AV-Comparatives June (May 2007) Results (Retrospective / Proactive Tests)

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

Here is some info from the F-Secure site...

read more at the link below.
http://www.f-secure.com/f-secure/pressroom/protected/prot-3-2006/17-459-3669.shtml

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

No

Please take a look at www.av-comparatives.org

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

im surprised IBK hasnt come on and told us when we can all see these results and maybe some hints as to what is to be expected.

i know he is wondering around somewhere.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

tomorrow night.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

NOD32 the only one that got advanced+. And now we se Fortinet's true colors. Its heuristics are not that good after all. Only good for fps. I suspect many got bumped down because of false positives. Looks like every test released by av-comparatives will be mroe challenging from now on.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

Avast seems really going strong these days, first AV-Test.org test good results and now getting also Advanced in restrospective test.
And Avira AntiVir down from Advanced+ To Standard?

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

Avira msot likely went down because of false positives. And avast usually gets Advanced so its no surprise.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

To my surprise, symantec got an advanced this time.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

Maybe because of Sonar? Or is that not used in the test?

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

its not because of sonar.
yes, most got penalized due false positives.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

Without yet seeing the details let me just put this out.
If a program's heuristics that are tested here with old virus database signatures get penalized for false positives but by daily database signatures those FP's are removed, then one should not penalize too much.

Lets all remember also that on demand tests are what really test the AV and retrospective test is mainly for the heuristics or other generic detection methods rating.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

I think you are looking at this the wrong way. Just because others overemphasize the importance of these tests and overreact to changing results, it doesn't make the tests any less valuable, objectively speaking. People tend to read too much into the results of tests like these, by say exaggerating small differences between the performance of various AVs, but that doesn't mean the tests are not useful. One simply needs to take an appropriate approach to utilizing these tests. Namely, one should use these tests, particularly the trends that emerge within these tests, as a general guide to the effectiveness of various AVs. That being said, this should not be the only factor in determining the overall quality of an AV, or any security product for that matter. People should consider whether the program is user-friendly for them, if its compatible with their system and other programs, has an acceptable level of system intensiveness in terms of system resources used, has good customer support backing up the program, etc. Granted, people are going to place the importance of each of these factors differently, but the point is that detection rates shouldn't be your only concern. Lastly, the misuse of these tests by others doesn't objectively devalue the tests and shouldn't dissuade you from utilizing them to your advantage.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

I just skimmed the May report and it seems that AV-comparatives skews its scores heavily on false alarms. It gives an Advanced score to programs whose detection rates are much lower than that of Avira, which gets a Standard score.

Putting aside the false alarms, wouldn't one's computer be safer if a program has higher detection rates. Secondly, why is it not possible to determine the amount of definitions in some AV program signature files?

I think another question should be just how many people are employed by these AV vendors? I know Kaspersky has a site that actually lists who is on duty.

We know that McAfee and Symantec are probably the largest companies, although most of us agree that the programs are too CPU intensive. However, they remain the online bibles of virus and trojan definitions, and Symantec's site is indispensible for getting information on how to remove these things manually.

That said, how do we know if some of the other vendors basically employ two guys or gals who sit in their kitchens with a laptop, and upgrade the definition files? I'm not saying they can't do a great job, but one would like to know that these vendors have a bigger research team than a marketing staff.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

Because everyone counts definitions differently. One company may have a definition for every single variant of a malware. Another may have a single definition for large groups of the family.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

Actually, despite the false positives, I find it pretty amazing that avira detected 71%. I know it isn't always the best thing to detect packers as malicious and stuff, but I still don't really care too much about it and it works rather well if you ask me. They are continually improving the heuristics, and of course not everything will be perfect. However, I see that false positives were the death in the "ratings". Bitdfender is the same as well. But, I am the type that advocates kill now, check later. Coupled with the excellent definition detection of these two avs, I wouldn't mind them on my pc at all.

NOD as usual does well

All I have to say for symantec is very impressive (especially the no fp department)

I love the heuristic detection of the "other os" malware

I wonder who the "winner" will be again, I'll write it down on paper and see who it is in the end (not one of the people with too many false positives of course...)

Thanks for the tests, I appreciate the work.

Cheers,

Alphalutra1

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

@ IBK
there is one thing i'd like to know if it is possible. As your testing with the highest possible detection, where would avira antivir be placed with the standard settings.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

AntiVir had 18 false positives from a sample that contained also (new?) 20552 baddies and found 71% from them with heuristics/signatures that that are 3 months old. One has to think also how many times from since the program updates have been given too since that.

I know fp's can harm if just deleted intead quarantened. I always quarantene anything though. So in my opinion ratings are pretty strongly skewed.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

would score a good standard.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

I took a brief look at the results and I am noticing some changes in the document. I think this time the test is much more refined compared to before. I do have a few things to comment on:

It seems AVG was saved this time by the Ewido engine. I actually expected AVG to just get the bare minimum passing score (7%) but I see the score isn't too far from that anyway. The downside of this is the false positives made by AVG. The following FPs from AVG are all made by the Ewido engine:

Leaving the "classic" AVG engine with only 4 false detections:

I had to look at each false detection closely to identify whether it was made by AVG engine or Ewido engine. It is generally quite easy to identify AVG detections from Ewido ones, as AVG detections are usually preceded by "Trojan Horse <name>", "Potentially Unwanted program <name>, "Virus found <name>", etc. In the case of Ewido, the names are straightforward, i.e. "Trojan.DNSChanger.ik", "Adware.Chitika" etc.

So basically most of the FPs of AVG are being made by the Ewido engine. The Ewido team needs to work on this....

2) It seems the incidence of FPs has risen among most AV products is rising.

3) As expected, F-Secure scored better than Kaspersky but got penalized due to FPs.

4) Strangely enough, this time Dr.Web has not reported any "modification of <malwarename>" detections in the FP set this time.

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

Hi all,

Many thanks IBK and your team for this great work

MaB

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

all results and certifications are all as i expected.

there are no surprises here,

key contests:

F-secure vs Kaspersky
Fprot vs Drweb
Avira vs Nod32

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

Where are you finding this information? It is not on the AVC site, or do I not know where to look?
Sorry, it just came up.

Best,
Jerry

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

its where it usually is, on comparatives <> 2007 MAY

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

no direct link csj

 

Re: AV-Comparatives June Results (Retrospective / Proactive Tests)

ok thanks. so the false positives where also with low heuristik settings.

well antivir would no even allow 15 of these 18 files to be deleted.