new av-comparatives nov-09

I have many FP when i scan my hd with Avira, some keygens and cracks that are 100% safe

 

How about uploading them to VT for analysis? I'd wager that Avira isn't the only one that is going to detect them as malware.

 

Don't cracks need some kind of malware in them to crack softwares. So if detected, are they considered as false positives?

 

I always do something like that:

1 Virus total
2 CIMA
3 If seems to be safe I execute the file with comodo in paranoid mode, and monitoring my hd and the registry keys. (AnVir and ProcessMonitor)
4 If nothing strange happens Its a FP
5 Them I scann my PC with AVIRA (i only use avira on demand), Malwarebytes and A2, and Its always clean.

PS: I dont use any AV on real time. I have the FP in a different partition than my OS, 5) is a on demand scan in my OS hd

 

If I have a gun in my pocket am I a killer?

 

So are they false positives or not?

 

Yes, I have like 6 or 7 FP, I guess that this files must have something suspicious but are not harmful. Anyway when I upload the files to VT not only avira says that is a bad file.

Anyway for me Avira is best, If avira detects more files of course is gona have more FP is something obvious I think that the penalty is excesive. Normally I dont give many importance to the FP if they are not excessive, avira has 21 FP's and the highest detection, is not that bad should be in the first position.
I preffer 21 FP and 70% of detection than 0 FP and 50%, what is worst have 21 FP or miss thousands of virus...?

 

Symantec is in deep trouble, their proactive defense is really going down, really need to improve.
Eset again, did very well.
Microsoft Security Essentials doing the best out of the FREE anti viruses.

 

How so? The AV-Comparative Proactive test from May 2009 shows about the same % for Symantec's proactive detection. If anything it has stayed the same.

 

I basically do the same thing, except I run Avira in realtime and use OPF. Never had an issue with this. Since I run Avira in realtime, I use the exception list on any nocd cracks that are FP's. VirusTotal will give you a better feel if the file is malicious or not.

Ice

 

32% (if i recall correctly) isn't good. Symantec's proactive detection rates matches with the unpopular AVs, which is not a good thing. And if the % is the same that means, over a period of 6 months, nothing has improved.

 

Um, how do you know those keygens, cracks are clean? Putting more trust on crack makers that your Antivirus vendor? Trust VT results? I have seen 0/41 for a malware and 32/41 for a safe file. I believe detections on cracks are somewhat justified since they do 'hack' something in order to do something, (some) include a hacktool and most are packed suspiciously.

I think Avira has a rule not to fix detections triggered by cracks?

 

Yep, this is why I dont only use VT. And I dont trust in the cracks like I dont trust in all the detections that an AV does.

 

Exactly, so it isn't really going down It's just not improving in the AV -Comparatives test. Also, I thought that Norton uses SONAR (Symantec Online Network for Advanced Response) for it's proactive detection. Could the test being preformed "offline" like IBK states on post 28 effect the proactive SONAR detection of Norton? I don't know honestly since I don't use it.

 

Yes, for individuals who disable all features of their anti-virus product other than signatures and heuristics and who are disconnected from the Internet, this test accurately reflects the performance of the anti-virus products examined. The problem, however, is that few (if any?) users meet this profile and actually configure their anti-virus product and use their PCs in the manner emulated by this test. Thus, it fails to shed light in a meaningful way on product differences in providing malware protection.

For purposes of this discussion, it is only the methodology of the anti-virus test done by Dennis Technology Lab that matters -- not the results.

Describing this AV-Comparatives test as “totally outdated and irrelevant” seems to be one of the most factual statements that has appeared in this thread, in my opinion.

 

It's only outdated and irrelevant to those people who have a problem with the results if their product of choice didn't do as well as they wanted. Every test has it's merits, and every test will have some flaws in it's methedology. Pick out the main information and use your minds to judge how relevant/accurate it is to you.

I just find it sad that each time an av-c test comes out wilders decends into a huge toddler squabble, with multiple people just shouting random insults/opinions at each other and not even trying to listen to any intelligent input. But I guess it's easier this way, isnt it..... everyones an expert.

 

Well I can also say that while I was evaluating Norton I wasn't infected by any malware like most of the members here are saying

 

Anyone that can click the signup button is a expert.

 

very true Baz!! very true!!
I said earlier and say again I have my own tests and I believe on my own results.

 

There are quite a few Symantec haters, but in the end everyone is entitled to their opinion. IMO it's no different than the Microsoft bashers.....etc.

Symantec 2010 products are the best yet, and I have a gut feeling that IBK's "real world" tests are going to reflect that as well. This is coming from someone who is running PCAV on their main workstations.

 

thumbs up for avira

over 70% detection , that pretty good, i wounder how much the new version beta would score

 

Probably the best post in this large thread ..

 

Looking through the archives for the proactive/retrospective tests something stood out to me. F-Secure has dramatically improved both their on-demand and their proactive protection. I've been testing/using FSAV 2010 for several months now and my first impression was "holy c**p" why so many processes? However, after using it and testing it, along with some research, it has become one of my current favorites. These test have a certain level of relevancy, even considering false positives, but when you look at the historical results for these products you get a fairly decent idea about the both the product and the company. We just have to be careful not to make more of the individual tests than necessary.

 

The critical distinguishing factor, however, is that the world of malware has changed immensely. Symantec reports, for example, that most malware strains are distributed to less than 20 users; and, it discovers 20,000-40,000 new threats per day.

Tests that mimic the old world order (when most malware was distributed to millions of users) by scanning samples with outdated signatures and with a disabled Internet connection just don’t seem to be pertinent anymore. The key issue isn’t that the methodology of this AV-Comparatives test is “wrong” -- the issue is that the problem it is attempting to address is no longer very germane.

 

Agreed, and the level of relevancy is about 15% in the case of some products at least. Because this tests only exercises 15% of the product's features. Thats what my peev is about.

Btw.. for the record, I dont like the PCWorld test either event though "my product" scored well. That was yet another irrelevant test.