What good is 80, 90, 95 percent.

We always talk about, proudly to, our antivirus product detecting this amounts. My question is, why do we not show as much importance to the remaining number, not detected. It would seem to me that would be even more important. I mean, nothing less then 100 is really nothing, isnt it.

 

very true, i would like to see test of crap left over

 

Strictly speaking; even if an AV only detects 5% in testing but your the threat you face is detected properly the end-user is still protected 100%

We think it's important that a particular AV is strong in your particular region. Not everybody might agree, but we see a huge difference of effectiveness of AV's in several regions of Russia. Cloud and behavior-based technologies can fill this gap however.

 

That is one instance. To me that doesnt equate to the reality of what is going on in the malware world. Cloud scanning is proving to be just as open to attack as standard scanning.

 

I don't really put a lot of faith in AV tests. If an AV keeps me infection free and has the bells and whistles I want, I'll use it even though it doesn't detect all of the test viruses (virii). That is why one should use a layered defense. Also, always keep a clean image offline just in case a 0day or polymorphed baddie sneaks through the multilayered defense so cleverly thought out by the knowledgeable user.

SourMilk out

 

Detection rates (percentages) are important and I pay attention to them.
That said, I also realize that it could very well be a zero-day threat or something in that 2% of the malware that an antivirus application which tests out at 98% detection rate doesn't detect that gets my computer infected.

With everything else being equal, a high detection rate only lowers the overall odds of becoming infected.
Factors such as fast and effective vendor response in the form of timely signature updates to new threats, the effectiveness of behavior detection technology, and user friendliness are equally important.
In order for any application to be useful, it needs to be used.
No one wants to deal with a buggy, overly intrusive, and/or heavyweight antivirus program that makes web surfing a PITA, so regardless of the numbers, it must also be easy to use.

 

I would agree, the most important thing you can do today, is keep a clean image ready to go. Very true. To me, layered provides nothing more then a tad bit detection but no real protection.

 

As for myself I never really pay attention to those figures. I tried, as everyone on this Forum, most of the well known AV on the market and the last time I was infected was in 1996!

So, 80% or 99.9% does not really matter.

 

Mm detection rates are a funny thing and your right about the remaining. Malware that is detected by an av now may just be made undetectable again by repacking.

 

I don't care about percentage I care about how well it protects me.

For my family's machine I would want a AV with higher detection rates but for me any AV will do.

 

Percentages of detections or non detections are useful only for two reasons:
1. Compare AVs
2. Have an approximate idea about a company's abilities.

In any case...use multi layer security to make that 20% even smaller...really smaller. An AV is a piece of our security arsenal...not the only or the main.

 

I use the layered theme .

 

Since I am not too bright in this area, I continue to place importance in the percentages of detections. Protection is very important, and the ability to detect, and hopefully block, a threat would seem at first glance to be some measure of protection from threats.

It is a sure thing that no program can be 100%, but it it lets 20% infect me because the AV did not detect the threat that is a worse situation than if only 5% could get through.

So why is detection rate not important? Is the protection provided by an application that scores 50% as good as one that scores 90% on an average basis? Of course if a particular virus infects you it is 0% detection for that. However, the chances of that are not too great, and the probability varies with the detection rate.

When we go somewhere we are subject to accident or violence. But by using sound judgment, and awareness I can reduce the liklihood by a large amount. The fact that some small percentage of folks get mugged in a certain area does not mean that it is unimportant where they take place. But the fact that I do not have a 100% chance of safety when I go out does not mean that the greater the percentage of safety is not important.

Maybe I am not understanding the discussion.

Regards,
Jerry

 

In a "layered" defense, antivirus plays an important role but is not as effective as the "layered" defense as a whole. Other security apps must also be considered.

Example: Virtualization (Shadow Defender, Sandboxie, Geswall, DefenseWall, and others) are a potent weapon against stumbled upon malware.

Firewalls with HIPS "Host Intrusion Protection System" (Online Armor, PrivateFirewall, Comodo, and others) can keep your system from becoming a bot infested malware spreader.

Behavior blockers (Threatfire, Mamutu, Sonar [found in Norton ware], and others) can stop malware from infecting system files (mainly 32 bit) and other apps from further infection.

Clean Up/Highly sensative scanners (MalwareBytes Antimalware, Hitman Pro, A Squared, and others) can help defend against spyware, trojans, and the like.

All in all, an antivirus is a good tool but some would rather have a box filled with tools.

(I don't know why this thing is double spacing )

SourMilk out

 

If you use only your AV as your protection then you put in danger your safety at a higher percent than the 20% (or x%) of the undetectable malware by your AV.

Multi-layered security provides the safety a home user really needs. Having recent images of your OS partition, sandboxing your browsing sessions, using a software like shadow defender for your "dark" tasks etc. provide the security we need and make that 20% ( or any other % ) less important.

Sure, check the percents (like I said in my previous post) in order to pick the strongest AV. And ofcourse, the highest % of detections an AV has the better is, but never count only on an AV for a secure setup. If you give too much importance to an AV's detection rates then you have wrong ideas and strategy about pc security.

 

Is it true that if your AV is only 80% your computer double spaces?
From my signature it can be seen that I layer, but I would like the best I can determine for each layer.

Regards,
Jerry

 

@Jerry

I found out why it's double spaced. The little box for replies isn't as long as the replies in the thread. What may be single space in the reply box can be double space on the thread when the reply author separates the shorter sentences (or paragraphs) with a double space. Short answer, I did the double spacing LOL.

 

The point is that tests are tests but the real World capability of an AV is far more important.For the end user numbers of detections and percentages are largely irrelevant,what matters is if the AV blocks the real threats they're actually encountering.A product may score 99% on a test,but if the 1% it's missing are the most prevalent,current malware then that figure is meaningless to them.

 

But isnt a back-up plan,such as, in the best of cases,a rollback,or reimage via something like Macrium ,or Paragon,
or in my case just the DVDs of my important files,really just another layer?

Layers do not need be limited to blacklisters,Behavior Blockers,HIPS,or even Sandbox's and light Virtualizatin.

Nor do they need to contain "one of each"

I still bet on layers.

 

Your AV and PC security is only as smart as the user so any detection is irrelevant if the user doesnt know what to do with the popups.

 

It is in fact more important. Who wants to be a victim of statistical probabilities...

But the funny thing is, if you think about how to fill the gap, you may easily end up without AV.
If you manage the matter to protect a system against threats an AV does not detect, it will most likely be also protected against the threats an AV detects.

There is more than enough software around to fill the gap or even makes AVs redundant.
Only drawback may be... no more posting in AV threads.

There is only one thing which would make me use an AV again.
If I could always get the signatures at least one month in advance.
I think then the remaining number would be significant smaller.

Cheers

 

detection rates are just numbers and the AV-test are only an indicator of how a particular AV fared in a particular period against a sample of viruses....no matter how big the sampling pool is...

The remaining 5 or 10% is filled by a users good surfing habit,frequent backups,system scans etc...

In the end i will say its just an indicator and anyhow who gets bombarded by all the sample viruses anyway?

 

80 percent is more ok for people on Wilders than in the real world.My son could get loads of virus using the same antivirus as me because of the links he clicks and lack of knowledge.Yesterday most of his mates got a virus from a link using Messenger that was meant to take you to a utube video ,now with teaching him about security he was ok

 

The danger witht the above is that you have so many security apps running that you slow your PC down to a crawl.

 

You can slow it down to the same speed as an infected pc.