Av-Comparatives: Retrospective/Proactive Comparative May 2010

... and besides, this test does not show the real level of detection/prevention of infection, as the files are not scanned by execution of file but as on-demand. The test is pure bollocks, which I have become to realize just until recently. AV-C's dymanic tests are however more realistic and gives a true image on how well an AV performs (given the test is conducted with a large amount of samples). AV-C's tests on system impacts are good as well. The rest, I couldn't care less for anymore.

Just my two cents, not that anyone cares.

 

no it doesn't it only gives an idea of how good it is at detecting current types of zero day threats,as you say things move fast and threats in a few weeks or even days may be of a type not detected by any of the heuristic/proactive modules of todays AV products,then what are we back to:-waiting for defs to be written or waiting for these modules to be updated to cope and even the best of these products still rely heavily on other aspects of the product to offer the bulk of its protection,don't think anybody would be happy with a 60 odd% detection rate,and I for one feel that NOD,just to name one,was a slightly better product before it started to rely so much on heuristic detection of threats,they(NOD) seem to become too confident in its ability,heuristically,and took their eye of the ball by not writting defs as quickly,and hence its OVERALL protection seemed to drop!

 

The quote by Catalin Cosoi is in reference to zero-day application vulnerabilities (such as PDF exploits). It does not imply, in my opinion, that "older malware is still the biggest threat for PC users."

To understand the context, the complete quote is:

 

Same here =/
Thought Avast would do better

 

One's experience is different to another's and having only my own experience on which to judge the relevance of any such artificial test, I can only say that during the last 10 years working in this alleged fast-moving IT world I have dealt with many malware-compromised machines but I have never actually seen, or heard about first hand, of a PC infected with a so-called zero-day threat, in the course of normal use (by that I mean not trying to get infected to see what happens). On the other hand, I've lost count of the number of times I've had to remove a virus, worm, trojan, that gained a foothold because there was no AV installed or the definition database was out of date.
I'm not saying that zero-day stuff isn't scary or important to consider but AVC don't claim that this really tests the ability of the the various products to protect your PC, and I tend to agree with them.

Anyway, for avast! users it is completely irrelevant because no on-demand scan is scheduled by default so we never run one.

 

Just a question from someone who doesnt know all the terminology or sites. When you say search on the darkside for malware then list malware domain lists,what are you referring to? Just trying to learn wht i can here. Thanks

 

Malwaredomainlist is a website...This is what all i can say !!

 

The malwaredomainlist or mdl which is more known here keeps the database of large number of infected domains and also have direct links to malwares

 

Enjoy infecting yourself with most dreaded Malwares...

 

Not for the meek or timid. Just make sure you have a backup or virtual machine running.

 

Yeah, i use both

 

Dont plan on visiting the site. as i said i am just asking to learn whats what. I may not be as tech savvy as you or anyone else but theres no need to talk down to me now is there? The way to learn is to ask questions to avoid negative consequences which is all I was doing. Thanks for the assumption though

 

Or Shadow Defender...

 

Not sure about zero-day, but most infections are caused by malware dropped in the wild in the last few days (or hours/minutes) - that's when they're most effective of-course, when AVs do not detect them, which is why that's the stage when its most likely to be distributed.

For each additional AV which starts detecting it, the less use the malware is, so its time for a new undetected malware to replace it - useful again ... no point wasting drive-by links on blocked files, as the infection rate will drop.

 

is it TrustProt or port because i have seen both as downloads on many sites?

 

Probably TrustPort.

 

http://news.softpedia.com/news/Micr...-Symantec-McAfee-AVG-BitDefender-144553.shtml

 

Excuse me, it's TrustPort...
http://www.trustport.com/en

 

wow MSE's did alright huh? I read what others have said here but never read the actual results from that test. So maybe I will just keep it and find something to run as a secondary. I have prevx with the online safety but have it shut off because i think i installed it wrong so I'm waiting on a reply. Thanks for the link

 

I know I am late but: Congrats Panda and Trustport for both getting the highest detection rates. MSE is impressive especially for detecting the same amount as Kaspersky. I kinda thought Trend would be higher, or atleast higher then Norman. I guess it shows the Norman labs are working hard still

 

Thanks. I hope you didnt think I was being sarcastic? I didnt read the list of results until just now and like i said there are actually both names out there as AV protection. I would think one is trustprot is a fake or knockoff though download sites all carry both. Thanks though for letting me know which was the real one. Funny when you read reviews of TrustPort from the users on C-Net and filehippo etc., they are really bad. It always seems to be the little engines that could that show these others up

 

Let's take Kaspersky for example:

-In the On-demand Comparative (February 2010),
Kaspersky was behind AVIRA, F-Secure, ESET, BitDefender, avast! Symantec, PC Tools etc.

-In the Retrospective/Proactive Test (May 2010),
Kaspersky was scored better than AVIRA, F-Secure, ESET, BitDefender, avast! Symantec, PC Tools etc.

So, what's the most important factor when evaluating AVs?

-Detection when dealing with Known Malware?
OR
-Detection when dealing with Unknown Malware?

 

I believe that the total program dynamic test is the best.
Regards,
Jerry

 

Its the combination of on-demand (signature based), retrospective (heuristics) and pro-active (dynamic tests on execution--> cloud based, HIPS, sandbox, etc...) that gives the overall effectiveness of an antivirus.

This is unfortunately rarely done in one single test because very labour intensive and time consuming. Single tests are simply not able to assess the real strenghts of a security package.

 

I'd the same thought but was too lazy to write that (but much longer) some minutes ago.

Then I'd also like to ask: does it matter if something is "known" or "unknown" once you get successfully infected by it? If the security product isn't capable of defending you from the threat in question it doesn't matter what it's classed as.