Av-Comparatives February '08

Well for me the best antivirus is AntiVir and Nod32 , but its too bad they dont add anti-spyware protection on AntiVir

 

Ammm ... Not true , in my opinion . AV-Comparatives perform tests only on detection rate so that readers can have an idea if product X's detection rate is OK . I haven't seen tests which compares speed , lightness , detection acuracy , tech support quality , etc ... Detection is one of the most important parts , but the onliest !

 

Or it shows that tests based on flat file scanning of large test beds are becoming useless to tell the true "performance" of AVs against live infections.
Disclaimer: flat file scanning is the only important test for me, but it's becoming irrelevant for most people.

 

Surprising levels for avast and avgAM (with a little help from ewido )

I'm a bit disappointed from BD

 

if most scanners can acheve advanced plus then its mainly down to,
looks
easy to use
resourse usage.
how it works on system
and most importantly how fast the antivirus vendor sends out updates.
one vendor could sent out updates fast to most customers would have the threat blocked. where as others maybe slower at updating which means malware being caught with an on demand scan.

 

Antivir premium does has AS protection.

 

I would add behavior engine to the list. IMHO, every AV should integrate one to stop new malware before signature are added. But of course, we can't see the effectiveness of any behavior engine unless we launch the malware, so I don't think any test will include that any time soon

 

Avira antivir personal edition premium features:

* Security package with virus scanner, AntiAdware, AntiSpyware, AntiDialer, email protection (POP3) and AntiPhishing.
* Very easy to install
* One click configuration with individual selection between standard and expert configuration
* Extremely high performance and detection capacity by using the latest standards (AHeAD technology)
* Extremely small program and signature updates make sure that the protection against attackers is always up-to-date
* Rootkit protection
* Virus check of every file and archive access
* Protection of active processes against undesired breakups
* Also available as a family license for 3 PCs

 

a lot of the av's did very well this time.
Well done

 

av-test already did/does it with a dozen of samples. other testers will also do it in future. the last test results from av-test i saw on a german magazine about behavior-based detections were very low (highest score was 40%, most had 0% or 20%).

yes, but note that most of the products which last year scored standard are not included this test, that's why most are advanced/advanced+. but yes, in general nearly all products improved. a closer look (tomorrow) will reveal that Microsoft probably improved the most compared to last year.

 

Curious to see about that than

 

no Panda?

 

IIRC, Panda will be tested separately.

 

Perhaps i don't understand this, but lots of AV's have this build in their kernel as part of the heuristics.

Norman calls it sandboxing for ESET uses heuristics like a virtual environment to run malware samples BEFORE they are REALY executed (active heurstics) besides the fact that if possible program code is analysed before executing (if readable) (passive heuristics) in the ThreatSense engine, so i think it is impossible to test some antivirusses WITHOUT testing their behavior engine.

Or better i think that the av-comparatives retrospective tests are testing this
as a major part of the heuristics test.

So, you don't have to really launch the malware on a live system to have it analysed, most AV's are able to do this anyway.

 

@Joe_Jones: no, what kinwolf means does really require the execution of the samples.
the retrospectice test is not a dynamic/behaviorbased test.

 

That are file heuristica indeed.

Behave is analyzed on execution( might be inside a sandbox etc).

 

IBK:

.

Sorry, i have misunderstood.

Kinwolf:

It is indeed interresting to see what really happens if malware is executed
and how effective the AV is in handling this.
Besides the fact of detecting it ..
Can it clean the malware from infected files?, or does it have to remove the file, are there infected left-overs , are there real system/data files corrupted or lost in the process?

 

Avg 8 hands down caught a nasty little Java virus i had last night whilst asleep , 7.5 missed it hmm

 

aigle:

Yes, but it doesn't have to be with On-access.

If the On-Demand scanner finds a crypted executable that decrypts itself while
excuted, it can also start the file at that moment, in the sandboxed environment, to force the malware to show where it really was developed for.
and detect the malware by heuristics or by signatures

 

really dissapointed at microsoft and mcafee, they said that their latest version would be like the best, ahh and bitdefender they were so proud about their version11, they said it is the best antivirus and all, and now what happend ?
it doesnt seem that microsoft and the other 2 antivirus has the best latest version.

 

I think we need to wait for the final results to see or pass judgement on how well any did. VBA32 is rated standard, but if they have shown improvement in areas over the last then they moved forward. Same for the rest.

 

There is likely not that much statistical variance in today's results from past results. The best stay near the top, and the average stay average. The technologies for detection clearly do not change that much, contrary to the constant marketing hype. In other words, if you use an Advanced+ AV, it is more likely than not to stay Advanced+.

If the technologies really changed that much, there would be bigger swings in the results. The deduction is that AV vendors are not able/willing to greatly enhance the efficacy of their offerings.

 

Or perhaps the changes in technology are not reflected by a static sample set.

 

There is no Standard (=Commonly Acceptable) AV testing methodology.
Therefore, AV-testers, use their own testing methods.

In a while, Andreas Clementi/IBK will be a Saint or Devil:
-He will be praised by the Funboyz/Shills whose AV scored High.
-He will be cursed by the Funboyz/Shills whose AV scored not that High.

Questioning the AVC methodology -in general- is one thing.
Questiong the AVC methodology -because your favorite AV didn't perform as expected- is another thing!

Let's hope that this time we will not witness the extremities of the past...

 

True, but that has been said by myself and others many times before.