AVLab-JULY 2013

I wonder how the samples used in the test set can be obtained. According to AMTSO principles for testing malware, tested samples must be provided to AV vendors for verification.

 

So there is not any execution of binaries ?

 

Yes, in test real-time we execute samples.

 

Yes, we execute samples in real-time test

It is not as easy as it seems. You can send executable files, but send a page that was used for the test and has already been removed? We are not any organization or professional laboratories. Everything costs.

 

OK so let's check it out...this is Comodo's score

in july (7/2013) :

real time 100%
malicious url (malicious code + phishing!): 9%

(100%+ 9%) / 2 = 54,5% = 55%



real time = execution of samples so 100% here ?

the 9% is because of the lack of webshield so basically none of phishing sites are blocked, maybe a few ones thanks to DNS as the score shows this, and final score is also normal since you want to gather to 2 tests ok...thank you for explanations

 

Forticlient did well as expected with blocking malicious URLs. Their Web Filter is one of the best in the market.

Seems like a small group of computer enthusiasts testing AVs versus random samples. I appreciate your work.

 

Do you think the final result and real-time malicious URL should be separately? Then the result for example of Comodo and EAM would be at the forefront.

 

Looks like it got a last place in URL blocking and number one place in real time protection. That's why it's score is 55%.

 

YES they should!!! I think it's unreasonable to give EAM which score so high in real time protection a total score of 55%.

 

definitely

 

Yes

 

Ok we'll work on that. We will add another test phishing and each individual will be certified avlab. Someone who is not familiar with the methodology or how to count the final results is amazed. So we change it in the near future.

 

Thank you for considering feedbacks

 

Great! Also English reports would be really, really nice. And testing methodology explained as through as possible.

Maybe your work will offer you some job opportunities in the future. And it will definately help evaluating differing results from different test labs - and reliability of results of the labs.

 

The methodology and present the results of our LabAV in English are to be done, but other tests such as performance, where a lot of the text will be more difficult.

 

Perhaps then the most important parts first in English as a shorter versions, and later the rest as a longer versions?

 

methodology will be translated.

 

@avlab: Welcome to Wilders Security Forums and thanks for the testing you've done.

 

Could you also test stand alone web filters?
- K9 Web Protection
- Norton DNS

 

Yes and no. We even tested dozens of programs, but it depends on the number of testers. Currently we can not afford to adding any programs. And if we will do something rather something, we will add known and popular programs. But I must admit that this is not a bad idea.

 

Thank you. K9 Web Protection is renowned as one of the best web filters out there on the market. And since you are testing AV modules it would be nice to know how stand alone modules compare. A lot of people in here tend to combine different programs to get a better protection. For example some people will combine MSE which doesn't have a web protection with K9. Being able to know how K9 compares to Fortinet or Bit Defender URL filter would tell us a lot.
Also if you like to gain more support and credibility in here you may want to create a Poll what antivirus or antimalware or web filers to test. Members in here really appreciate personal contact.

 

ok, I understand. You do the pools, but I can not promise that we immediately start to test.

 

This is what is appears to me to be the case. The products that scored the highest have "active" web shields that analyze behavior at the web site level. EIS just uses a "blacklist" of URL's I believe which is similar to the protection MBAM Pro provides. Comodo has zip web fliter protection hence the lowest score. I am a bit surprised at Avast's score given it's super aggressive web shield. Perhaps its realtime protection score was lower.

On the other hand, isolating just two protection features is not a comprehensive review in my opinion since many of the products that scored lower would have detected the malware on download. Now one could argue about how secure the lower scoring products are for online financial secuirty activities? Would like to see a test from this outfit with EIS set to banking mode and see what the web detection score is. Actually both Comodo and Emsisoft Anti-Malware were among less than a handfull of non-dedicated online banking products to pass Malware Research Group's last online banking test.

 

Definitely so.

Surely the most important thing is whether or not the product prevented a compromised system,far more so than if the site hosting the malware was blocked.

 

Definitely so.

Surely the most important thing is whether or not the product prevented a compromised system,far more so than if the site hosting the malware was blocked.

Having said that,keep up the good work,it's always of interest to see more testing.