AV-Comparatives - File Detection Test - March 2013

Re: Boy Has Norton Dropped down

This test is not relevant for me ( and almost to everyone using internet). As long as AV is good in web based test and runs fast, thats the AV for me.

 

life is not that simple when it comes to keeping the crap off my computer. I think he wrote that more in defense of Avast than defending ESET or any vendor. You have to write an av to cover all the bases , using that kind of thinking will IMHO get you in trouble...

 

Re: Boy Has Norton Dropped down

Mod, is this personal attack allowed in this forum? spywar, you have your opinion, I have mine, and I backed up my statement with facts/I observed. What's wrong with that? It's better than your assertion, which is based on nothing but your illusion. Please go to a doctor and get your head examined.

 

I really want to comment the tests but I will not do it because I know the majority of users here won't agree with me.

However, I will say that testing Symantec for free is not fair compared to other vendors who actually pay to be tested (they also pay for other things but the most important and the reputation is from the tests)

Additionally, isn't it a legal issue when Symantec clearly stated that they do not want to take part in the on-demand tests but you did not accept their wish and did test them ? Even if it is not a legal issue, this is moral issue you (AVC - the reputable non-profit org) did not accept a vendor's wish.

I kind of agree with post#89 - file detection tests might be relevant for file/mail servers only - but not for endpoints, not for home users. And AFAIK most AVC consumers/readers are end users/home users.

 

Re: Boy Has Norton Dropped down

I don't hate norton. I have been using norton in the last 3-4 years. I started to get suspicious when norton withdrew from av-c.
Since you are so look-down on File test, why not disable the virus-signature update all together? And for those who believe signature-based detection is "out fo date" now, please cite some sources where any AV vendor clearly indicate that they are not developing their product based on signature-detection, but based on behavior-blocker and cloud file-reputation system. Go ahead, show me some facts, not just illusions in your head.

spywar I hope you can read:

"Issues With Norton File Insight

For a number of years Norton File Insight appears to only recognize the safety verification measures from premium software companies. Norton File Insight often erroneously flags a downloaded file as having no Digital Signature and no version number and therefore a potential threat.[2][3] Larger, more-established software companies appear to be able to avoid these problems.

Furthermore, whitelisting a file (i.e. having Symantec investigate software and classify it as safe) is ineffective because developers will have to constantly reapply for white-listing status each time they publish revisions of their software. This is particularly a problem for small software developers with small production teams who constantly publish revisions and updates rather than have an extensive internal development cycle before releasing updates.

These problems hinder an industry of small business software developers from having equal market access since they lack the resources to comply with Norton File Insight's demanding and unclear requirements to avoid being flagged as a potential threat to users."

Now let me know how effective and magical you think Norton FIle insight is.

 

This method works for me in two computers. I tick the "Never check for updates" option and Firefox doesn't even tell me when a new update is available. I read the thread you posted, perhaps the option is not available or it doesn't work anymore when someone is using a very old version of Firefox.

Bo

 

You might also want to uninstall mozilla maintenance service via control panel.

 

I am using FF 19.0.2 and although the add on says that KIS Safe Money is not compatible, it does work anyway. FWIW.
Jerry

 

Re: Boy Has Norton Dropped down

Although it was not directed to me, I also officially recognize myself as one of them because I too think that Norton products are useless

 

Re: Boy Has Norton Dropped down

I will just say that whatever oliverjia said is indeed relevant and a very valid point. Insight often throws up FPs on newer files (PC Tools also uses Insight in the form of it's "Download Guard" and various cloud lookups during scan). There are times when I have dealt with project reports, scientific articles, college applications, etc. - all flagged as suspect because of low reputation, yet perfectly clean files.

At the same time, I do acknowledge in practice Insight is very useful against web-based threats. But the fact of the matter is, signature based protection is still important against for e.g. malware on USB devices, which Insight cannot be of much help.

Symantec's direction with Insight has caused many, many problems for smaller developers. See the post here:

http://www.codeandweb.com/blog/2012/06/23/how-symantec-ruins-independent-developers

Also, this quote by an ex-Symantec employee is particularly relevant and implies Symantec implemented Insight in order to boost test scores and reduce their active work staff/resource requirement rather than having true responsibility towards increasing the product effectiveness/protection rate:

https://news.ycombinator.com/item?id=4152539

I'm not against Symantec, but they clearly have been trying to reduce their active staff for a while now and have focused a lot more on performance of Norton than on the protection rate (for e.g. how by default the boot time protection setting is set to the bare minimum). I wish they'd stop this and focus on protecting the user instead.

As it stands, I still don't think Symantec/Norton is outright bad, I just think one needs to use the full definitions set and rely less on their cloud.

 

Re: Boy Has Norton Dropped down

 

Re: Boy Has Norton Dropped down

Thank you for this very constructive and knowledgeable input.

 

Re: Boy Has Norton Dropped down

Yes, very good post Firecat

 

Re: Boy Has Norton Dropped down

The Insight technology has been made long time ago (I guess it was first in Norton 2009). The idea was to be tested and developed in the consumer program, to be polished, to gather enough info and to be pushed in the business product.

It is is still being polished because Symantec know very well that most their big customers still run version 11 (which lacks Insight).

And when the majority of the clients are ready to upgrade, Insight will be perfect.

Currently, it is looking for information - collects information. Of course it is also very effective against malware at both Norton and SYMC Endpoint products.

The biggest problem is Norton because in Norton users (end users) cannot control in details Insight. In business products, this is not an issue because Insight levels sensitiveness can be controlled - from 1 to 10 and the false positives can easily be controlled.

Info about it: http://www.youtube.com/watch?v=HxbPScdt-3s

Norton is generally considered for the mass users - for people with less experience. Of course for them best would be to avoid unknown files and Norton acts accordingly. Every single non-home non-typical user must use the Symantec business solutions - this is where the company focus is.

 

more and more companies like Symantec, are counting on the business side of things from a financial standpoint. The evolution of very good free antivirus products has really put a damper on the profitability of paid home user products. Thus development suffers as well.

The freebies have been a blessing for home users and to me, it will only get better as more and more vendors are forced to offer a very good free product. But all has a cost. If they cannot recoup costs from the business side, then the onslaught of new AV vendors that has arisen in the last 2 years, will plummet like stock in jmonge.

It will be interesting to see how this plays out. But I am pretty sure, somewhere out there in development is the one all, stop all, product being readied for deployment, that will put a end to malware, once and for all.

No media of public information and communication would have survived this long, if someone had not found a way to make things safer for the end user. I personally think Microsoft has this ability already, but from a financial standpoint, it isn't yet profitable. Malware is money, for everyone.

 

Re: Boy Has Norton Dropped down

Not trying to act rude, but I call this bs. Come on, it's been collecting information ever since the year 2008 and still polishing? how many 5 years norton needs to finish collecting info? One more question: what kind of information is norton collecting? Let's say, exe files. So every minute there will be new exe files come out, when do you think norton can collect enough info?
also, although not very relavent, how do you know most of businesses running norton are still using SEP 11? please back your claim with facts/reliable sources.

I agree with firecat, whitelisting exe files is a bad idea, even worse than signature based detection.

 

I will chime in on this since I use NIS 2013.

Since Symantec specifically requested to be excluded from A-V Comparatives tests and they chose to test it anyway in all fairness A-V should retest NAV with full definitons downloaded and scan setting set to scan all files. That should eliminate all those FPs NAV received and for which A-V penalized them for in it's ranking criteria.

 

Re: Boy Has Norton Dropped down

Wow! Thanks Firecat.

 

I really can't understand all this fuss about NAV/NIS Insight. It's a download scanner based on signature existance and reputation. As far as the reputation goes. it is Norton community based. I might add that if anything, its community ratings are too loose for my liking. If people want to complain about reputation scanners being too restrictive, start with WOT. If someone doesn't like Insight, they can easily turn it off via the NAV/NIS GUI.

The guts of NAV/NIS protection is Sonar which employs the realtime protection.

 

An awful lot of money.
http://www.economist.com/news/busin...penetrate-computer-systems-digital-arms-trade

 

This sounds like a voice from the past...is that you AVIRA

 

Nice results from most vendors.
Good to see EAM up there too.

 

I fully agree that reporting/blocking binaries just because they are new, rare and unsigned without checking for actual malicious behaviour is a bad idea. And actually not only Norton is doing this kind of "detection".

What I don't understand is why Norton participated in the on-demand test but not in the real-world one. As the real-world test is by far more relevant I would have expect the opposite, dropping out of on-demand and staying in the real-world test.

Anyway, I am looking forward for the next real-world tests as they will contain the improved Avira cloud integration. Funny, there was almost no user feedback for the first Avira cloud integration which happened some months ago.

 

It was (and still is) cloud or "semi-cloud" ?

We will see what is this "improved Avira cloud integration"

 

Re: Boy Has Norton Dropped down

Grapes are sour.