Malware-Test Lab: Antivirus Comparison Report (February 26, 2007)

Good results for VBA32, ArcaVir and Ikarus. Really bad results for Comodo.
Why was VirusBuster dropped?

 

Of course feel free to put your faith and trust in that ehhhhh "test".
I don't have such positive thoughts about it, factually, i see it as The Ultimate Year 2007 Joke

Regards,

Smokey

 

The Comodo wolves are going to start howling now

 

See this thread for discussions about the test.

 

That means no one can verify your test result or you are afraid other people verify your test report (we are not afraid)....

 

AV-Comparatives tests are verified by the vendors.
Have a look in the methodology write up.

@IBK - You still use CRC??

 

If detection rate is not over 85%, would they send samples missed to these vendors without receiving any fees?

Are you sure the vendors can verify their test report?

As I knew, the vendors in AV community would often exchange the virus samples, right?

In our standpoint, if we cannot verify their test result, we don't think this test report is meaningful for us.

 

SHA1 values don't help you to evaluate the legitimacy of his results beyond looking whether he has multiple copies of the same file.

What he does is probably the only way to weed out a large number of broken samples, sending them to trusted corporations and people with a proven moral background and well founded knowledge about the subject for rechecking. It's simply too much work for a single person.

Again, a list of checksums proves nothing beyond "each file is unique". A broken sample is unique too in most cases.

If he took money for submission of the missed samples, he would lose all credibility in a blink. That would be a VERY stupid thing to do. No serious AV researcher would still want to be involved with him.

 

you want from me sha1 values in order that you can check the validity of YOUR files. You have to check your files by yourself. I do not want to get involved in your tests in any way.

 

Andreas,
If a vendor not included in the main test achieves 85 % overall detection, will it receive the missed samples? VBA32, ArcaVir and Ikarus are very close to reaching that mark.

 

yes, i think so. but very close is not the same as reaching.

 

Yes, if they work a little more, they will reach the minimum detection. So, in the next round of "Other AV test", they can receive missed samples.
Thanks for the feedback.

 

When is the next round of other AV tests?

 

maybe next year

 

Aw I think a couple wil be able to get 85% before that but o well.

 

I think eScan should be taken off next year as the detection rate is the same as kaspersky. If it scores the same then what is the point of testing it? I think it should be removed to make room for new blood.

 

i think f-secure should be removed it mainly gets the same detection rate as kaspersky because it uses the kav engine. but this time it got like 0.1 percent more detection with its other 4 engines. why don't f-secure just use kav?
why bloat a product with 4 extra engines that only account for less than 1 percent extra detection
lodore

 

yeah it doesnt make sense. the other engines just consume resources for almost no added detection. maybe they want to have pride in beating kaspersky even if it is by a fraction of a percentage point.

 

If we can get SHA1 or MD5 values of test samples, we can check to see if the samples used of other testing organization are the same as us INSTEAD of verifying validity of test samples. Also, we can check to see how old are samples used?

We (Malware-Test Lab) will continue to publish related infomation on web sites, so you can verify our test result, but other testing organizations perhaps decline to publish these infomation, why?

If you are familiar with quality assurance, one of the most important things is test result can or must be verified by other teams such as role play of developers and testers.

We are not afraid you challenge our test result, if you found we did make mistakes, please inform us, we can improve our test process at least.

 

And thank you for that position you take

 

Sorry, had to come out of my one month hiatus for this one.

What in the hell are you asking IBK to do, your job for you. He said he isnt going to have anything to do with this, so let it lie my friend. This is a real dead horse that keeps being beat more and more.

See ya in 29 days.

 

I find it funny that this band of jokers are still trying to put on a completely phony air of professionalism and respectability while trying to parlay with IBK. Being the charlatans that they are, they're still trying to claim that their opinions of IBK's testing procedures - a respected researcher whose work is recognized by the industry experts - even matter at all. In fact, I'd hazard a guess that they're thrilled simply just by having IBK pay them attention.

To sai7 or whatever you choose to call yourself, please quit the pretentious act of inviting people to tell you what your mistakes are so you can "improve" your test process. I think the experts have already said enough about the matter, and if your claims of wishing to improve hold any weight at all, you'd probably find very good advice right there, and since you're "not afraid" of being challenged, as you put it, then you should spend your time getting to work instead of making these poorly-disguised remarks.

Sorry if this sounds less than polite, but I believe it needs to be said.

 

Why are we wasting posting time on these guys?

There is no way we should even get involved in such a source.

IBK is not involved and won't get involved, that is the end of it.

 

On-demand detection is about the same, but proactive detection is quite different. Pegasus (Norman Sandbox) is detecting quite a bunch of samples. Better heuristics = less pop-ups from the behaviour blocker (DeepGuard).

 

norman sandbox is only one of those 4 engines.
the so called improved ad aware engine isnt doing much really.
the f-secure heuristics arent needed now they have norman sandbox
that cuts out two engines already.
kav+Norman would be fine and take out alot of those processes and bloat.
lodore