Av-Comparatives Retrospective/Proactive Test May 2009

http://www.anti-malware-test.com/?q=taxonomy/term/14

If even Kaspersky needs a separate removal forum, imagine what else avira can't remove. You assuming the PC is clean, the average user won't format their system when their infected let alone know their infected.

How is removing a file before it launches any different than deleting it by clicking the file and pressing delete manually.

 

Dr.Web doesn't claim to detect everything, but Avira does claim to remove what it detects.

Is the OS not a common place for viruses to hide?

What if the virus was already on the system? What if the 1% detection missing was the virus you got?

 

This site's credibility and its so called affiliation with Dr. Web has been discussed before. Avira and Eset rated lower than Avast and others for removal, guess I have seen it all.

Let me ask you, how can KAV remove what it can't even detect with its piss poor detection performance? You can't fight a cloaked Klingon ship, can you?

 

I think most of the time there's a dualism in meaning when we talk about 'detection': From Avira's perspective by default if something tries to enter the system and it's detected you get a menu of options (deny access, delete, ignore etc) whether one is an expert or layman, it is safe to assume that denying access will be the best course of action.

When you talk about detecting malware already in the system, regardless what AV you are going to use, it is not fair IMO, to judge its effectiveness in terms of how many pieces of malware can be cleaned. An infected system is a legacy of a loose attitude towards security from the user in the first place.

I have no doubts that if one tries different AVs to clean a heavily infected system there will be different results, but these results might vary trying to clean other different systems (it is common practice from people cleaning infected computers to use several scanners).

My point is that an AV should be tested in its ability to detect and deny access to a system, IMO this is the most important function. A clean system, with a top notch AV and a reasonable user should remain clean for along time.

This is obviously personal, but infected systems should be freshly reinstalled or restored with an image.

 

Cloak-malware
autorun.inf worms
The unknown was detected?

Most protection software should send the data of the unknown pest back lab team to figure-out how to remove the threat. But only if the software just can't clean the infected file. It could delete or try to clean it or put it into a safe house area, until the next update has a fix for it. This is how Rising does it. I've sent them many files for them to test and exam and they can tell me if it's malware or not. Still there software updates daily on the fly. Malware scans are daily on routine bases.

I know everyone here has there favorite suite or standalone AV but the best part is if you can send back feedback to the lab boys to solve the issue you might have with those unknown cloaked-malware or etc. pest or block dangerous bad sites or IP address too.

 

1. Its detection is not piss poor.
2. Once it does detect it, it can atleast remove it. Or in your terms, the ship will lose its cloaking device.

 

When is Getting Advanced+ is piss poor detection performance.
For your reference Kaspersky has implemented full fledged hips/proactive defense mechanism to block the samples it misses in its security suites

 

Hi Alex,
For a fact I can validate that there are still people in this world you are running win98. And some company in my company still run MS Office 2000 with Win2000. But yes, these numbers are small and its hard for a new product to cover such legacy products.

Regarding the second argument of testing. There are many 3rd party testing outfits of repute out there. Many of them who don't use the age old wild list.

Its very hard to believe that you and sunbelt find no 3rd party tester to be fit for the job, to run a comparative of VIPRE with other AVs w.r.t to detection and removal.

 

Please check the ratings at av-comparatives and compare to Avira and Eset. Advanced+ has no bearing, percentage of detection means everything.

 

Yeah , yeah percentage detection means everything that the experts at av-comparatives.org are fools giving Kaspersky Labs Advanced+ and HIPS/PDM all are useless. It is quite easy to say anything....

 

Which tests do you think are reputable?
Thanks

 

When discussing the results of this (or any other) test results, let's be clear to separate interpreted opinion from objective fact.

"Percentage of detection means everything" is an opinion. Behind that opinion may be a cogent rationale, but that rationale may not universally apply.

Folks - the concept is called nuance. It's your friend. It will help you understand and appreciate why the world view that you hold may not be held by others.

Regards,

Blue

 

Let me rephrase here at the cost of getting banned, what would you take in an AV, detection or Advanced +, basic point is how many virus are detected and in the end of day, thats all that matters. If a AV can't detect, then it has no idea if system is infected or not nor can it block effectively.

 

Then let me also rephrase mine.... at the end of the day is our system safe or not that is all that matters to everybody . People uses firewall, hips, av etc not just for detection but also to keep their system safe. None of the antivirus has 100% detection so u or ur antivirus cannot detect all neither mine, but in the end all that matters are the measures which protects our system to the maximum.
PS: U can check the reviews of Defensewall i.e. a type of HIPS from av-comparatives.org, how effectively it blocks the samples that all the antiviruses are missing...

 

At what cost may I ask and how do you intend to train all users, specially novice ones to heed all the pop ups by HIPS? Would you layer your spanking new quad core to bring it to 486 level?

 

Now u r diverting from the topic... at least the user will be warned at various levels when a malware is intruding the system and they can block it... in only antivirus measure user will never know when a malware not detected by antivirus will get into the system and capture it. Also check: none of the good hips like KIS, Comodo, Defensewall never uses a lot of resources. In my system KIS just takes around 20-30 mb of ram and system works very efficiently...

 

I am diverting the topic, lets see, the topic was on av-comparatives and you bring in HIPS. Its not about RAM resources, do install Filemon and Process Monitor from sysinternals and see what an average HIPS does to your system. A fully patched Windows with LUA, Hardware DEP implemented with a high detection good AV should suffice well against 0 day exploits rather than layers of security apps which can lead to various issues and conflicts in future. So many Win users complain of programs not working, crashes and other issues and when you check their system, you find them layered with security apps . Tell me, what good is a warning when the average users has no idea when prompted with explorer.exe wants to access xxx.xxx.xxxx

If you are on a NAT router, what use is redundant double filtering of the traffic putting un-necessary CPU load when your router is doing a swell job. An outbound app based monitor will suffice well enough there.

 

Well who said that bring quad core to 486 level I am not contradicting with ur security setup. By the way i am using HIPS from long time playing 3d games, surfing so are lot of users from the world with HIPS, with no issues with performance....

 

Since you mentioned HIPS thats why the reference to quad core and 486, glad it works for you but for average users, HIPS prompts can be quite daunting. I have seen performance drop with a dual quad core with 8gb ram so I speak from my own experience.

 

I haven't noticed from my experince, I have been using KIS from 2007, first on p3 machine then on my dual core machine. So are the users from comodo etc... I have visited their forums.... May be the hips u were using must be resource hungry. I have been using KIS 2009 now 2010 with no issues in performance with CPU or other resources...
PS: Even many of my friends are using KIS on their laptops and desktops, they r playing games etc... with no issues in performance.... they are also average users

 

The ones you mention, I have used them all. Maybe your perception of performance are quite different from whats mine. I prefer the lighter approach, one which gives me long term stability and speed over all.

 

Maybe its true, my perception and my friend's and all others who uses HIPS are the same we all prefer to use their system nicely not just dedicate their system only for security

PS: We are able to use system of course lightly, with stability and speed for all sort of purposes

 

I have friends, some of them active members in this forum here who prefer the lighter approach, they are all veterans and have been around and used security apps since their early days. All have come to the consensus that layering is not the right way. In the end, whatever suits you is fine.

 

Same case with mine and same with security experts sitting around the world... every experts lets say from Norton, now Avira who is building proactive defense technology now... Every experts around the world says layered defense is the best way to be safe from present scenario where around 30,000 malwares are released everyday (a source from panda says) some of the rootkits malware in recent scenario were so dangerous they caused massive havoc, inspite of people having antiviruses on their system. None of the antivirus can detect all of them

 

But implementing better security measures, patching OS, LUA, SRP and DEP can block most. In that sense, nothing is infallible, not even HIPS.