AV-Comparatives reports

Answer: People afraid of local/rare threats that could never receive signatures
Answer: People with less than optimal update frequency e.g. dial-up users

 

the retrospective test shows which AV's have a higher chance to protect you against zero-day threats.
the comments about the updates are silly as it is how retrospective tests are done (and are the only fair way to see how good AV's protect against new real malware without the need to wait for an update).

 

The goal of proactive detection / heuristics is not to reduce the number of updates, it aims at protecting you from new, unknown malware, giving the antivirus company time to add regular detection.

 

I think that 3 months is enough time for any serious malware author to bypass the heuristics of most antivirus...

 

10 minutes are also enough time, if you think this way. But seems that some AVs anyway protect you better than others by detecting on-demand new threats without a specific signature.

 

Yeah, I guess it is the most reliable way. I can't really complain about the testing methodology. Guess we'll need to wait till the next retrospective test to see how the newer versions fare.

 

most malware writers of today aren´t very skilled
Less and less often we see very good code
So, good heuristics will protect you of the variants of already known malware. This is the stuff we see very often

 

I don't know of any AV that updates every 5 minutes, but if there was, heuristics would be a moot point IMO simply because of the number of updated signatures.

 

Hello,
10 minutes, 10 hours, sounds like a battlezone. The only thing that keep us safe from doom is the real-time protection of anti-virus scanners.
Mrk

 

And user awareness. And heuristics too (add HIPS, behaviour blocker, sandbox etc. etc. into the list)

 

Ok, you may panic *now*.

 

You forgot FirstDefense ISR and Acronis True Image and of course, yanking the cable out of the wall.

 

Even if the AV updates every 1 minute you still will have to wait until the AV lab gets a copy, hours or days (or never) after the infection start spreading.

 

Btw, I'd like to see av-comp to implement a 'real-time' comparative test in addition of its 'on demand' & 'retrospective' ones.

 

Hello,

Due to a possible doubt of Lost in Translation syndrome, I want to clarify that I was being sarcastic. But I might install 4-5 anti-rootkits just to be safe and flash my bios (as in open my trenchcoat and flash it).

Mrk

 

What malware is more difficult to detect by heuristics?

 

hello, one thing i don't understand that is vba32 have a 42% score and have a "standart" note compare to AntiVirusKit that have 43% and is rated "advanced +". Same thing with bitdefender...

 

Check the complete report
VBA32 and Dr. Web are downgraded due to too many false positives

 

Best heuristic:

- NOD32
- Avira
- VBA32
- Panda

Best signatures:
- Kav
- Avira
- NOD32

This was my expectation before this test (for new malware, not old ones).

 

Not sarcastic. Sarcastic humor usually is a mean-spirited attempt to wound someone. In my opinion, your comment was "droll" -- not at all mean-spirited..

As to the heuristics of antivirus programs, I feel that I am better off using a behavior blocking HIPS for zero-day, instead of solely depending on AV heuristics.

 

Now you can correct your findings.

Best heuristic:

- Avira
- NOD32
- AEC Trustport
- AVK 2006



Best regards,
Firefighter!

 

Then your best choise is the AVG 7.5 Free or Free Avast Home 4.7. I think the HIPS, like Cyberhawk for instance, picks the rest.

Best regards,
Firefighter!

 

I feel I may have started this today. I am sorry and apologize, and lets move on. Sorry.

 

the last report of the year has been uploaded. it can be found at the bottom of the comparatives section.