Small scan test of Hitman pro and Prevx

If you separate Gdata into BD and Avast the formula is (1-p(detected))^6*1100=1100-1040 , and geometric average of AV detection rates is

38.41715%

P.S. As a scientist and physicist I often use order-of-magnitude estimations. They quickly show you the BIG picture.

P.P.S: The sample set is definitely big enough for this kind of analysis.

 

Well anyway, it would be interesting to see how the different products (scanners) actually performed. Is there some sort of log that can be generated and/or analyzed for determining the real numbers? That way Prevx can be compared to the other products as opposed to an average of several products.

 

I did not find such a possibility

 

I think another thing to point out, is the scan engine is Hitman Pro's own in-house scan engine, before any uploading of samples takes place. So the additional scanners play a part, but Hitman Pro's own scanning is getting the job done of seeking potentially malicious files.

For sheer speed and solid detection rates (and removal), awesome program.

 

IIRC I think I have seen brief differences between detection of Prevx in HMP vs. the stand alone Prevx program.

Also, I wish there was some way to generate a log in HMP of detections and by which scanner. If that's available please let me know.

In the past when I used Gdata I noticed nearly always had BitDefender alert when there was a potential malware found. I'm not sure if I ever seen Avast throw up an alert. That being said, I suspect that the BD engine scans first but most of the detection offered by the BD scanner covers whatever Avast has available. So it's difficult to determine how effective the Avast component is despite Avast being known as being a good product. I also believe Gdata has its own behavior monitor and I'm not sure if that's incorporated into HMP or not. But the average detection ability of 38.41715% doesn't really mean much besides being an average number representation. If BitDefender always pops up first in Gdata, Avast could have the exact same detection of BD or zero detection, which is more relevant than an average number. Also, I think if the average number was representative of real life detection then Avast would be popping up with an alert more often (those BD misses).

Saying that though, ako I do appreciate your work and info provided.

Just my 2 cents worth.

 

There was above a question of correlations. For real 0-day set these should not dominate, but of course they exist and could be strong (so real individual detection rates can be clearly higher)

Also, the different scanners perfrom differently.

---> The sample set must be 0-day, otherwise this "analysis" is completely useless. This is not 0-day sample anymore, so I will not continue.