AV Comparatives has released the newest report.

u know whats starting to get on my nerves? ur posts on this topic. All u do is flame the test because its not something that relates to ur needs, but here another fact u need to face, it IS related to other people needs (eg. mine!) i look for detection not prevention in an AV, im confident in my prevention, i want to know that my AV can detect anything that does get by or if im scanning something i get. If AV's were meant for pure prevention why do they bother making sigs anymore wen they culd clearly focus on prevention and be a completely diff product? its because there is value in pure detection as well. prevention isnt the only important part of an AV. and remember if ur looking for prevention, an AV is NOT what i would be looking for, since thats what seems to matter to u.

so you really need to stop flaming these tests just because its not of value to YOU, doesnt mean the test is useless tho...

 

He is just a complete Norton fanboy posting in every topic how great SONAR is. NOT!

 

Very well said!

A lot of TM people are also rejecting the testing methodology of those tests. My question to them is, if they don't agree with the concept, then why the hell did they ask AV-Comparatives to get their product tested? Fuxxxng hypocrites!!!

 

Like many other users, I would advise you the very same thing: "do not crap this thread by "A" vs "B" comparisons!"

We don't need to prove individually which is good or bad. Waste of time!

 

For individuals interested exclusively in the detection capabilities of an anti-malware product, then the results of the On-Demand Detection of Malicious Software (February, 2010) test may be of interest. The difficulty, however, is that performance on malware detection isn’t necessarily a good indication of the relative quality of protection against malware infestation.

Looking at the 15 products common to both the On-Demand Detection of Malicious Software (February, 2010) test and the Whole Product Dynamic Test (December, 2009), the rank order correlation between the performance of the two is only 0.31. It is therefore unwise, in my opinion, to extrapolate from the detection test results to anything that resembles actual usage in the real-world.

 

ah i see - the mass of samples are not in the lower detections sections.
(same for Firecat - thk u both)
i hope they will improve the rest - office 2010 is coming - and scripts can do magic - in good and bad.

 

would it be possible to please test avast pro or suite in the next test, since it adds a few things the free doesnt...i use the paid version and would have liked to see the results for that over the free one

 

If you read the the beginning of the PDF you can see a text similar to this.

"" Alwil software decided to participate in the test with their FREE product ""

Meaning it was Alwil that wanted the FREE version to be tested

 

ahh. well that kinda sucks though it does show even the free one has some backbone so the paid should perform even better

 

Indeed, I don't use Avast myself, but I have to say that I am impressed since it is a Free product after all!

 

the pro version has the same detection rate. avast wanted to get tested with the free version to show their users that their free product (as it uses same engine/signatures as their pro version) would score as good as their pro version in detection tests.

 

Good, that explains it all

 

IBK are you going o test Avira 10 in the coming tests if it is out by then?

 

+1
Well said!

 

Avira did great on their FP's .... can't wait for avira 10 ... all in all most of the AV's tested did a pretty good job, so stop flaming each other...lol

 

There is a point beyond which "flaming" borders on "trolling."

Concerning which -- if you will notice, there is an exclamation point (!) in the upper right corner of each post. If you click on that exclamation point, you will be able to send a message voicing your concerns to the Wilders Moderators. If more than a few folks do that, the Mods may ask a poster to cease regurgitating the same comments again & again & again, or to cease taking threads OT, or to cease making personal comments, etc.

Wilders used to have several representatives of security products who visited these forums from time to time -- not to peddle their products, but to participate in meaningful discussions & to share their experiences & know-how with us.

I learned a lot from those professionals (such as "Inspector Clouseau"). Sadly, some of them no longer participate as often. As to *why this is so* is a matter of opinion & conjecture, so I won't dwell on the matter.

However, I think it is essential that we remain reasonably civil & friendly when responding to each other's posts -- that is equally true for our reponses to posts by security professionals such as IBK & Stefan Kurtzhals & Inspector Clouseau & Stem (et alia), who have a lot to offer -- usually much more than those who are making unnecessarily caustic & demeaning comments about the security products which constitute a professional's career, and his means of earning a living.

Bear in mind -- telling someone that his work is "totally useless" is tantamount to telling him, "You are a useless person. Drop dead!"

Just my 2 cents.

 

Off-topic: Absolutely agree with you Belgamin I'm missing the days when security professionals joined discussions (before trolls/fanboys of a other product attacked them)

 

there are plenty of securiity professionals still here that comment. Products have changed, names have changed and I still see some of Bellgamins favorites still here. But the specialty of this place has always been the ability for "trolls" as some may call them, enthusiastic users is how I see it, and vendors, to rub elbows.

 

Attack is a strong word. I dont think Stefan, pbust,Joe, Marcos or Ilya, just to name a small portion of vendors here, feel attacked.

They seem to know how to take care of themselves.

 

Why are on-demand scan tests useless? Those malware samples do exist and must be detected by a product. And *ideally* they must be detected 100% by on-demand and 100% by dynamic methods. Why by both? Because you cannot use both methods in every scenario. It is no excuse to have low detection rates in an on-demand test and saying "oh, but our HIPS blocks the rest".

What does this test does not show? How well a product protects you against zero-day malware! But it also doesn't mean that the protection level against zero day malware only depends on dynamic detection. It seems some people do not understand how modern AV scan engines work. They are not simple pattern matching crap from 20 years ago. They use advanced methods such as emulation and OS emulation. So even in an on-demand scan, they do detection on the dynamic run time behaviour of malware! There are of course problems and limitations how far you can go with this approach. That's why you need additional layers of protections such as behaviour blocker/HIPS, exploit protection or reputation based detection. But again, not every protection method is suited for every scenario and every additional protection layer costs performance.

Another problem with dynamic detection testing is the too small test set. It takes too much time to test a sufficient amount of samples this way. Just testing 50 or 100 different malware families is not really representative. If you take different 100 families, the ranking could be entirely different.

 

About damn time someone said it. Thanks Stafan

 

great post and helps with what ive been trying to say, just much clearer and more technical and Bellgamin lol i never even noticed that Exclamation thing till now

 

well said.

another point those tests dont mention - usability.
it means nothing if user cant handle settings or logs.
ofc i rely on detection rates - but its worth nothing when my
system locks up and i cant do work.

>> every additional protection layer costs performance.

true - so its better to raise some passive security either
do backgrabbing when the goal has already been made.
what cannot get in dont has to be fighted.

 

Finally words of wisdom from Stephan, if there is no detection, its usually too late and cleaning is a royal PITA in almost every cases.

 

My impression:

With the exception of Avast! the AV vendors need to work more on malicious scripts. I don't know why they all score so low.

Avira is actually doing very well, they managed to drastically lower their false positives. If they could manage to eliminate the bug in their suite that disables the Avira services I might actually buy it !

I believe one of the AVs, maybe f-secure or f-prot, doesn't scan for spyware/adware. I'm not sure. It would be nice to know how well the AVs handle spyware and adware.

Now I come to think of it, the Avira suite doesn't scan for certain types of malware by default (see 'extended threat categories'). Is that also the case for Avira Premium ? It's hard to imagine that Avira would do so well if it only scans for the default categories.
I wonder how it was tested.

Again, VIPRE isn't part of the test. Honestly, I don't think they ever will.
Maybe they keep VIPRE consumer to promote their enterprise products ?