AV-Comparatives Results - Nov 2007 Retrospective/ProActive Test

Anything can be bypassed when you attack them specifically. Generic attacks on global population usually yeld very very low results. But on the other side, i don't know anyone willing to hack PC by PC to create botnet or to steal your school project work or photos of your dog. Breaking into corporate network and stealing corporate (possibly classified) data is more of a concern imho...

 

Kind of like the little green men I don't see either.

 

It would be good if it would be so let us hope for.
Sometimes the illusion could be the better alternative related to peace of mind.
The more knowledge the more doubt and the rise of paranoia.

 

There's nothing inherently lazy regarding segmental quotation of a post. It may not reflect your intent, but it certainly reflects how I've read and responded to your posting, as well as the specific portions to which I've chosen to respond.

This is a patently ridiculous series of statements. No, the solution that you gave is not the ONLY way. Furthermore, stating that you believe that the average user needs to learn a vicious lesson to either get off their duff or give up computing is pathetic. There's no other word for it. Forced licensing? At this point in time, get real.

The programmer decides the scope of the virtualization. If you prefer to employ, as you term them, full virtualization solutions, then continue to do so. The lightweight partial virtualization solutions are no less real than a full virtualization. Yes, they are akin to sandboxes (there are some distinct differences), but the semantic hairs you choose to split miss the point - these are all various flavors of the same approach which differ only in the scope of the specific PC resources selected for virtualization and how one can manipulate that virtualized state. As for trying virtualization within virtualization, you're right - there's no point to it. However, if you've never even installed and tried a program, on what basis do you stand up and label it junkware? Some random anonymous commentary on the Internet? Yea, that's always a sound approach. Sheesh...

Regards,

Blue

 

I agree to 98%. But there remain some spooky 2% IMHO and I have seen some things that were really unreal.
Many things can be explained easily after gained a certain level of knowledge but some very strange
occurences let your mouth stay opened for a while.
Because of these 2% "unrealism" I dedicated a lot of time in forensic research and it is still incredible interesting.

 

Hi Jerry:

I understand where you are coming from. You feel safe since the tool has prevented a couple of viruses and maybe the scans have found nothing on your setup.

However, I have to say that these "results" do not allow any user to say they are not infected.

Why?

1) No tool catches 100% the AV-Comparatives shows that.
2) When the users AV finds nothing it means it found nothing but this is very different from proving you are uninfected. The AV may have missed a virus

Users can improve their confidence by have the best possible heuristic AV and detection rate AV's working for them.

You cannot safely have 2 AV at the same time, so your second opinion AV should NOT be real time but used on demand or use a web based scanner.

In my case just for the record I use Nod 32 v 2.7 as my real time AV and use KAV web based as my second opinion. But even with this combo I can never say I have no infection.

Sorry, but there it is.

 

Hi Escalader,

Thanks for the response.

My own thinking is that as long as there are no symptoms it is reasonable to believe that I don't have a disease. I am sure I do not have cancer of the eye because there are no symptoms, and I see well.
In other areas of the body it may take some time to discover a disease, but sooner or later it will show up.

As long as my computer has no symptoms, and I do not learn of anything that would make me think my computer has been taken over, then it is reasonable to conclude that I do not have an infection.

I guess to be even simpler, if it has no impact on me, I don't really care.

Regards,
Jerry

 

"There's nothing inherently lazy regarding segmental quotation of a post. It may not reflect your intent, but it certainly reflects how I've read and responded to your posting, as well as the specific portions to which I've chosen to respond."

You made my point perfectly. Obviously, you cannot/will not respond to my thoughts as a WHOLE. You pick out little bits and deliberately or inadvertantly distort everything by doing that. I know you have the intelluctual ability to repond properly.,.why not use that ability?

I did not read the rest of your choppy answer. I don't read the choppy posts and I see them cropping up everywhere now on the net...just another indication of the intellectual laziness of most posters and, in some cases, deliberate deceitfulness and attempts to mislead. It also emphasizes the growing painful reality that the illiterate rate is getting higher and higher and worse the fact that composition has become a lost art. Forums are not intended as Question and Answer period after a lengthy lecture.

Plus, forums like this one where the choppiness is greatly emphasized by the different colors used alternately makes it difficult to follow and almost impossible to speed read. At the very least, all text here should be black on white background. Stop the alternating colors and I could then speed read. It wouldn't solve the other problems but it would make it so that one could read quickly with high comprehension.

 

Wow what happened to this thread?
I thought the discussion was of the retro test not persons views of the security industry.

<OT> It is nice to see Kaspersky getting a great proactive rating to compliment the on demand performance.
As always Symantec with the very low false positive rating and people wonder why it is deployed in corporations.

 

Hello Blue,

Actually, I did read the whole thread. Maybe you looked in the logs & saw what I read whilst logged in - I read it while not logged in. I have no dispute with the "categorization" as you call it for detection rates, only the arbitrarily applied decision for False Positive levels.

I'm not disagreeing with the result, but with this statement on the results page:

The Audaciousness refers specifically to these arbitrarily drawn penalties, by the tester, for False Positives which have a pronounced effect on the Award, regardless of detection rates. IBK has stated that he won't change it - OK that's his decision, but to advise people to rely on it... No, I see that as audacious.

The figures speak in factual terms, not opinionated ones. How people interpret these figures is down to the individual, but I can't see it is a tester's place to influence these interpretations with his personal decisions about what level of false positives is good or bad by stating the above quote.

Cheers,

Steve

 

A quick trip to malware cleaning websites will show you the opposite. There are millons of PCs recruited by botmasters. The September update of the Windows Malicious Software Removal Tool removed about 200,000 infections of the Nuwar/Storm trojan, one fifth of the (estimated) botnet size

See what Avira's heuristic developer says:

There are two kinds of people: those who are safe surfers (knowing or not about security) and barely (if ever) get infected and/or receive alerts from their security software (if they have installed something) and those who get infected on a daily/weekly basis with/without security software.
At this time, there are no reliable numbers which would tell us how big each group is. And safe surfers are beginning to be targeted due to popular/big sites are being hacked (but there's no need to get in panic mode)

Were they infected mails or attempts to do a drive-by download (infection via the browser)? If they were mails, it shows that you're barely exposed to malware and can get by without an AV.
I need to try hard to get malware samples (and dismantle all the security software/strategy in the process). However, some friends and relatives are like magnets to rogue antispyware, Vundos and IM worms no matter the security software in place (AV, AS, firewall)

 

And obviously you cannot come up with any coherent, logical retort against Blue at all, other than nitpicking on how he destroys your ridiculous rantings one by one in an attempt to redirect attention from the fact that your absurd claims are being pointed out for what they are.

 

I still say thanks to IBK,a very good test,it makes people understand fp rate is as important as detection rate.I hope there will be more tests like this in the future. If some people only like detecion rates,I think av-test is their best choice.

 

I fear that this is the attitude of the users that makes botnet keepers happy. Because you don't see any obvious sideeffects, it is ok if your computer is infected? You don't care if your Windows serial number, your credit card number, your Paypal, Ebay or Amazon account is stolen? What if the active bot is used for denial of service attacks (e.g. for blackmailing), sending out spam or even worse, for trading child porn? The later happened to the UK CEO of Microsoft, if I remember the news correctly.

Actually I met quite some users who stated "I don't care if my computer is infected, as long I can surf, write my Word documents and play Solitare". Ok. Duh...

 

You spent too much time attempting to refute this person. You cannot argue with irrationality. If he thinks little green men control your computer...

 

I see the very same in the real world . Recently we had a lady whose computer had no AV and is badly infected with rootkits and tons of trojans cannot be easily remove . I explained her that she should not use her computer until we clean at least the obvious but she obviously doesn't care of what is going on until these malwares are playing at background . She doesn't want to format because "the she can still use the computer no matter it is slow" .

You are right , Stefan .

 

Believe it or not, I've heard the same from system admins in a medium-sized company (around 200 employees).

"If we remove the virus, our network doesn't work anymore, so we just leave it."

And I am _not_ kidding! Some people just don't give a flying **** about what they do to others, nor are they aware of the non-obvious effects it may have on themselves. Until their secret new product gets fabricated in china before they've reached production stage themselves, or their bank accounts are emptied. How far in the negative can your bank account go before your bank blocks it? Willing to take the chance?

 

Hi Jerry:

Hmmmm... building on your medical analogy the # 1 killer is High Blood pressure and it has no symptoms, that is why it is known as the silent killer.

Sorry, couldn't resist it!


Looking at your tool set I suspect your set up is fine for your needs.

 

HI Stefan,

On the contrary, such things as you mention would be obvious symptoms of a problem. So your argument is not logical.
I am just not paranoid, and do not accept that one can be infected and never know about it.

If I were that worried about the things you mention I would get rid of my computers. I could live without them. I believe I have good security including a router with NAT so I am not all that concerned.

Until I am hit with something other than a raindrop, I won't believe the sky is falling.

Regards,
Jerry

 

Hi Escalader,

That is the reason I have body "scans" every so often. It reveals such things.

Regards,
Jerry

 

Good one Jerry! Sometimes threads get tooooooo serious! It's not matters of the survival of civilization as we know it is it?

Get as much or as little security as you need and enjoy life!

I know some guys all they do behind a router is backup their user files, and load fresh from a clean C image each day and have zero tools... not my way but there it is. They could get infected but claim it doesn't matter since they can reformat from scratch if they do.

 

sorry Jerry, my friend, have to disagree with you on this one and feel Stefan is right.