I'm testing AV products against zeroday malware

Those that are not interested can simply ignore the videos and this thread. Those that are will keep watching. Not sure why the flames are necessary.

 

Plus I posted this in General topics and it was moved here.. This wasn't the first place that I posted in..

 

I just tested for myself with NOD32 3.0 stuff that is fresh out on the net as of this morning, and i'm both surprised by and happy with the fact that NOD32's advanced heuristics are kicking some serious ***

NOD32 is no joke thats for sure, it doesn't catch everything, but it does a hell of a job.

 

I have close to 2,000 clients on NOD32, and it does great.. I have pushed out V4 on all the clients, and still use a mixture of 2 and 3 on servers.. I uploaded a file last night that G-Data missed (installer multi-paratite) and only 1 outta 41 detected it, and it was NOD32! .. I hope ESET is working on a behavior module for ESET kind of like a threatfire like module.

 

You know what guys? Threads and reactions like this are the reasons why more and more people that work in this business for years and have been fairly regular posters here in the past simply stopped posting. Because it's pointless having experts replying with their opinion and everyone else ignores them because they think a handful of malware gives you as much experience in that field as someone who deals full stream in daily basis with that topic for more than 10 years. You know we basically have better things to do than to try to convince people that some approaches are COMPLETELY wrong. Of course we're the black sheeps then because we "disturb" people that "volunteer" their time and "open other peoples eyes". So be it then. You want to do AV testing then acknowledge your faults and do it IN A PROFESSIONAL WAY. But don't simply reply "whatever, i worked in IT for years i know what i do". Because you don't. Otherwise you would know the difference between registry keys and files.

 

huh........your formula is much akin to mirzos....take 10 MDL urls and test.Malware threat is far deeper and wider then harvesting 10 urls from one site and pitting an av against them.

ummm...what is that 3.5 or 4 points that you give to av's in your reviews ?

 

Also have to remember that although NOD32 and the others are doing good with these, just think that, yes these are fresh links on the net today, but that doesn't mean the viruses attached to those links are newly created, all these viruses could be weeks or monthes old.

Eset's " probably a variant of " or " a variant of " means it was detected with advanced heuristics.... I think

 

I think, the main reason there are some "volunteers trying to open other people's eyes" is that people keep get infected with malicious software and viruses even with up to date top-PR'ed AV's.

And why are you so sure your eyes are not blind with all your experience because it's just one-side? I know many AV people got stuck with 90'th.

 

Same thing could be said about users with HIPS who don't know what they are doing.

Having a security software never was, and now more than ever, is not an excuse for ignorance.

Your city might have the world's best police force, or the top rated in your country, but that doesn't mean you should leave your doors unlocked and your money on the table.

 

I think the easy way for us to all get along is to just agree that if you disagree with a thread, just stay out of it and only participate in ones you can relate to. Simple enough and fair?

 

Sensible idea, but where's the fun in that?!

 

I like it, couldn't agree more. I'd also like to thank the OP for the videos, I find them interesting.

 

It stopped being fun two pages ago...

 

what is " the OP " ?

OP ?

 

All the AV companies are pleased to announce that they have scored Advanced+ in the AV Comparatives tests. Users blindly believe that AVs can really provide 98-99% detection rate, hence they get a false sense of security. They do not feel the need to adopt good security practices as they think that their AV is infallible, thus they inevitably get infected.

At least with these live testing users will understand that in real life no AV is perfect and that they should also be responsible for their security.

There are many critics being formulated at the OP many of which are justified but what alternatives do we have? AV Comparatives is only conducting On Demand tests ignoring the other components of the AVs like behaviour guards, HIPS etc and things like self protection and cleaning abilities.

So I find these videos very useful and ask the OP to continue and to improve the tests as far as possible.

Thanks.

 

Original Poster

 

....oh yeh, you're right. I'm with trjam then.

 

Respect your input, but not actually possible for others to stay out if it is their product being analyzed. They are pretty much brought to the table. Besides there seems to be lines being formed about this whole thing and it probably means there are some things to learn from both sides.

It actually reminds me of my fantasy baseball days and those arguing old school vs those arguing sabermetrics. I am old school all the way in that regard- I have to see something with my eyes to analyze it and feel confident about it. There are lots of stats on the other side and many smart people who swear by them. But I was at one time ranked the #1 fantasy baseball player in the world and my 10 team AL only league has been ranked the most difficult to play in the world. And lots of high calibre, new age guys come and go- some take titles, some take them from me. And I have learned from that.

 

the problem is, each time he uploads a video, depending on how it does, I then change the software on 3 computers.

when will it stop!

 

What you just said has proved those wrong who believe these videos will not change minds on what AV they use.

 

I think they were referring to "sound" minds.

 

Altogether, you still proved them wrong...

 

some may say right.

I mean when it comes to me, people like IC or Baz and some others, I listen to. This is there life and they know this stuff. To say otherwise is really unwise. Tests are all good but must be taken in the proper context and after rereading a lot here, Brad has openly stated his purpose numerous times. So there is good and bad in all this, but it is up to each of you to decide what belongs in which side.

 

Hey brad, you should really test DefenseWall, imo it's even better than Geswall.

 

I agree that they are knowledgeable, but that doesn't make them perfect. People make mistakes, and pride holds them back from excepting there wrong. Which later leads to arrogance.