they must survive by avoiding some "obvious" items... (blithe opening of those nasty email attachments, downloaded codecs, etc.)
• Use some of the discussions associated with these AV tests as a mechanism for self education on many fronts (examples - how malware works, typical infection routes, general good computing security habits, how to survive and thrive without overwhelming your PC with security monitors, approaches people use instead of an AV, etc.)

So, as a general answer, I'd say yes, you really do know more than the average Joe. A lot more.

Blue

 

Well said BlueZ,

There are a lot of issues with AV's today. The most serious one is rapid tuning of malware to evade signature based scanning. So far this has brought us heuristics, or a dubious shortcut where anything in an unusual packer is flagged.

There is a lot to be desired in the testing process. Look at Shadowserver.org. Their statistics on zero day detection in some cases differ widely from flat file scans done by other testers. What about Nod32 which is near the top at AV-Comparatives and an also ran elsewhere. If something can not be unpacked can the AV detect it when it is run and terminate the program before it can do any damage? How certain are we that the sample set only contains malware?

Its a horrible mess that will get worse before it gets better.