AV Update Frequencies - Important?

ah ok, now i understand. Well, i was referring to what you said about heuristics coming close to signature detection etc. I am now not talking about KAV signature detection rates which are high, but i am quite sure that the 58% detected by 3-month old heuristics are more than some other AVs would today detect with updated signatures...

 

You got that right, especially the ones that flag valid window's files.lol!.

 

Now that is scary. I have high confidence in your expertise and judgement in that area, but am surprised that any AV is that bad. I do not doubt, just surprised.

Jerry

 

JerryM

Draw your own conclusions, and i'm not saying that these results are any better or worse than other tests because frankly 'i don't know', maybe IBK could comment, but have a look here.Would at least partly explain why some companies refused to particapate in IBK's latest tests.

http://www.virus.gr/english/fullxml/default.asp?id=72&mnu=72

Of the well known names- E-Trust and ZoneAlarm with VET Antivirus version performed very poorly.And at least this test's 1-2 finishers scored in the top 3 on IBK's test.

 

yeah, and also keep in mind that those are already some of the best products on the market, as they all detected at least 80% of our full test-set.
Some products that some users think to be good and are not included in our tests have very low detection rates, also under 50% or less, on the set of only e.g. ~8000 new files such low-rates scanners would be even much worser (even if they will claim that they would score high in detecting new samples and only score bad in detecting older samples - do not believe in marketing or some producers claims...). As you can imagine, such vendors will likely not allow us to test and show the results of their programs, so if a product is not included in our tests (whatever the reason is) it _could_ also sometimes be for example that the vendor does not want to get blamed due poor results of its product.

P.S.: VET engine would in my tests not score so bad like on the site. But probably not enough to 'standard'. E-Trust with InoculateIT engine would score quite, could be 'advanced', not sure. But the heads of CA are atm not interested in participating, even if many employes of CA would like to see their product tested.

 

BOY! Some, a few, AVs are real bad. I often wonder why one would choose an AV whose detection rate is 15% or more lower than some others. I realize that some do not run well on some systems.
However, I have not found that so prevalent that one cannot find a 90% detection rate, or at least in the high 80s.

I would expect the anti-trojan applications to score low at virus detection. Not that I know why precisely, but that is what I have observed in various tests. They do help in layering, and especially for those AVs who fall short because of trojan detection.

Thanks,
Jerry

 

I recently asked a person who worked in Best Buy what the best AV was. He replied that the geeks said that PC-Cillin was the best. I sometimes ask that to see how up to date they are.

I referred him to AV Comparatives, and since he could access the web we went there. It was an eye opener for him.

I do not have a quarrel if someone just wants to use a certain AV regardless of its detection rate. There are various reasons for that, but it is naive for them to claim it is the best when objective tests show that to be untrue.

Jerry

 

lets get back to topic

 

Once an hour, multiple times an hour, is just "marketing hype" in my opinion. I refuse to be sucked into believing this makes an antivirus better in terms of protection. To me, it's the quality of the update, not the quanity.

 

Well sometimes even quantity goes beyond every quality.
KAV and BitDefender are working pretty well on this one. It's very rare that you see KAV or BitDefender not being updated for more than 3 hours...

 

I, and I suspect the average user, have no idea as to the quality of the update. We just either trust an AV and its operation or we do not.

If there are as many new viruses each day as some say, then updating several times a day would seem to be wise. I am more comfortable with updating more than once a day, but that would not be the sole criterion for choosing one.

Jerry

 

The only problem there ronjor, is 'average joe blow' isn't as educated about the various security applications and 'layered approach' as the members here and most of the people posting in security forums with malware problems/infections are 'average joe blow'.So when topics like this are discussed, i'm taking into consideration everyone, not specifically the malware educated.

 

Now bigc, I hate to restoke the fire about NAV, but I have to side w/ tobacco on this issue as I know from personal experience. I had NAV (and for that matter McAfee and Trend), but switched to NOD32 when they all invariably failed me by letting malware penetrate. Symantec corporate is an excellent product, but NAV besides being system hungry does let "nasties" by. I have a friend w/ NAV and twice in the same wk., the same worm infected her pc. I have 2 other friends who swear by NAV and said their pcs were malware-free, so I "challenged" them to run KAV scanner and they both had win.trojandownloaders! My nephew had NAV on his laptop, but KAV scanner detected a trojan and he switched to NOD32. I think their updating process is desultory at best

 

I won't get into another Nav discussion over another I know someone that got infected story. I have used Nav probably 80% of the time for the last five years. and some before that and I have never had any malware get on my PC at anytime in any version of nav since it came on floppy disc's ( which I still have) Nav has as good a detection rate as anyone and I have never had a problem with updates either. All I can figure is that the people that seem to have problems with Nav are having a conflict with some software on their comp or they just flatly don't know how to set it up. The people that report having problems with Nav are in a very small minority. The majority of the millions of nav users are very satisfied with the way nav works. As am I. Thats all, I am through discussing the attributes of Nav. Oh and by the way the corporate version of Nav uses the same definitions and has the same detection as Nav home.

 

bigc

Fair. You've got to stick with what works for you. But come on, you've got to expect a certain amount of Norton-bashing on a heavily biased NOD/KAV forum!

 

Jerry M

I too have been known to "test" the "geek squad" personnel of both Circuit City and Best Buy by inquiring on what is the best AV. Sadly, they're like poor robots, programmed to spout the Big Three of NAV, McAfee, and Trend (not surprising since they have a vested interest in plugging their own store's products due to commission-based sales), never even having heard of NOD, KAV, BitDefender, or F-Secure. It's no small surprise that statistically they dominate the world AV market, not because they're better but because of marketing, geek squad misinformation, and the fact they come preinstalled OEM on many pcs.

 

KAV 2006 checks for updates every 5 minutes and it updates 12-20 times a day. I LIKE it set like this!! KAV's strength is in its signatures, not its heuristics, so I think it great that it can be set to check every 5 minutes and updates so many times a day. Setting KAV to check hourly is not a good idea because it only updated about once every 5 hours.

 

I don't understand your post. How frequently you set your version to check for updates has absolutely NOTHING to do with how often the company puts updates on the server. If you check every hour and they had issued 3 updates or 200 in the last hour you would still get all of the definitions, you would still be protected from the same nasties. It isn't like your copy would say "Oh well, I missed out on those updates" Additionally, think if every computer in the workd was set to check for updates every 5 mins, what a waste of bandwidth and cpu cycles.

 

No, it's not the same. If you check for updates every 5 minuts (kinda overkill but anyway) and every 60 minutes, thats a huge difference.

5 minutes interval check scenario
You just checked for update. Kaspersky Labs releases update 5 minutes later.
This means you'll have to wait 5 minutes till next update check.

60 minutes interval check scenario
You just checked for update. Kaspersky Labs releases update 5 minutes later.
This means you'll have to wait 55 minutes till next update check.

See the 50 minutes difference?

 

Yes, I get the math part. What I get from the Mele's post is a suggestion that when set to update every 5 mins there would be 12-20 updates a day, when set to hourly there would only be 4-5,suggesting that somehow you missed 8-15 updates meaning you would less protected which is not the case. Whether you got 1,4 or 200 updates in a day, you would still have the same definitions. As for the other math, the chances of getting hit by something that was just solely in the last defs update 5 mins ago are astronomical.

 

Well what would be the point of using defs if those missed would be just left out? Well they never are and never were. So i don't even know where you guys got that idea.

 

That is where I got the idea that is what Mele meant. I agree it doesn't make any sense and that's why I said I didn't understand her post. At the 12-20 times a day rate it would update about once an hour on average, so it should also be about the same rate when checking hourly, but according to the OP when set to hourly checking it would only update once every 5 hours or so on average. Get what I mean now? To me that implies Mele thinks some updates were missed.