AV Tests

Yeah, the more I think about this, you are right. I am going to rethink and possibly just test the AV portion to see how it does, with the obvious disclaimer that D+ is turned off. It would be interesting to see if their AV has gotten any better over time.

 

hello igster . keep it simple - i think the tests are fine as they are. do a simple thing which has a straightforward relevance to something that is actually going on - i.e. an innocent user clicking on something nasty . i think we have enough scientific tests and they are all variable and open to criticism so please carry on as you are . i use VIPRE - any time you can give it a whirl straight out of the box i would be interested in the results . many thanks and keep it up . madpete edit -SORRY - just saw you already did. apologies . cheers .

 

Are you going to test V3 Comodo or V4 Beta?

 

Don't know...thoughts folks? Is the beta easily accessible?

As well, I can test the current Trend Micro Antivirus or the Trend Micro Titanium (Beta). Someone was kind enough to give me the ability to do so (test the beta), so not sure which one folks would want on here as well for TM. Again, thoughts folks?

Currently on tap for Saturday night tests I have:

TM Beta (maybe?)
MSE
Avast Free
Dr. Web
Comodo (maybe Beta?)
Nod32

 

Well I guess Comodo V4 is technically a RC but you can get a link on the forum. The real test I want to see is a test of full security suites, that's where Comodo's strength is anyway.

 

Forum here or their forum?

Edit: Found a link searching elsewhere. Is the latest beta v 4.0.129536.679?

 

http://forums.comodo.com/beta-corne...ecurity-40132838716-rc-released-t51706.0.html

 

From the forums it seems that the AV in Comodo 4 is better than 3, but don't spend your whole weekend fighting with installers, which ever gives you the easiest setup, 3.14 is fairly simple, but you'll still have a 92mb update after you install with either one as far as I know.

 

Add BluePoint, very interesting.

 

Vipre v4 will be launched tomorrow. Would be interesting to see how it performs, because there isnt much tests of Vipre out there....

 

Well, I couldn't log into the forum as I'm not a member and I really don't feel like signing up, so maybe I can just try the beta I downloaded.

But, are you saying if I download and install the current version it will update to the beta automatically? Just trying to get a handle on what you are saying here.

I downloaded Blue Point and will look at it. Also, I'll try to remember about Viper 4 tomorrow as well. Man, going to be a busy Saturday night...

 

Hi Igster!

How about a-squared Anti-Malware 5.0 Beta?

Thanks!

 

Still would like A-Squared tested.

PS&Off topic,Terry O'Quinn avatar a GREAT improvement!!

 

Sorry Igster didn't mean to confuse this issue, nope it won't update to comodo 4 but it does have a 92mb update on the virus definitions on either version after the install, and the updater on 3.14 sticks at 30 percent showing for the whole download but it does shut off and ask for a reboot when done, the newer version is suppose to have fixed that so they say.

 

I'm more or less neutral on the tests. My own belief is that the direct return of information is disappointing, but they can be useful in framing other discussions since they reinforce in a visible fashion that no product is perfect all the time when faced with a fluid landscape. Certainly, some are better than others. However, there are secondary factors, some mentioned above, that can be germane in specific instances (for example - focusing on a geographic region in which the product is well represented), particularly for small sample sets.

That said, what are the global take away messages thus far? My own:

• AV's, or blacklists in general, are imperfect. The degree of imperfection is time dependent.
• Ultimately, end users do use the malware identification guidance of an AV (as either an installed product or net-based multiscanner) as their final assessment of whether or not a specific file/link is malicious.
• Obviously, the first two points are in tension and this tension is one of the reasons I simply don't see AV's being supplanted for most Windows users in the near term. There are certainly a lot of qualifiers around this, but save for a fundamental shift in the way in which content is served, they are here to stay. I specified Windows since I don't use an AV in the Linux and OS-X systems I use, nor do I really see a need at the moment.
• Given the results, is anyone rethinking the merits of policy/permission based approaches such as the use of limited user accounts (LUA) over running as an Admin of the system all the time or the use of software restriction policies (SRP)? Yes, there's a bit of a hit with respect to convenience, but it's also inconvenient dealing with a malware infection.
• Virtualization and/or sandboxing. Again, taken at face value, the results imply that a miscue by a specific product is more a question of when than if. Given that, does rendering the user environment isolated and/or disposable seem to carry more merit now?

By way of disclaimer, my personal opinion is that while most users really do need the expert advice afforded by a typical AV product, technologies such as LUA/SRP/virtualization/sandboxing remain underutilized as a standard approach with LUA being very suitable for the masses (aside from the legacy issues of MS not making this the default account type from the start and not enforcing the ethic for user programs) and SRP/virtualization/sandboxing being targeted towards more advanced users.

Blue

 

Why is it nessesary to alow the malware to be downloaded and then scanned with realtime scanner? The Web Sheild did exactly what it is supposed to do and block malware from getting to the hard drive.

 

I did try the current edition of A-Squared at one point but could not get it to stay loaded in the system tray. It would load and then disappear. Not sure what the issue was. Is it easy to get my hands on the beta? Do I have to sign up for something or provide all sort of information? If it's easy to grab the install and demo it, I will give it a try again.

 

In order to use the beta, you have to install the current stable and then go to Updater settings under the Update now button and select: Install beta updates.

If a-squared disappears from the tray could be an incompatibility with some other software...or...although I don't believe it...could be an active infection that prevents it from loading properly. The current version is stable and have never had problems on 3 PCs. I don't know if you have the time, but you could ask on their forums or just not test it.

 

Read my post again in its context.

 

I'll try to fit it in. It did though remove itself from the tray with no other security software running when I tried it. It was very strange.

 

Did you use Windows Task Manager to see if A-squared was running? (Sometimes a program will run just fine, but fail to place its icon in the system tray. If so, there is *usually* a way to fix that problem.)

 

No, it was not running. The icon appeared in the system tray few about 30 seconds and then was gone. I tried reinstalling and no change.

 

Can u test F-PROT pls?

 

Hi TheIgster,

I assume that you want to test the product the way an average user would use it, so with Comodo if you test it with D+ turned on and you block all requests, this would not be representative of the average users choice as we are not sure they will react this way.

On the other hand, if you disable D+, this also would not give a true picture of the strength of Comodo as some people are able to understand some D+ alerts and block malicious activities.

In my opinion, you should test it with D+ turned on. But block only alerts which clearly say malware detected, and allow other types of alerts. I think if a user sees an alert saying possible malware, he must understand to click block!

What do you think?

Thanks

 

Defence+ never says clearly that a malware is detected. It,s not even supposed to say this.

You need to undersatnd the classical HIPS like Defence+. Such a HIPS will detect almost 100 % of viruses as it intercepts so many actions. At the same time, if you run a legit application, it will again intercept almost 100% of its actions as well. So what is difference between these two interceptions?-- none at all except USER itself who answers the pop ups. If he is knowledgeable, he can answer them wisely.