Av-Comparatives Retrospective/Proactive Test May 2009

Love him or hate him but IMO Matt's tests at remove-malware are performed in a realistic way on the type of malware average users are likely to encounter.

 

sorry but you're just trying to flame the thread,I love the way the fanboys react to any test result.really amusing!

 

Automatic Mode?

 

Is there any, how bout if it ends up blocking a legit app, where and when to discern.

 

If it's Kaspersky we're talking, the worst thing that can happen is that it places the legit app. in Low Restricted, which means it will alert the user to any suspicious, or dangerous actions for that matter. For the apps. that it's totally unsure what to do when such an action happens, say a leaktest, it'll also prompt the user, even if I would rather, for example when it's fiddeling with IE, that it automatically and temporarily restricts it till there's no danger left. It checks both for danger-rating and digital signature, not just digital signature which would leave you vulnerable, and as it still obviously monitors for dangerous actions, you won't go unprotected even if software is placed in the Low Restricted area.

That it can't operate completely automatic is sadly a reason I probably won't use it in the end...

 

DefenseWall practically has no popups. Sorry...

 

How would a guest user know which app is trusted and which isn't, what if he or she blocks a legit application, one thats needed for proper functioning of the OS? Since your HIPS makes all process runing as untrusted, what happens when a panic stricken noob ends up making system folder untrusted?

 

It doesn't, only certain internet faced applications, and it does that automatically.

 

IMHO, AV-Test, AV-Comparative,Anti-Malware.ru
Esp. AV-Test who are often commissioned to do custom tests, with a recent or active threat sample set. Also Anti-Malware.ru does many interesting tests with recent rootkit, polymorphic malware sets.

But now there a lot of new ones coming out like too. So Sunbelt could try anyone, for starters.

 

Don't block anything. Use Sandboxie and flush the toliet when your done!

Ice

 

Btw. neither Defensewall nor Sandboxie works in x64 Win so still need roto router.

 

It seems they just got sick of putting the crown on avira's head for every comparative test that they do and they've changed (a bit ) the test's "rating results policy". In the end, it's the 'plus' (+) sign what matters for marketing purposes

Hey, help me selling my product!

 

Congratulations to Microsoft, Eset, and Kaspersky !!

 

I agree. Install it on any average user's system, and the program automatically finds the most common programs that need to be untrusted (internet browsers, chat clients etc). Rarely is there a pop-up/alert.

And the best part of the program, is that users can download files, and use the files while the system is still protected.

I'm a big fan of sandboxie, but found average users seem to always want to instantly recover a download, without scanning and checking the file first, or checking the source. Or they get tired of recovering downloads and switch to using an unsandboxed browser all the time. These users would better suit DefenseWall as they can keep on using downloaded files without any harm to their system.

True, if a user does want to install a program permanently, they have to run it as trusted. But more often than not, the average user has problems downloading small zip files for example, through peer to peer networks (limewire) etc.

And it's great that more advanced users can filter through files and registry tracks to delete files from their system permanently. This program is definitely 'set and forget'. More people (including myself) should be giving this program a go.

 

Oh I'm very happy about that. If I need something configured within my FF browser, I'll just disable the sandbox, update then it re-enables. RunSafer is protecting while sandboxie is disabled and Avira picks up the slack. It's a win win situation!

Ice

 

Didn't notice the sig. Someday Sandboxie will work with all x64 bit OS.

Ice

 

Sigh... Security is security. All these tests are probably not even reliable because all tests show different results. My friend is a Microsoft Certified Engineer and he says Microsoft Forefront and Symantec Endpoint Protection is more effective than Avira. =/

 

Are those new tests reliable? What about Remove-Malware or MalwareResearchGroup?

 

SEP 11 isn't really a comparable product. It has AV with a firewall and also proactive protection, whereas Avira is AV alone, or at best, the suite is AV with firewall. Avira with a good firewall and HIPS added might very well be more effective than SEP 11.

 

That's where I stopped reading.

Microsoft Certified eng saying Microsoft is better gee that's a totally independent view

 

I am not aware of MalwareResearchGroup and their practices so I will not comment.

With regard to Remove-Malware.com, I had a chat with Matt on one of the threads here. Its seems his test bed comprises of random population of malware on device outside the DMZ. So its not standardized, hence when ACME AV is tested there may be 2112 malware samples but when AJAX AV is tested there may be 1873. The exact specifics seem to be unknown, so its hard to compare performance of ACME & AJAX AV.

Matt believes that his machine is infected with over 1000 pieces of malware, but unlike other test/testers he doesn't maintain a list of malware in his machine.Hence at the end of the test, he is unable to accurately verify if all samples have been caught and removed. He only does some basic tests to check if everything has been removed like IE check, process check. But still nothing to see if all the malware debris has been removed and if any system files have been corrupted.

IMHO, Remove-Malware.com is an excellent hobbyist test with a lot of real-world samples. But its not standardized enough to be made the AV test bible.

 

Since when does MSCE gives you qualification for inside knowledge of anti-malware technology?

 

No, it wont. Read the SB forums. They delete any debate on 64bit versions. Sandboxie will die a slow and painful death come windows 7. I'm sure someone who cares will write something better.

 

Not, but from his personal experience on a company Windows 2000 network with industry strength endpoint protection and a strict LUA + SRP policy, Microsoft problably was sufficient

On a desktop running admin, behind a router. . . . I prefer Avira beta Proactive Simular to the MSCE friend I have no inside knowledge (no clue better said) on AV's, just looking at lowest amount of blacklist fingerprints in the data base and highest detection score on some AV tests.

 

Avira beta Proactive only for German speaking users?