Av-Comparatives: On-Demand Comparative August 2010

AFAIK, by this time most (if not all) of the FPs reported should be fixed as the FP reports go to the vendor a while before the report is published on the web.

 

So I can use Panda again Thank you ...

 

Just to add Panda is in the process of attempting to fix why these FP's are there in the first place.

 

mmm... I've just looked at avast! web and there's a new feature or at least one that I haven't heard of before. Script Shield. It's not on the Free Edition.

Web Shield: Scans all visited web pages and checks all files, pages and java scripts downloaded from the internet. Thanks to the Intelligent Stream Scan feature, the Web shield doesn't slow down your web browsing.

Script Shield: Detects malicious scripts hidden in internet web pages and prevents them from running and hijacking or potentially causing damage to your computer (Internet Explorer only, 32-bit only).

Just installed avast!, but I've just checked this feature. Nothing else. Lets see how it goes and how it reacts with my Avira Personal. No conflicts seen, but its to soon to say.

 

Hi firzen:

That is an excellent idea.

On page 8 of the august 2010 report AV_C indicated:

In the proactive test my nod32 detected just about 52% of "new" malware. Well, if I get hit with one of the 48% of the missed that can't be healthy!

So I we knew how these tested products did against the $ stealing parasites that would be really excellent.

 

Ahhh, you really don't want 2 AV products on your setup at the same time!


Remove/uninstall Avira and Avast if you are going to avast ASAP. Then clean up your registry, defrag reboot and then install avast clean!

 

I know, thats why I only installed the Script Shield.

It's not new to have an AV for real-time and an other for on demand scans. I'm just trying.

Thanks anyway.

 

and is the worst vector, you can get infected easily while navigating into a malicious web-site

 

Ahhh I see you are experimenting with a hybrid! Execellent!

PS the syntax of your post made me think you were trying 2 AV's. I'm still worried about 2 AV engines and installations on the same box. The way I would do it is install the real time one on my setup and then use a web based av for on demand .... but to each his own

 

I actually said this in post #64 when I responded to progress' initial concern about using Panda. However, I still think that while Panda did exhibit a lot of FPs in that test, it's not a true world situation as I don't think anyone would have all or most of the products listed that triggered alerts.

 

It is true that these comparison tests do not match your real situation or mine for that matter.

IMHO, they are only useful for comparing products against the same set of malware and data. Then we can compare and select a set of products to test out on our own pc's.

So say this is 2011, I would look at the end of my eset license and IF it had fallen out of the advanced + category in both recent tests on demand and proactive I would choose from the top candidates for a trial then a replacement.

Some may not match my SW and HW reality so they would have to be set aside.

Then I have a short list. I have no vendor loyalty at all and would switch on a dime if it was to my advantage to do that! I have no need to defend my present choices for any products.

 

yes that would be great if they gave us stats on financial malware in their tests

 

MRG has does excellent testing in this area with their Online Banking Browser Security Project.

 

People have always been having ideas like that. Some like it, others say don't use it, it will lag your system.
It is true that having two AVs will lag the system, because they will be eating resources. But, at a first glance, and that depends on well coded it is, they are not resource hunger. I mean, other applications demand way more CPU and memory resources, and having them along side AVs never made anyone complain about it.
The thing is: Why should an AV vendor "let" you have other competition on the same system? If the competition catches what their AV won't, then people will consider that AV sucks big time and ditch it.

Recently, avast! 5 turned out to work just great along side Microsoft Security Essentials, even with all shields installed/enabled. There's even a blog entry at avast!'s blog stating how they worked to make them coexist peacefully.
Do you think they "allow" this coexistence because they consider MSE to be an equal or even superior AV? No, it's the other way around, actually.

I've been running both MSE and avast! in a virtual machine with 1GB of memory and 40GB of hard disk, with other stuff installed. Runs light.

If people feel confortable having a sort of hybrid AV, I see no harm, if both don't "fight" each other. avast! 5 won't "fight" MSE for the reason I mentioned above, IMHO.

 

It would be nice to have a catergory for spyware and adware.

It's said that spyware, adware, viruses, trojans and worms have blended into malware. Nevertheless, I would like to know how well each of these products deal with adware and spyware.

Anyway, I'm glad to see that my choice for Windows XP (Avira) is still doing well.

McAfee should be ashamed for its results, the detection of scripts in particular is bad. And that for a major antivirus company !

Wait, didn't they recently partner with Intel ?

 

It depends on how they detect scripts. Some companies like Panda have their behavior should protect against scripts so that would not come into play in a on-demand test. So maybe they rely on their behavior blocker to block scripts.

 

I'm a bit disappointed with the KAV results. I've been using it for several versions and the gap between it and most of the competition seems to have narrowed and other changes to the program over the years are causing me to seriously consider dumping KAV in favour of something else. After reading this report that may be Avast free as it is already on my netbook, plays well with Comodo firewall (something which has been getting more convoluted with KIS sans firewall in recent versions) and now seems to have bettered KAVs once vaunted detection rate and even better its free.

 

In order to choose the best AV for your system, you have to select the balance between detection rate vs. false positive rate vs. system impact (speed).

In the past, false positives have been proven to do more damage to a system compared to an actual malware infection. Early part of this year McAfee sent out a bad update that took down many government systems in the USA because of a false positive that detected important Windows components as malware. The damage took about a week to repair whereas a malware infection would have only taken no more than a day to repair. Other vendors like Kaspersky, Panda and BitDefender have also previously push out bad updates than caused more damage than what a malware infection would have caused.

Some advanced users might know the difference between false positives and actual malware, but most users are not advanced and this can cause major problems.

At the current time Avast appears to be the best option for an AV because of its high detection rate, system impact (speed) and low false positive rate. All of the other AV's that had an higher detection rate than Avast suffered a much higher false positive rate except for Avira which only had one more false positive than Avast. But Avira used their AntiVir Premium in the test, not their free version. However Avast was faster than Avira and didn't have as much system impact.

As the end results of this test the true winners were both Avast Free AntiVirus and Avira AntiVir Premium.

I wouldn't want to use any AV that detected over 20 false positives, I really couldn't care less how good its detection rate was.

Thanks.

 

NOD32 is a great software. Almost always gets Advanced+ on AV-Comparatives and is very light on the system. And it has few FPs.

 

Good to hear, Avira is the least problematic of the free av apps with some of the best detection ratings. Avira is tough to beat for free.

As an IT Tech when you need to put something on computers over and over again with the least amount of problems Avira is the winner in the freebies. If there was anything better then I'd use it. On over 100 client's boxes almost 2 years later, I've not had one complaint.

 

avast! and MSE may not seem to "fight", but that doesn't mean there can't be a problem. Their by-design peaceful coexistence is limited to not causing Windows errors, not necessarily effectively stopping malware. Think about it. Two (or more) resident services transparently intercepting calls and commands, each able to stop processes or block access at any time without the other being "aware" of it. In rare cases the actions of one may in fact block the protection of the other. For this reason Avast CTO does not recommend running avast! 5 alongside MSE.

 

Between the polar extremes of identifying everything as malware (100% detection) and 0 FP's ( identifying nothing), I tend towards accepting a relatively high rate of FP's if the overall detection is very high. Within reasonable limits, the effort involved in verifying identified malware is less troubling than having real malware slip by. I think false negatives can do more harm to me than false positives.

This is simply a personal preference but one I imagine might be quite common among Wilder's members.

 

Well , this can be true for you but not for everybody and is definitely not valid for corporates and big networks if a business AV product makes a problem. Of course most home AV products whitelist few known clean files.

I would aslo prefer more detections with more FPs (of course reasonable amount of FPs)

 

I agree, I really hate FPs because they can destroy your system The AV companies should spend more time on testing their signatures ...