AV-Comparatives Retrospective / Proactive Test May 2011 released!

Discussion in 'other anti-virus software' started by clayieee, May 25, 2011.

Thread Status:
Not open for further replies.
  1. Blues7

    Blues7 Registered Member

    Joined:
    May 11, 2009
    Posts:
    870
    Location:
    2500'
    :thumb: Well said. I couldn't agree more.
     
  2. m0unds

    m0unds Guest

    it tests a product's ability to leverage local (not in-the-cloud) heuristics and behavioral detection, etc. to identify & detect "unknown" malicious software, so while the conditions may not be "ideal", i think that's sort of the point. put the products in a bad place and see how they handle themselves without cloud-based file reputation, etc.
     
  3. Quitch

    Quitch Registered Member

    Joined:
    Apr 24, 2008
    Posts:
    94
    But to what end? As I said, exactly how often does the scenario arise where a file is first accessed offline? I imagine it's pretty rare and thus invalidates the scenario as particularly meaningful in a wider sense, and as cloud scanning becomes a larger part of products more and more vendors are going to withdraw from this test.
     
  4. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    Re: AV-Comparatives Retrospective/Proactive Test May 2011

    29 in AV-Test. The sample size is not enough meaningful for a reputable/good Dynamic testing!
    Please see the number cases in AV-C Dynamic testing, they are higher than 1000 samples! Around, 300 samples monthly

    It is not another rate, is the same rate for both On demand and Retrospective, as in February 2011

    I think AV-C would perform this tests for every main test in a 3 months period, not 6-monthly
     
    Last edited: May 26, 2011
  5. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    Looks like those vendors are not able to deal with the new AV-C´s approach of including the more prevalent samples :argh:
     
  6. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,440
    Location:
    U.S.A.
    Removed OT Posts. Let's keep it civil and on topic please. Thanks!
     
  7. WraithTDK

    WraithTDK Registered Member

    Joined:
    Nov 27, 2006
    Posts:
    21
    Location:
    Virginia
    I get not having the machine on the internet. When I'm fighting malware for a client, I do my best NOT to connect it to the internet untill I've done as much as humanly possible to kill the infection off-line. I've encountered some really nasty stuff that continuously attempts to re-download what you've removed, making it that much hard to kill. I start work in safe mode without a connection.
     
  8. jaodsvuda

    jaodsvuda Registered Member

    Joined:
    Feb 27, 2011
    Posts:
    161
    Wow,seems ESET is back on a track again (I´m not using it since v2.47).Is
    Eset´s online scanner worth checking out these days (wouldn´t mind "3rd opinion") ? o_O
     
  9. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    The ESET online scanner supports Opera so for that reason alone it works for me.

    In general though it seems to be performing better lately.
     
  10. jaodsvuda

    jaodsvuda Registered Member

    Joined:
    Feb 27, 2011
    Posts:
    161
    Thanks .
     
  11. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,440
    Location:
    U.S.A.
    Removed OT Posts. Should the bashing continue, this thread will be closed. Its future rests in your hands!
     
  12. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    AV-Comparatives Retrospective/Proactive Test May 2011

    Is it good for ESET and bad for AVIRA AntiVir?
     
  13. stratoc

    stratoc Guest

    Surprised me too, don't think I have ever has a false positive, and there are no other av's I can say that about.
     
  14. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    777
    What i like to know is, how can an antivirus company decide that it doesnt want to have their product tested ?
    The tester can decide for himself to test or not?
    Or is it so that the antivirus company needs to pay to have their product tested? I have heared that before is that true?
    And if so, does every company has to pay the same?
    And if so is it reliable to have those companies paying the testers?
    There is a saying " dogs don't bite the hand that feeds them"
    And can the sort of malware tested influence the results?
    Some companies might be better in detecting rootkits or Trojan downloaders or mass mail worms for example by testing more or less of those group ...
    And what about the impact of False Positives on test results.
    Is it worse to have 10 good files in quarantaine then 1000 malwares missed?
    And who decides this ?
    But my main question is, is av-comparatives completely independed of the av companies ?

    For the record , i don't know i am not giving an opinion on this , i just like to know ...
     
  15. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    I can answer these two.
    Many False Positives causes the product to move down one spot.
    Both are bad, but I think 1000 malware is worse. They can steal your data, before being detected. You can set up exclusions for FPs and report them to the vendor. You can also report malware to the vendor, but you'll have to find it first. Before that, irreplaceable damage may have been done. Lastly, 1000 is greater than 10.
     
  16. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    "Lastly, 1000 is greater than 10."
    Thank you for the clarification. It brought a tear to my eye.:D
     
  17. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    That list is small. Wouldve been great it it was bigger and I think that's the only way antivirus products should be tested. With unknown samples. They are always behind and that's where they other security features comes in and the all important false positives. Kaspersky use to have a good heuristic surprisingly they are falling behind. Its the third time they struggled.

    false positives is ok
    McAfee false-positive deletes critical svchost.exe causing system crashes and reboot loops
    http://isc.sans.org/diary.html?storyid=8656
    McAfee false-positive glitch on crucial system files fells PCs worldwide
    http://www.theregister.co.uk/2009/07/03/mcafee_false_positive_glitch/
    Symantec false positive on system files cripples thousands of Chinese PCs
    http://www.computerworld.com/s/arti...se_positive_cripples_thousands_of_Chinese_PCs
    Kaspersky False Positives Quarantine or Kill Windows Explorer in Windows Vista
    http://news.softpedia.com/news/Kasp...Windows-Explorer-in-Windows-Vista-74601.shtml
    AVG virus scanner removes critical Windows file and renders machines unbootable
    http://securityandthe.net/2008/11/10/avg-virus-scanner-removes-critical-windows-file/
    Malwarebytes Atapi.sys and Registry FalsePositives
    http://www.iishacks.com/index.php/2009/11/11/malwarebytes-atapisys-and-registry-false-positives/

    One false positive can mean there's no more data to protect.
     
    Last edited: Jun 15, 2011
  18. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,072
    Location:
    Texas
    http://www.amtso.org/amtso-members-respond.html


    http://www.amtso.org/
     
  19. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    AFAIK, AV-Comparatives requires companies to pay fees in order to be tested.
     
  20. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    The powersupply business use to be like this. You got paid to test their products plus you got to keep the products you tested. After a pc's burned and power supplies exploded and other scorched hardware certain sites got them self testing labs and put it thru torture. They get to keep the hardware or what's left of it but in the end there's Aah creditable review about how good the product are and if it will suite your needs or damage your system or data. Once money start changing hands then questions start to pop up. I'm not saying that sites will fall into the lure of money but can we trust anyone these days? The payment is for certification I think but then they need to do it like ecos consulting does it with the powersupply. Give out different badges according to a percentage detection rate or so. Then vendors can sell they're products according to the colour badge it got.
     
  21. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    One malware infection means your data and identity is owned by a malicious person, or public information.

    Data can be backed up as well.
     
  22. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    If a browser exploit beats my av it will beat your av. If a zero day beat my av it beats your av.

    Conclusion: Invest in a Air Gap Firewall - pull the plug. Then your safe. Unless you live in liverpool but that's another story.
     
  23. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Still not safe from removable devices unless you pull the computer's plug.
     
  24. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    I use dos 3.1 malware are incompatible with my machine.
     
  25. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    You mean new ones.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.