prevx home page claims other AV's missed malware

If you could please elaborate and let us know exactly which files appear to be false positives, we'd be glad to fix them

EDIT: I've gone through each of the rootkits missed by Avira detected today and none of them are false positives . The only questionable one in my eyes by filename was NEATIMAGE.EXE but it is found by 33/37 on VT.

The fact is that we aren't trying to compare AV companies - we are just showing threats missed which is correctly represented by the charts and data. If you click "Explain this chart" on the homepage, you will see this clarification

 

Well, unless you explain yourself better, a lot of people are going to think you are referring to a company like Symantec when you make a statement like this...

Who were you referring to?

 

Sorry to say but you can only speak for you. People on this forum are smart enough to know most the tech behind there av's and what is really on top and what can use improvement.

My Examples
Eset, Avira, Kaspersky, Gdata, hell even Dr. Web (less Known) could run Circles around this but unfortunately for prevx In the cloud tech is really just that In the clouds. People really need to know whats behind the tech before they try to preach about it.

 

You Detect FP's then call them threats. Your testing is all based on you and your Internal tests. Hell I could wright a virus make a sig detect it then say the other av's of the world cant detect this. Better get mine now. God how flawed this concept is.

AV being active on the system. You don't even check to see if its out of date the AV could be a copy of NIS 2005 that has not been updated sense it was installed. your covering the facts to make your self look better.

Saying tests are flawed is a desperate act of a dieing company. Yes no test is 100% but by your own admission you use tests "Internally" to promote your own product. The only AV's that wont test to them or try to dumb them down, are ones that could not pass the test or simply would be bad marketing to be compared to other AV's

There is alot of talk about your charts your testing your statistics. Not one mention of anything out side your company if you come in here to promote something show something with some backing not a bunch of dumbed down text that shows nothing accept Your word on it.

This thread is a lost cause lol I wont be reposting here as My point has been made and its pointless to go in circles.

 

I think that is very clear that this chart isn't correct, in all aspects, and is just a bad way to do marketing...

Would be nice to have in that chart the number of false-positives of Prevx!

It is just not for me.

 

Every product produces FPs once in a while - many popular AVs have infamously produced FPs against explorer.exe, excel.exe, and other very popular system files The samples which we report and count are all found active on user's PCs.

It could, but the charts are made to show the threats found on users PCs that were protected by x AV. If a user is still using NIS 2005, they think they are still protected by it. Sure, the newest, shiniest product from every company may have better protection but isn't it in every companies best interest to protect their customers as well as possible? If NIS 2005 didn't work at all anymore, surely Symantec would discontinue it and automatically upgrade customers Otherwise, their customers would never pay for the subscription renewals, and subscription renewals is the primary way that AVs make money.

We are hardly dying, but conventional AV tests are flawed by concept. alexeck, the CEO of Sunbelt explains it very well in this post:

https://www.wilderssecurity.com/showpost.php?p=1477156&postcount=96

Older samples are trivial to detect but useless. We've looked at some samples from these "massive" tests in the past and checked in our database for the number of users that had seen the samples - unsurprisingly, a massive portion of them had only been seen by one user, the tester, and had never actually infected ANY user of Prevx. Should we spend resources detecting these archaic "threats" when we have enough data to deal with on a daily basis (upwards of 200 new samples every minute)?... I don't think so.

 

Thanks for providing examples this time. It's clear to me now that your use of terms like "big boys" and "company's with bigger budgets" should have tipped me off immediately that you were talking about those corporate giants, Dr.Web and G-Data.

 

.

The Avira rootkit statistics posted by Prevex on it's website are totally consistent with Independent Lab Testing.

The sad fact is that Avira apparently sux at removing active rootkits.

Here are results of two May 2008 anti-rootkit tests conducted and reported by AV-Test.org :

Avira had its struggles in removing active rootkits and malware being hidden by rootkits - -- it was only able to clean up seven out of thirty in each case

http://www.av-test.org/down/papers/2008-04_vb_rootkits.pdf

These results were also reported by Darkreading.com:

http://www.darkreading.com/security/management/showArticle.jhtml?articleID=211201080


On the other hand, Prevx's excellence at detecting and removing rootkits was displayed in the statistics of the PC Mag review mentioned earlier in this thread. (You may believe that PC Mag has its biases, but if you also believe it would post phony stats there is no point in discussing this.)

"For the current round of testing, I've broken out a separate rootkit score, drawn from both malware and keyloggers that use rootkit technology. Prevx tied with Webroot for detection again: both got 89 percent. Webroot scored 7.1 overall against rootkits, while Prevx scored 6.7. None of the rest scored as high."

http://www.pcmag.com/article2/0,2817,2346868,00.asp


.

 

If 1000 Prevx users use Symantec and 50 Prevx users use AVG, the missed results are in most cases going to be higher for symantec because of the more users, this is explained on the chart, which is why you cannot use it to compare AV v AV, only AV v Prevx, and even that you can't really do since you don't know what Prevx missed and AV didn't.

The Security Center tells you if an AV is out-of-date, Prevx already have code that finds what AV is in use via the Security Center but don't for checking if it's up-to-date, that's my only annoyance I have with Prevx at the moment.

 

We welcome these statistics from other vendors

The reasoning for this is that every AV is immediately outdated as soon as they update because new threats are constantly being released. It is in the best interest of the security company to keep their users updated (so that they will then renew their subscription which they wouldn't do if a threat got through) and the user should be made well aware if their signatures are outdated (and the product should manage the updating automatically and silently, as most do). Because of this, I think being updated is a non-issue (at least at the conceptual level If users of an antivirus product are not being kept up to date on a massive scale, then the AV company has some fundamental problem )

 

I'm sure If you provide Stefan with the samples he'll give it a spin. With the information you give on your website he can't do all that much, although I have to agree, a lot of the files look like FPs judging by their names.


What these stats of course do not take into account:
- Were the AVs on that system up to date?
- Were these systems actually _real_ systems or just testbeds by some 'enthusiasts' or even malware authors? I mean, ~5000 'infection scans' per day could easily be achieved just by enthusiasts, although i doubt all of them have PREVX installed
- Installation base of the AVs, and how many were _not_ infected according to PREVX.
- The numbers lose their complete meaning without the ability of putting them into a relative context...

With a sufficient user base, I'm pretty sure I could achieve similar results by implementing an idiotically simple AV that produces the same kind of 'additional protection' comparison...

I'm sure many people active in the anti-malware and malware-writing crowd have multiple AVs installed either on test machines, VMs etc... Did you check for multiple installations, virtual environments to -kind of- 'exclude' these, or at least whether they had their resident protection active?

There's lies, damn lies .... and statistics....

 

I'm really struggling to find which files you think are false positives I've checked each one of rootkit detections and NONE of them are false positives

Explained: https://www.wilderssecurity.com/showpost.php?p=1478552&postcount=35

We only look at active infections or infections hidden by rootkits (files active and running in memory or files registered in the registry which would cause it to run on bootup) so this would not be the case.

We aren't trying to test this - we are merely providing the data on threats which were missed, not the percentages or further interpretation of the data (as that is not relevant to the point we're trying to make).

No, you're just looking too deeply into them The numbers are not meant to be interpreted any further than they are displayed on the charts.

We only included data from our consumer product which finds threats in an on-demand scan which are active on the system and we only include data from AVs registered in the Security Center with protection Active.

To answer the title of this thread: "prevx home page claims other AV's missed malware" - yes we do, and they do. There really should be no further argument, we're just proving the point that other AVs miss malware by showing some of the raw data behind it. The average home user does not understand that the antivirus program they just bought for $50 will not block all viruses and we're working to clear up that misconception

 

Did I mention anything specific about rootkits? I mean throughout all categories.

 

Most of the posts previously have been about the rootkit chart, however, if you have any specific filenames which look like FPs, let me know and I can dig out the underlying data behind them.

 

Sorry, but i like to chew and taste before I swallow statistics Isn't this basically what I am saying? Yay, we've got some numbers! But once you start thinking about what this actually _means_ you end up with nothing useful. I think noone here wants to start a debate about whether any security software finds 100%, and that one solution might prove additional protection when added to another. All I mean to say is, that with the numbers provided (and especially those omitted), your marketing dept. is leaving out those bits that might shed some light into the state of affairs, and provide us enthusiast with something actually meaningful.

I am not debating the fact that PREVX probably provides additional protection to AV users, whichever product they chose. The extent and quality of this however cannot be judged with these numbers.
I believe that to be done on intent of course - no offense intended -, as basically the job of marketing is to sell the product.

Personally, I'd love to be able to put things into a context though, the statistics could be really interesting. Like this however I don't really find much use in them once you "look too deep".

 

I agree that these statistics would indeed be interesting... however, they are horribly flawed. Around 18 months ago we had these exact statistics on our charts (number of infections relative to the number of users) but we had yet another round of outrage towards them because everyone said we were fabricating the statistics.

The reason why we can't show the more detailed interpretation of the statistics is that most users find out about Prevx because they search for specific filenames on Google which they suspect are malicious because they think their computer is already infected. These results lead to Prevx pages which lead to our downloads and scans which result in infection counts logged against their active AV.

Therefore, the percentage of users which we find as infected is highly unrepresentative of the true population of users so publishing these statistics would be misleading (and would result in similar threads to this one )

 

Hello PrevxHelp,

a 'high risk worm' false positive

'launch winrar.exe' is a legitimate application included in winrar unpluged 3.8.0.1

Panagiotis

 

Sorry for being such a pain about this, but do you think that if the complete statistics are -in your words- 'misleading' and 'unrepresentative', a reduced subset of statistics somehow magically introduces meaning that was not present before?

Again, I am not doubting the benefit of an additional layer such as PREVX. Just trying to produce some food for thought for anyone trying to interpret the numbers provided

 

Fixed Thanks!

 

Whether you are right or wrong with your claims it is inappropriate from a vendor to create such a confrontational situation, particularly when it is coming from an in house statistical analyses.

I would suggest it is high time you join AV Comparatives and see how you fare according to their parameters. From my point of view you will never be a choice on my systems because of your marketing tactics and let me add it, plain arrogance.

 

Trying to interpret the data further makes them unrepresentative/misleading, however the statistics currently are not misleading - they say that X AV missed Y file, which is the extent of the data and the point we're trying to make.

However, trying to find what percent of users using X AV are infected is what is misleading because we don't have a true random sampling of users.

 

fix/review also those:
http://www.prevx.com/filenames/X777253225653453169-X1/DNDEBUG.DLL.html
http://www.prevx.com/filenames/X841033922331275891-X1/DNDEVENUM.DLL.html
http://www.prevx.com/filenames/X471968871526154503-X1/DNSCRAMBLE.DLL.html
http://www.prevx.com/filenames/1769194444768136373-X1/TMPGENCDVDAUTHOR3.EXE.html
etc.

if the point is just to "show that no AV detects 100%", just write in bold on your website: "No Anti-Virus product can protect against 100% of all malware. Neither Prevx can"
Beside that, some peoples may use Prevx on machines they know that are infected and want a second opinion. This introduces a further bias.

 

Thanks I've fixed these - the first three have only ever seen by one user, the last was a more popular FP.

Indeed, but we use the vendor information as a "portal" to then get more information about each file and we do feel that the point of "no product provides 100% protection" needs to be emphasized more than it is, especially with products being released that have the names "Total Security or "Total Protection". If a user is using Prevx as a second opinion, I would suspect that would bring truth to our point as the AV wouldn't have blocked/removed the files.

We have the text prominently displayed:

"Every day, popular security products are missing thousands of infections"

And we aren't excluding ourselves from this fault

 

actually my point is that in your stats there are indeed a lot of false alarms (i say a lot because by just looking at names and not at files, within few minutes severals can be seen); plz review/fix also those:
http://www.prevx.com/filenames/X366539983059780800-X1/WSPACK.DLL.html
http://www.prevx.com/filenames/X472743809247753697-X1/BDUTILS.DLL.html
http://www.prevx.com/filenames/X3260541718321045296-X1/BDCH.DLL.html
http://www.prevx.com/filenames/X1150491720540635385-X1/BDGUICTL.DLL.html
http://www.prevx.com/filenames/X3277012160878131244-X1/BDSUBWIZ.EXE.html
http://www.prevx.com/filenames/1264098127848573549-X1/BDSUBMIT.DLL.html
http://www.prevx.com/filenames/2542117181953297725-X1/PAV.EXE.html
http://www.prevx.com/filenames/739648604638159905-X1/MBAM-SETUP[n].EXE.html

 

I don't think these are FPs, all of them are found by quite a few products on VT and do indeed look malicious (many are KAVCop-related infections, some are file infectors):

http://www.prevx.com/filenames/X366539983059780800-X1/WSPACK.DLL.html - Found by 8/40

http://www.prevx.com/filenames/X472743809247753697-X1/BDUTILS.DLL.html - Found by 9/40

http://www.prevx.com/filenames/X3260541718321045296-X1/BDCH.DLL.html - Suspicious by 7/38

http://www.prevx.com/filenames/X1150491720540635385-X1/BDGUICTL.DLL.html - 11/40 on VT

http://www.prevx.com/filenames/X3277012160878131244-X1/BDSUBWIZ.EXE.html - 11/40 on VT

http://www.prevx.com/filenames/1264098127848573549-X1/BDSUBMIT.DLL.html - 8/40

http://www.prevx.com/filenames/2542117181953297725-X1/PAV.EXE.html - 26/40