New Virus Test by GEGA IT-Solutions (av-test.org)

FireFighter,

Like all scientific endevors, one study does not prove anything rather it presents its result which may or may not support a hypothisis. Perhaps you or someone else may choose to follow scientific doctrine and replicate a study exactly to test for both internal validity and external validity. When i say replicate i don't me do your own, or similar i mean exact product with exactly the same patches and virus defs on exactly the same files and computer rig. Many people try to use traditional scientific principles on such things, i view anti-virus as more of a social science where their are a sea of unidentified lurking variables effecting performances. thanks for the graphs.


P.S. I won't be happy til i see a regression model with a great PRE

Peace all and thanks for an interesting and informative thread!
Jonas

 

Hello Firefighter,

Thanks for your latest post (Reply #74 on: April 15, 2003, 02:49:00 PM) that actually presents really USEFUL test results statistics!! I mean that sincerely....

KDCDQ, Security Freak

"The truth is out there, but it is often difficult to find."

 

Interesting to me were the placings of eTrust and Sophos--eTrust for it's relatively strong showing in a "business use" environment as you mention, FF--and also Sophos' lackluster showing, relative to others, considering Sophos is *really* business oriented.

eTrust seems to be targeting the secondary and post-secondary school market, also, so their placement is noteworthy. I know a security guy who just rolled out eTrust in his high school SD, and is very happy with the product.

 

I am glad to see that perhaps McAfee has got it's act together. There are however some of us that will always have doubts about McAfee. The past performance of this company and it's products have been louzy. One test does not clear this doubt. It will take a long time before I will say McAfee is to be trusted with my virus protection.

Thanks (Danke)

Wildman

 

i think you mean your AVPE again

 

Isn't it surprising how many people use AVPE? Hey what a shock we don't pay for it either. Now how much did I pay for that no good McAfee?, and to think AVPE is said to be just as good as McAfee or Norton (Not my words alone either). Now why would anyone want free virus protection that is said to be just as good as McAfee or Norton?

Thanks (Danke)

Wildman

 

You can now quiet faith on mcafee, what in the past have happened is
not important, the present count, and at this moment mcafee is an excellent
AV.

 

Buyer beware!!

Thanks (Danke)

Wildman

 

Really? Have you tried uninstalling it?

Because of it's unpackers, I tried McAee Internet Security on a Win XP Pro Gateway (New)..
It ruined my regsitry when I tried to uninstall it , and I had to restore my computer from a clone I made just before I installed McAfee (Smart)

Good luck!

 

Apparently one more reason to flush McAfee! Told you it would be a long time before McAfee could be trusted. There are just to many horror stories about McAfee.

Thanks (Danke)

Wildman

 

And don't ask how many horror stories exists about AntiVirPE. Overall I don't like McAfee either but their virus scan engine is one of the best that is currently available and far ahead of the free product you always mention here.

wizard

 

Why do I read on other BB sites that AVPE is as good as McAfee or Norton? I would hope that a product one pays money for would work well. In the past McAfee has not been one of thoes products.

Wizard tell us what your hang up with AVPE is.

Thanks (Danke)

Wildman

 

Because the people who are telling you this often don't have a clue what they are talking about. McAfee for example has one of the most powerfull unpacking engines besides the famous Kaspersky one. Also McAfee has quite a good heuristic. Both important features are missing in AntiVirPE. And don't even ask if AntiVirPE is capable to deal to deal with highly complex polymorphic malware: McAfee and NAV are way ahead of AntiVirPE. But you will find all this details/examples if you dig into the mentioned tests.

Not intressted to repeat that discussion again with you. Just refer back to the last one and you will find plenty of examples why I think AntiVirPE is not a preferable av solution.

wizard

 

Everyone is entitled to use whichever AV they like. But, Bitdefender won best overall. End of story.
This means best detection, get it? It doesn't necessarily mean it runs well on my system, it sure does looks pretty, etc.
So many AV people get defensive if their own AV has poor results in a test, that they have to fall back on other aspects of their AV, completely ignoring cold hard facts right in front of their face.
Fine, start a new thread, and do an independant test on AV system resources or UI's. I look forward to it. Pictures not a must, but are appreciated.

P.S. Thanks to Technodrome and Firefighter for actually posting figures.

 

O.K. I'll admit I don't understand all the techinical stuff. Wizard why don't you tell us what you think a good virus protection program should do. Please tell us in simple terms, that all can understand. Also tell us what you think is the best pay protection program and what you think is the best free protection program. I am willing to listen, but please keep it simple.

Thanks (Danke)

Wildman

 

Theres no point asking that question really, you'll get different opinions from different people, best to just read the threads, read some impartial reviews and try out a program to see if works well for you.

 

For me the key features of an av software are:

- extremly high detection rate
- heuristics (to find unknown viruses)
- the ability to deal with highly complex virus types
- easy update function with small updates (don't want to download the whole program all the time again )
- unpacking engine (if the av program should be used as AT program as well)

Therefore I use KAV 4 as my main antivirus programs (with NOD32 as backup scanner). But sometimes you also have to consider other aspects as well. Especially if you don't have that much knowledge about computers. For example:

I had to find an antivirus program for my mother a few weeks ago. The only thing my mother knows about PC is how to switch it on and work with one or two applications. So for that I needed a program that has a more than average detection rate, is easy to use and easy to update. Of course the program should detect (packed) backdoor trojans as well because my mother only wanted to pay for one program.

I looked around on the market and I found AntiVirenKit (AVK). In Germany it can be bought at http://www.gdata.de. But as other threats in this subforum show there are distributors in other countries as well.

I said it often before at the moment I think none of the available free programs is really recommandable. But if somebody could not afford to buy a commercial products than the choice will be either F-Prot for DOS or AVAST.

Other good commercial products in my opinion are at the moment: KAV, F-Secure, RAV, DrWeb and NOD32.

Besides my views on av products you want to have also a look on http://www.wilders.org/anti_viruses.htm for some short reviews.

Hope that helps, if not let me exactly know what you don't understand.

wizard

 

Hello

Can someone tell me if where e-mail scanning falls in these tests?
IS it included in the results.
I would love to see the results of e-mail scanning included.
Again, a word about Mc afee. I have tried it many times over the years
and had system conflits everytime. Onced when I was trying it out
it took controler of all my EXE files. In other words, any EXE file
had to go through Mc Afee before being executed. I decided to see how the uninstall worked and after uninstalling Mc Afee, I lost all ability to use any EXE files at all. IF they have improved their program
a lot since then, I would give it a try again. To me , I don't care how many Viri a program finds if it also causes unacceptable system conflicts.
The last time I tried Mc Afee was less than a year ago and it was not a pretty site.
Maybe I will give it a try again just before I reformat.

Please post some E-MAIL only results

Thank You

 

Re:To everyone from Firefighter!

> Before someone says this test a fake, I have to clarify that the test was very well statistically controlled, and when it is so, there is no room to say that test biased.

ROFL

 

To Rodzilla from Firefighter!

Before you are dying to your laugh, I have to say that my kids have got an infection again. I have one infection in my floppy disk, that NOD32 couldn't find, but my F-Secure is too strong to be a fool.

It was a trojan JS.Deme. Yes a trojan, but TrojanHunter, PC DoorGuard and Trojan Remover couldn't find it. It is not very good when possibly only TDS 3 is the only AT that could find it. We all don't like that kind of uncomfortable programs!

Before that it was W32.SdDrop.3, what NOD32 couldn't detect, but now after 2 weeks of that infection, yes it could! F-secure detected that of course immediately!

There are somewhere a kind of things, that some may think that they are hype!

"The truth is out there, but it hurts!

Best Regards,
Firefighter!

 

It would be nice to send that JS.Deme to NOD so they can put it in their data base..but for some reason I am thinking your detection of it by F-secure is wacky especially on a floppy disk. If TDS did find it...they can keep it.

 

Never mind NOD32, if it's a trojan, it doesn't bother me.. But TrojanHunter, that is a letdown....

Would you happen to know if McAfee can detect it, if you know..and also AVK Pro?

In the meantime, I would send the sample to ESET. C'mon now Firefighter, be nice! LOL...

 

JS = scripting malware. But as far I am aware non of the mentioned is searching for JS scripting malware. They are more focused on backdoor-trojans only.

TDS-3 should not detect this kind of malware either. But for most types of JS-malware (known and unknown) there is a quit easy way for protection: Use a different browser than IE or start learning to configure the IE correctly. An infection with a JS-type of malware is most likely to happen if you visit not trustable sites without proper security settings in your browser.

BTW it was just hard for me to find some detailed information about JS.Deme. Did you spelled it right?

wizard

 

Quote from Firefighter:
>It was a trojan JS.Deme. Yes a trojan, but TrojanHunter, PC DoorGuard and Trojan Remover couldn't find it. It is not very good when possibly only TDS 3 is the only AT that could find it. We all don't like that kind of uncomfortable programs!<

FF i hope for you with this remark you did not mean to say TDS would be an uncomfortable program, would you?
It needs some experience with it to know the more advanced tools then the one or two button clicks for a full system scan and daily updates, but once you get used to it you know to be more in the drivers seat on your system then any other known product will bring or allow you, let alone av/at scanners.

Please be so kind as to send your sample of the infection to submit@diamondcs.com.au and they will tell if it is in the references maybe with another name or the code is detected anyway --which is very likely as lots of nasties use the same kind of code patterns.
Thank yuou very much FF, i would suggest you do d/l and install TDS yourself and evaluate the product. For your questions and instructions, like FanJ's very nice basic configuration plan with screenshots for new users you must certainly be able to try it for yourself in your own circumstances on your own system and make yourself comfortable with it.
Come over at the DCS forums and we'll be glad to help you with your questions over there.
I'm not hijacking this thread, so it's not appropriate to go into any further discussions and help with DCS / TDS in this thread.
I might open a thread for you or this part to continue this part of the discussion over there.
I wish you good experiences with TDS and a very clean and secure system in whatever way you want to take care of that.


Primrose, i think you mean "they can keep the sample" and you did not mean their product, did you? As i thought you are quite familiar with TDS yourself..?
I never mind if it is found with TDS or WG which is more special for scripts among others, as most users have them both installed anyway


Oh, i just realized a very suitable thread is there already, please be invited to join and learn!
http://www.wilderssecurity.com/showthread.php?t=8490;start=0#lastPost
See you there!

 

It was NOD's poor performance with archives and e-mail scanning/cleaning that turned me off it I'm afraid. While I'm an experienced PC user the other people that use this PC aren't and I'm afraid NOD just wasn't "automatic" enough. Great for experienced users though.

Trev