2011-Q2 AV-TEST Product Review and Certification Report

108 samples - enough to make bitdefender look like it scores 100 "0 day" protection. My feelings from the last test AV-T did still stand, I'll wait for AV-C.

 

it is a mistery, eh?
Maybe he want to rejoin here at wilders

 

Some products just do better in some tests than in others, so I'm not hitting the panic button over Avira. Take Panda for example, it does better here than at MRG. http://malwareresearchgroup.com/malware-tests/flash-test-results/

 

I couldn't agree more. There is no doubt that Avira's performance hasn't been stellar lately, but AV's test results have to be gauged in the time span of a year or two, and by personal experience.

Vipre AV hasn't done well here, but was one of the best at MRG.

 

Truer words were never spoken.

 

Not my OS, nor do I care about protecting XP Mode.

 

I didn't see where they explained what tests were involved with "Average slow-down of the computer by the security software in daily use," but some of these scores are a little puzzling to me (lower is better), particularly in relation to each other.

I don't know in what universe NIS 2011/12 has less system impact than Avira, but it's not mine, and I don't even think it's close. NIS does a crapload of stuff, and it definitely has an impact on middle-aged computers.

MSE does as well, but I didn't think it was THAT much worse than NIS, though it surely has no excuses since relative to NIS it's hardly doing anything.

And finally, Eset, which seems to have the least impact of any in the report. I haven't tried a modern version of it to have an opinion on this, but v2.7 certainly is the lightest I've ever used. I don't recall seeing very many people saying that modern versions are still the lightest.

NIS: 106
MSE: 168
Avira: 124
Avast: 100
Eset: 72

 

Well done AVG & Panda What happened to Avira?

 

Their methodology for determining the "Protection Score" seems bizarre. Example:

PC Tools scores 97, 98, 100, 100, 93, 97, 98, 100, 99, 100 = protection score of 4.0

AVG scores: 95, 98, 100, 97, 99, 100, 99, 100, 100, 100 = protection score of 5.5

PC Tools scores better than AVG in protection against zero days, dynamic detection, slightly worse in the "scan my massive malware collection" test and almost identical (1% difference) in the Wildlist scan....but gets a measily 4.0 rating for protection.

Conclusion? The test conclusions are heavily biased towards the old fashioned approach of scanning a malware collection. Big thumbs down from me

 

Really a great improvement for panda. Very nice results. hope to see them hit 6.0 in protection

 

We don't even know the methodology, and between other things, they count the leftovers as a bypass although the pc is not infected

 

I've got to agree here (and I don't often agree with guest ) Very disappointing coming from an apparently professional testing organisation. I hope they make some improvements for the next tests.

 

Well according to Umesh, AV Test allowed a D+ alert, that's why it is 97%.
http://forums.comodo.com/news-annou...ications-test-results-reviews-t61263.225.html

 

This must be the beginning of something

 

Thanks for the link is quite interesting what Umesh says

Once you get alert, it's up to tester to decide if he will select allow or deny depending on contents of alert.
So if out of 35 you select Allow for 1, they perhaps count as failed case.

Is the standard to allow or block the alert is based on the mood of the tester?, some kind of mysterious, we never know.
Anyway for me the important is that D+ and the sandbox wasn't bypassed.

 

i tested Avira and ESET latest version under an Intel core 2 duo with 2 gb ram and then under a Pentium M with 512 RAM
High Disk I/O was noticed from Avira in the second machine

 

So essentially once the user clicks allow and gets himself infected then it is the user's fault. That is a pretty lame excuse from a Comodo employee i.e Umesh. However, that is exactly what is wrong with HIPS: "the user must make a decision" and that decision is based upon the user's knowledge.

And that is pretty scary.

Thanks.

 

Not really. Once you hit "allow" (in Comodo at least) your unknown program is still run sandboxed. You would then have to remove it from the sandbox and run it and THEN you would be infected.

 

?? What you said does not have any sense.
The HIPS are ok, what is wrong is you, if you don't know how to use an HIPS don't use it. (When I say "you" I mean anybody)
What is a pretty lame excuse is to say that the CIS failed. Would you pilot a plane without having any idea?

Yes ultra scary

Anyway I really don't care since we don't have any detail, maybe the malware left a no active file and they count it as a bypass, maybe the popup was about modify svhost.exe and he click allow... the beautiful of AV-TEST is that they can do whatever they want to make a product look like they want. No MD5 of the malware used...

 

Re Avira, the AV Comparatives Whole Product Dynamic tests show Avira as one of the top 3 during the period August-November 2010. Bit Defender was 12 out of 14.

Results from various test organizations vary a lot. I have the most confidence by far in AVC. If I use protection/detection rates as part of my criteria AVC is my authority.
I wonder how such differences in results occur if all the tests are genuine and professionally done.

Jerry

 

Yes what I said makes sense. HIPS is as powerful as the knowledgeable user and as weak as the average Joe who could not care less about dll injection, for example. As a matter of fact the average Joe does not even know what a dll injection is. Now how could you expect him to decide between allow or deny?

If Av-test has to do any real world testing starring the average Joe, well then the average Joe computer would be infected every single time with CIS or any other HIPS related products.

Thanks.

 

I only partly agree with you because CIS only partly relies on the user.

As I've already said, you have to explicitly tell CIS that the program is trusted otherwise NO MATTER WHAT it is run in a sandbox. Even if you allow the program to run... it's still crippled severely and will likely be unable to successfully infect a system.

On top of that, you have cloud heuristics on every untrusted application.

So, while a HIPS will ask a user "Do you want to run this? Do you want to block this?" and that security step can be bypassed by the user their are other measures in CIS to catch malware.


This is different from, say, UAC. UAC is a blatant "Yes or No" tool, either something gets admin or it doesn't. CIS is "Yes, but sandbox or No just block it entirely."

 

100% agree.

Melih Internet Security is for the geek or folks that think they are geek. I would argue that even a geek will get themselves infected with CIS. Because all it takes is ONE WRONG answer to those dialogs and you are done.

 

Give Microsoft some credit. It doesn't prompt you for 100% of all exes, just the ones that hit Microsoft's unpublished Heuristic.

 

Qakbot, as I've explained you can allow a program to run with CIS and you will still be protected via sandboxing/ a cloud-based heuristics scan of that file.

Not to mention that CIS actually includes an antivirus and is not only HIPS...


edit: As for UAC, it only prompts when applications ask for administrative access. The point is that it's black and white. Yes or no. CIS is not black and hwite. Even after you run an exe it is sandboxed AND scanned.