Dr.Web wouldn’t crack

Well if the malware is stopped getting loaded in the first place, how will it disable the AV?

Probably what you are trying to say is that if malware1 disables my AV, it opens the door for malware2 and malware3. But if malware1 is detected in the first place, the rest won't happen.

Sorry, I still think that detection by definition or heuristics, is more important than the hide of an AV.

 

I agree with you, It's always a plus to have something better then nothing. The only thing I don't agree on is how much focus is put on this one part of an AV. When it's the AV as a whole that should be looked at.

 

If malware is detected then yes it will be stopped before it can do anything. In that example self protection does not come into the equation.

The problem is that no AV detects everything because zero day threats will not be in any virus database and heuristics is not able to detect 100% of new threats. However, new threats that initially evade detection may still reveal themselves when they attempt to carry out malicious actions. To remain undetected these types of malware first have to disable the AV before they can install themselves on the system. If they can't disable the AV then they will be unable to do damage because as soon as the malware attempts to do something bad, such as injecting code into a trusted system module, it will most likely be detected by heuristics or behavioral analysis. If the malware is successful in disabling the AV then there is nothing that will detect the payload.

Both detection and self protection are important but no AV will ever give 100% protection from malware. Some form of HIPS as an extra layer is advisable but this is taking us into a different discussion

 

This was just one test focused on the self-protection part. There are other tests for other qualities. I don't understand what you are arguing against since I believe no one has claimed that self-protection is the most important, which would be ridiculous statement.

Sometimes I do have hard time to understand why people at Dr.Web do things how they do and why they focus on what ever they do. But then again, I've had 0 infections and 0 problems with malware during my 3 years with them. Should I complain or appreciate how they get things done?

 

Sorry, This one statement I made was not directed at Dr. Web it was directed in general. Reviewers and AV's like to tote on things like this. To much time spent looking at something that is more of a fail safe then anything.

My main problem with this test is how pointless it is to test something like this without looking at the whole AV or testing other aspects of the AV.

 

If there is need for testing av's as whole then there would be tons of things to test.

Detection against malware files, detection against active infections, pro-active/heuristic capabilities, scanning speed, engine capabilities(unpacking, decrypting..), cleaning, false positives, price, update frequencies, resource usage, other misc attributes, quality of support, virus lab reaction speed, .. and yadda yadda

Testers have to specify on something to make a proper test, otherwise it would be quite a bit of work. Then users have to gather those pieces and create the "complete image" of the AV.

.. Though I care more for user experiences and reputation among users, not laboratory testing.

 

Dr. Web flagged Prevx with 6 Trojan Horses, on my machine so it disabled it.

 

EP has a point.

 

Lots of hate in that pdf

I created a thread on dr.web forum to ask their opinion about this. Lets see if it gets deleted or if I get banned.

 

Exactly! And that is why an AV with good detection rate should be preferred over an AV with good self protection.

This is basically what risl mentioned earlier. But like I said, good detection is better than small chance of 0-day attacks targetting AV and then the OS.

I think whatever I wanted to say, I did. There is no need of repeating it unnecessarily. Detection by all means, is more important.

 

Ex employee of Dr.Web who has a personal vendetta?

 

Funnily enough I believe it's simpler than some presuppose, I think its more about truth.

 

criminal guy

 

Why do you have to choose? Is it not possible to have good self protection and good detection?

 

Dr.Web and SpiDiE – Final Stand

LoL

Time for a LoL

 

he gonna red, everyone ignores the clown. ROTFL.

 

The guy admits to having spent six months on his mission to try to crack Dr.Web self protection. It's flattering that he constantly singles out Dr.Web for special treatment but he obviously has some kind of problem and needs to get out more.

You posted some nice screen shots of Dr.Web DwShark which is still in development. It seems a very capable anti-rootkit.

https://www.wilderssecurity.com/showthread.php?t=259876

 

I think DrWeb self protection have the problem.

format_c you make me LOL

 

I'm very happy