Av-Comparatives: Retrospective/Proactive Comparative May 2010

You are right

in my opinion many fps are acceptable with high detection rate

 

That is what Dynamic tests are for, that is why some people argue in a valid way that the Dynamic test is the only real relevant test anymore. That test includes signatures, generic detecton, heuristics, emulated execution technologies, behavior-based detection and in-the-cloud technologies.

And indeed some versions tested are outdated, Avira 9 was used instead of Version 10 (I agree with clock that (although it doesn't matter because behavior-based detection is not included here) the ProActiv module of Avira 10 is not something which does really add something at this moment, I think it is fair to say avast! Behavior Shield has the same problem. Actually on the behavior blockers of G Data works good.); ESET 4.0 instead of 4.2, because the test is actually performed in February.

It indeed proofs anti-virus in this form isn't able to handle the massive amount of new malware, the Dynamic technologies have really to be of some seriously good quality.

Possibilities for the dynamic technologies:
-sandboxing: I do quite like this solution;
-HIPS: not a huge fan of this solution (Why should I install a program which relies on my computer and internet knowledge/behavior to protect me against my own knowledge/behavior?. I have got the knowledge to answer the popups correctly but I don't like the approach.);
-in-the-cloud technologies: is an approach to make an antivirus quicker in finding new malware but doesn't really improve the proactive detection, it's more of a quicker reactive way.
-repution-based: is not bullet proof for a the same reason as HIPS, but in combination with the above gives a proper extra layer;
-behavior-based: the most newly adapted layer by the antivirus companies.

But in my opinion using Windows 7 is already a great layer, since Windows 7 delivers a huge amount of great security options: firewall, DEP, SEHOP, UAC, SmartScreen-filter, Protected Mode, Standard Account, Restriction Policies/AppLocker, Rights Managment, Backup, System Restore Points and 64-bit. And the most importand layer is ofcourse your own knowledge/behavior.
I never had a virus with the combination of anti-virus, Windows 7 x64 and common sense.

Also the relevance of zero-day malware is often exaggerated, there aren't many people attacked by zero-day malware. Older malware is still the biggest threat for pc users.

 

He's celebrating this winning moment !!

 

Yes, exactly. To use an analogy, it is conceptually similar to testing the performance of a car with several major subsystems removed. The results are intellectually interesting, but bear little resemblance to anything an actual driver would experience.

One has to wonder why AV-Comparatives spends so much effort executing tests that have such limited applicability....

 

Two days ago he said Panda Cloud Antivirus Pro was the best, then he was back to ESET, now he is MSE again. Let's wait for the next test .

 

It would be difficult for them to perform Dynamic Test for 27K+ malwares

 

I guess he keep on changing his Avtar only not the AV in his system...

Sorry Trjam, just can't stop myself..

 

Yes, it would. But, fortunately, that sample size isn’t necessary to detect reliable differences between the performance of anti-malware products.

I guess it comes down to a basic question: Do you want high precision (i.e., huge sample size) on an answer that has very limited real-world applicability (i.e., proactive/retrospective test), or would you prefer moderate precision on an answer that has a high degree of real-world relevance (i.e., a dynamic test)? Stated in this way, the answer seems obvious -- at least to me....

 

Wrong, Trusport used to but now they are using Bitdefender and AVG as their engines. I think they dumped Norman, DrWeb, and VBA32.

Thanks.

 

Posted by Pbust ...

 

I guess you misunderstood me...Read it again.

 

To have a behaviour the file itself must execute, unless the antivirus has the necessary mechanism to execute the file in an environment separate from the real system. So behavior blocker would not have made much difference without execution.

Thanks.

 

problem is that such a result is no good for users without the knowledge to decide which are and which aren't FP's,so for normal user it could be a problem!

 

Not sure what you are saying. I have seen that Trjam is extremely consistent. Also he is flexible, and able to change his mind to follow the best course of action.

Regards,
Jerry

 

What's with the identical comments?

 

@jmc 777

i think comments are twins

 

Trend Micro is right where it should be........I've always seen it having similar detection rates, even from many years ago. If anything, they are consistent. The detection rate may not be so great, but I have had very good interactions with their support and virus response labs. They've always given top priority in helping me clean out infections as well as adding new/undetected samples. Just saying something in their defense (after all, there's a good reason why they are one of the best selling vendors).

Anyway, average results from most vendors. I would like to see the full FP lists though for all the AVs tested.

Zero-day detection also depends a lot on cloud-scanning and behavioral detection techniques, and as such, dynamic tests will reveal the standings there.

 

Wait for it's dynamic test review. I am sure it will perform much better. it has an excellent web protection.

They actually did not updated the products after Feb test, and now exposed them against fresh malwares.

I agree...

Is there any concrete source?

 

Those can be found in this report; PDF ~ Removed Direct PDF Link as per AV-Comparatives Request - See Main-Tests page for the actual PDF ~

BitDefender webpage statement link

 

Alright then off to purchase Avira Premium

But what is the deal with " Contribution to the Auerbach Foundation
$6.29
" ً

Why are they forcing the donation ?


I have already purchased NOD32 4 but after updating to 4.2, it caused problems. So i unistalled it and presently using the trial version of Avira Premium, so far good

 

Good luck to all, who go searching for the FP lists PDF on the Main-Tests page.

 

you linked to the wrong pdf anyway. the link to the correct PDF is inside the report as usual, on page 7.

 

I had corrected the link already after I noticed my error.

For another forum where I post on the AV-C tests, I've emailed several times with Andreas Clementi to find out what links and posted information/quotes were acceptable and what was not.
But never mind, I'll stop posting here altogether.

 

very dissapointed this time with avast. maybe now time to look around for another option... congrats to the winners