Av-Comparatives Retrospective/Proactive Test May 2009

I agree that their grading system seems strange, but that does not necessarily constitute as bias, they simply have different views on what products should be able to do. Of course I agree like all reviews and tests the results should be taken with a grain of salt.

 

There are established testing sites like av-comparatives and then we have ad sponsored susceptible sites like PC Mag whose authors cover everything from printers to AV, now who has more credibility?

 

I would rather trust one that is dedicated to tests on a AV then one that is a jack of all trades.

As for being bias I never said it was based on there grading system. They just don't compare AV's very well, they rather score on features like parental controls. yet it has a 10% detection rate, Having them score products like that as a "Editors choice" is just stupid a customer gets mislead.

In the end with PC mag you walk away with AV that wont protect you or even do what its advertised to do. But you get a REALLY SHINNY STICKER on your box that has no meaning to it at all. So someone saying Hey we scored well with PC mag and they rated us as a "Editors choice" means nothing when you look at the other tests that are available for people to see.

 

who has limited resources? and why? can you please explain little more? also i have a question why avira dont have an advanced heuristic which the malware while scanned avira opens it in limited environment and see what it does make general activiaties malwares often do (you make 3 point to say its malware example 1- send data and downloads files, 2-modify system ..etc) so when avira run it if it made 1 from 2 points avira say (probably a malware or suspicious and if it made all the points which you perviously made it then you say a variant of...(malware name) also and you can use this idea on specific variants of malware (zbot does a-..., b-... c-....) so when you catch malware do the (a,b,c or a,b only or even a only) then its malware or variant or suspicious depends on the how much points the malware scores (a,b,c) thats what eset (nod32) does and its very good as you know malware is easy to encrypted when detected so a very advanced and strong herustic is better and important and you will be able to catch the new malwares before it even created!! last thing why you dont catch an executable values on the malwares so that it cant be encrypted anymore (it will be broken if they tried to encrypt it). finally i have to say that avira and specially you do a very very good job and all uses and company appreciated it and and i have to say thank you on all your efforts for protecting us. thank you Stefan Kurtzhals, thank you AVIRA

 

Which product has a 10% detection rate?

 

It is good to know you are the content police and have nothing to add as usual.

 

Alex,

Assertions are what the computer industry does well, having worked for large firms and owning three of my own- I saw and heard it all. The problem is, assertions are not facts- just assertions. When I see you do well at AV-Comparatives- that will add some empirical substantiation of the efficacy of your engine. Until then, I will continue to conclude that you are simply making unsubstantiated claims.

 

Nod.........nod

 

Problem is everyone is looking at this test like its the only factor in how good an AV is. Dr. Web may not have the highest detection, but it can remove 100% of what it finds. While Avira may find everything but remove less than half. Kaspersky has the highest amount of unpackers. Symatec has the best parental control. NOD has the most accurate heuristics. Avira has the highest detection.

There is no AV that is good at or even decent at everything (maybe kaspersky ), so what people pick depends on their needs. What if someone cares less if they get infected by a virus but SPAM annoys them most? Get an av with a good SPAM filter.

PCMAG also has their own view on certain products. They probably pick the av with the most polished feel. Does everything work how it should? If not than why award an AV that seems to "chuck" features in just as a selling point. If symantec is able to make every feature of their AV work as it should, why should they be punished.

Sure Avira may protect you against everything, but whats the point if the average user has no idea what option to pick on alerts? Everyone here is acting as if the only user that matters is the one that knows how to handle malware.

Most of the time there is no bias, just a different view of what is good and bad.

 

It's bad to know you still have only selective reading, since you missed my input on both page 1 and 2, unlike your "input", dare I call it that, more like defensive measure against an impending attack (only in your mind). Excluding your latest post in this thread.

 

Coolio10, good post. You can give someone the best product/program available, and if they run into one problem, they will most likely, not be happy with it.

Each security product/program usually has its own strengths, lighter, higher detection, easy to use, less conflicts, better customer service and so on.

No one product is the absolute best. But to every one of us, we seem to each have the best product.

 

Folks,

To everyone who feel compelled to comment on individual members...., let it go.

With respect to the subject of this thread..., how about something a little more thoughtful than gratuitous congratulations to the winners and...., well..., other commentary regarding the trailers, not to mention the back and forth sniping between members.

This testing protocol has been going on long enough and there's enough data that even a casual observer should be able to perform a quick and informal meta-analysis to get some idea of the threshold below which score differences are really not discernably different (hint - it's about 10% absolute with some censoring - I'll leave it to the math mavens to figure out the details). On that basis, there are basically three major result families (20's and below, 30's - low 40's, 50+ or so), but there's arguably slop even in that categorization. On top of that you can layer additional factors...., that could, IMHO, actually develop into a worthwhile discussion regarding product selection.

Blue

 

Yes, and i still want to know how many clean samples are tested.. because those 69% call for details on FP criteria.

 

You mean the total files used in the FP test? Random programs, etc? That would be nice to know actually. Then you could work out a percentage of False positive and add it to a ratio against detection.

 

Which actually means something, as opposed to absolute numbers.
I pretty much ignore FP test in AVC because of that, unless the difference is really big.

 

Aye 1.1 Million samples and 20 FP's on Average. FP's of such low number should not affect how it does I believe. Now I would care if that number was in the 100's only one I have seen that close tho is Gdata.

 

I think this is a good question. Newer antimalware engines, like Malwarebytes, Prevx and Sunbelt, all face a disadvantage when dealing with legacy viruses. The Wildlist itself is particularly challenging -- in order to get certfied, you have to be able to detect things like Word 95 macro viruses. It took us a lot of work to have to go through and write detections when we were developing VIPRE for malware that simply is not a risk to the user today (unless you're running Word 95 on a Windows 98 machine).

The question, I suppose, is what is actually infecting users? What is relevant?

Testing is not in the best shape in the AV world. A prime example is this one:

http://www.computerworld.com/action...&articleId=9133345&taxonomyId=17&pageNumber=1

In this new "objective" test, Kaspersky and ESET, both outstanding engines, got hammered. We all know that's ridiculous -- you may have your differences with a particular engine, but these two AV products are very, very good. I consider the test rubbish (with all due respect to the author).

At the end of the day, when have you to disinfect a thorougly hosted machine, what tool will you use? What tests truly reflect today's malware? For those of you involved in malware research, what do you typically see for in-the-wild detection?

Alex Eckelberry
CEO, Sunbelt Software

 

No AV is fool proof so the chance to be infected on with ANY av is there, tho some make it a slimmer chance then others. As for removing the infection I just roll back on a Image as I trust no AV to remove the infection fully and in today's world you rather make sure its gone then hoping it is.

Now I know this is not what everyone does the avg user does not Image there HD's keep backups of all there data for them AV is there first and last line of defense.

Now as for testing there is only 2 that I really watch AV-Test and AV-Comparative and the main reason is it shows raw numbers no articles on what the editor thought. No BS just raw numbers on samples go back as far as May of 08 and Awards only being handed out to that test bed. that leaves pretty much NO av at a disadvantage as its all pretty recent malware.

 

Rollback programs also allow you to rollback to an earlier time period,not just because of an malware related problem. It also allows you to rollback in case a windows update makes your system unstable or driver update etc etc. The lists go on and on.

There's more to a stable computer then pileing on the latest and greatest security software. When your Chkdisk finds problems,and you cant get to your desktop,it's not gonna matter if you got Commodo installed,you instead shoulda had a rollback program installed.

 

How so..... My computer makes a backup every 2 days and a CD every 2 weeks. if something happened its 10 min back to a image before it happened. Security is there for a Prevention if your hoping it will protect you fully your only kidding your self.

Also its not a fresh install of windows it has all my programs and what not already set. So no, a roll back is the most effective way to do it. And the simple fact is its faster then letting your AV clean the infection and more effective to.

 

You obviously dont get it.

Rollback is nothing like a back up program. You need to read up on rollback software.

 

No security setup is 100% If there was whomever came up with such a setup would have made alot of money by being able to prove such a system exists.

Regardless of what you "think" is a 100% secured computer system is far from reality,hate to burst your bubble.
We weren't even talkin about "key loggers" so not sure why you brought that into this post for,as thats dealt with with other security software.

 

That's what I used to think as well, that the FP count was in relation to the 1 million + of samples. Apparently FP testing is run separately but no details about this test is ever disclosed. I think this what Pedro and elapsed were talking about.

 

By and large, I agree with your analyses, but there are nuances that ought to be addressed." Dr Web removes what it finds" great, but it can't remove what it didn't detect in the first place. Avira by default will deny access to anything that is suspicious, perhaps even FPs -outside the system-which is not so serious as detecting FPs in the OS. The average user with Avira can safely deny access to anything suspicious, and therefore won't need any AV cleaner.

 

In every tests done, Avira's removal rates have also been up with its detection rates and saying that it doesn't remove what it detects tantamounts to FUD. If the gate remains closed and troops are alerted, no intruder gets in. Plain and simple.