Methodology of testing

That "someone else" is AV-TEST Institute from Germany

"The AV-TEST Institute is a leading international and independent service provider in the fields of IT security and anti-virus research. ...
.

 

There are some instances where a resident database will protect more than a cloud one.
What happens if malware kills your internet connection and then there is no cloud AV.in that situation you are relying on the resident database.
If the resident database does not serve some purpose in this respect then why have it installed at all.?
Maybe in time all AV,s will be cloud based and resident signatures will be a thing of the past.

 

He just fell into a pretty deep hole, and it hasn't got much of a bottom...

 

We can argue about this until the cows come home, but it will just be a damn waste of time. I'm done....

 

It's 1:30am here goodnight all

 

A very good night to you sir.its 1.36 am now lol.

 

Good answer here see video at bottom: https://www.wilderssecurity.com/showpost.php?p=2128621&postcount=1

TH

 

A valid test is one that measures what it is supposed to measure. If Webroot claims the test is not valid (or reliable) then why take part in it? I've read one poster claim that doing poorly in tests is some sort of genius marketing strategy but I don't think that explanation can be taken seriously. The product obviously satisfies many users in this forum so why try to muddy up the water and hope to be able to explain away bad test results? Just don't take part in tests that you know you will perform poorly in.

It's like the last Olympic trials...if some great distance runner wants to be tested in a sprint against Usain Bolt they will most likely lose, and look bad at the same time. And losing to Bolt does not automatically make a runner great at long distance. It just means they lost to Bolt. And probably lost by a long ways. So then does the distance runner start a crusade about how great the result would have been had his long distance time been measured? He can but nobody except his most ardent followers will listen. That's because the credibility of the runner is at issue for entering a race he knew he would perform poorly in.

 

Why would we do this? If the user is offline, the likelihood of them being infected is basically zero (especially because WSA scans on-write so even a previously downloaded file would have been scanned if they didn't run it).

Even if they are offline, WSA will be able to revert out any changes that are deemed malicious when they return back online. If you're really that worried about this scenario, you can change the Offline settings under Heuristics to warn when any new, untrusted code executes. That will instantly give you 100% protection when offline as it will block anything that isn't known good.

Showing warnings to users would make them think they're vulnerable when they aren't and for how unreliable my home network connection can be at times, it would certainly be irritating to the point of me uninstalling within a day (and yes, I only use WSA for protection and have it at the default settings even when offline).

 

Some files do not get detected until they are run. Would they also be detected when offline?

 

As already explained in several threads when offline WSA automatically increases the level of vigilance on the system and unless the threat is not blocked on the spot (due to its more or less agressive behaviour) it will be blocked as soon as online while the system will be re-imaged back to the pre infection state. All across this process (pre-infection, infection, post-infection), WSA identity shield/firewall will prevent any information leaking.

 

Great answer fax!

TH

 

Thanks!