AV-Comparatives - File Detection Test - March 2013

My view is both parties are correct in their stand but not completely. File-Detection tests are very much important as highlighted by pcmag. You don't always have your internet switched on and what about those pc's which are already infected and do not have internet access?

At the same time the ideal situation would be to test in real-time, but that "real world" cannot be created to mirror every PC out there.

Which is why its part of a group of test, but symantec shouldn't have failed so badly with full internet access.

 

Bacuse it's one of the defense lines that could stop some malware but alone it's worthless. For cleaning Norton has the product Norton Power Eraser.

 

LOL.
One of the defense lines that could stop some malware = useful
Alone = useless

So would you care to explain more? So you are saying file detection is dependent on some other defense layers in order for it to work? Sounds bs to me. File scanning is File scanning, it alone can work without other modules.

 

Most of the antiviruses are using several different techniques to stop malware(signature, HIPS, BB, cloud etc.) it's like a team. So yes alone is useless, together are powerful.

 

Many people here @ Wilders including me, Narxis, etc are trying to tell you something, but do not get it or do not want to get it.
Of course file detection (on-demand scanning) is not useless but it is not useless only for specific cathegory action. It is useless alone only if you consider this defense as a protection measure standalone.

We are trying to say that this file detection result of Symantec might be correct for the file detection on-demand scanning cathegory. But AV-Comparatives and most other testing organizations do not take into account absolutely all protection lines each vendor has, thus certain tests gives false image of the vendor.
E.g. AVC tests only on-demand file scanning and one vendor gets low results, the other gets high. But this is false image - this makes bad image into vendors and it does not take into account all the vendor can offer in a real-time real-world scenario. Different people - different vendors - they have different protection strategies - some insist on heuristics, other insist on Cloud technologies, other on behaviour blockers, some other rely on the OS functions, etc. And only if you perform real-time real-world test, then we could be close to something real (semi-real). This on-demand test might be OK for itself but it produces false image (there are many many who get only the vendor name - % result and for them this is enough to change the AV program).

 

That's right. Hopefully he'll understand now...

 

LOL
so you guys are the ones who wants to tell me something? Please go back several pages and see whose faces was slapped over and over. I feel so amused why some ppl keep trying to sell their bs to other ppl. I suggest you guys learn some basics of antivirus and how it works then come back and talk. Otherwise you are just embarrassing yourselves.

 

Please upload your CV here and let's see how awesome and well trained you are Mr. LOL guy.

 

http://securitywatch.pcmag.com/secu...declares-on-demand-antivirus-tests-misleading

Scanning a static file, checking for detection and installing an anti-virus in a malware laden system, checking for detection (and removal), will give different results.

 

No, it was the proactive/retrospective tests that Symantec were absent in.

Unless it has changed, the Proactive Protection Test and the Phishing Test are optional. http://www.av-comparatives.org/forum/index.php?page=Thread&threadID=1060.

 

I have to LOL to this one.
Who I am does not matter, what matters is if what I said makes sense or not. I never said i am awesome, I just speak with fact and logic. That's all. Although I am not working in AV field, I have strong interest in computer security and over the years I accumulated a little knowledge and know-how regarding computer security and AV software. I try to avoid speak based on subjectivity, but rather objectivity and facts. I suggest we all discuss based on these.

 

I like better the last paragraph of his conclusions!

So, my dear 'security software vendor'.... If the hat fits, wear it!

 

Seems Symantec changed their blog post, previously the Dennis Technology Lab link pointed to a sponsored by Symantec test. Hmm

While I understand where the "product as a whole" arguments come from, I can't buy it completely because there are known and practical scenarios where the full product capabilities cannot be used. It's like saying that a country has a poor army, but a well-equipped navy and airforce; as a result of which it is able to successfully defend itself. But everyone knows that's not how it works, and that's why countries focus on building all three aspects of their defense (as well as things like intelligence, etc.)

(I know it's not a perfect analogy, but what I mean to say is that each layer can be bypassed and the rest should also be up to the task).

 

Most will agree I guess.

That's where lot of folks, me included disagree.
Going for the obvious car analogy, it has been pointed out before in this thread that testing only a car seat belt does not measure a vehicle complete safety package.
It does point out sucky seat belts.
Nobody is therefore questioning the brakes, electronic brakeforce distribution, emergency brake assist, tire monitoring, traction control, electronic stability control, etc. Just the seat belt.

 

"Like I said, it's pretty well documented that the reason Norton pulled out of AV-C's tests was because of this particular test. Supposedly, Norton asked that it be performed in a certain way that would show how their product reacts to and treats the malware sample, but it involved going to lengths that AV-C didn't do for other antivirus companies and that they did not wish to go for Norton, so Norton removed themselves from the testing, which was their right. Neither company was wrong with how they handled it and for their stance in this instance. But this recent "we're going to include them even though they've asked not to be included, haven't paid to be included, and...oh yeah, just happened to perform fairly poorly compared to the others'....does seem unethical to me."

I agree with what JRCATES have written, as quoted above.

If AV-C is an honorable test site they should include Norton in their real world test. And if Symantec is confident about the quality of their product they should allow it to be tested by any site.

IMHO when a time-tested & popular software like Norton AV is suddenly shown in bad light, the credibility of the testing site becomes questionable.

Time will tell who is right & who is wrong.

 

If a company like AV-C which doesn't have the security pedigree (who in that company is qualified to test security ) designs a test where the malware is NOT executed and hence doesn't exercise most of Norton's engines, Norton has every right NOT to participate in this bogus test.

The least AV-C can do on this on-demand test is to EXECUTE the samples that were missed by the static scanner, just like how his more astute competitor AV-Test is doing.

I really hope Norton doesn't succumb to this slander and waste their time optimizing for this bogus test, when they have perfectly good detection in SONAR and other technologies that can be showcased should the missed samples have been executed.

 

I think it is unfair and unwise to say AV-C does not have the security pedigree. They are closely associated with the University of Innsbruck and conduct research/work with computer science departments in some very good institute (check their website for the details). We can, at the very least, expect that everyone involved with this testing knows research methodology and scientific process. The tests may not show the real world scenario, but given the specific model prescribed, and within the bounds of AV-C's assumptions, I'd say the methodology is accurate.

Moreover; AV-C is just as much a member of AMTSO as Symantec and other vendors; surely the work of all these vendors is peer-reviewed....

 

Hey Baserk,

Yes, as said that this test might be correct - a.k.a. the seatbelt might really be faulty one but unfortunately there are really MANY people here at Wilders and in other places over the Internet (including some stupid magazines) that use the faulty seatbelt to say that the whole car is total rubbish. Have a look at some posts here at the forum - a single test of single measure is enough for them to completely put a vendor down. Check some magazines - because of misinterpretation some unexperiences people get false overall bad image just because of the single belt.

 

I have learned the basics of IT , security and antivirus long years ago. I am now in the Master level and when you reach the Master level of antivirus knowledge, please let me know - we can continue the discussion

 

1. It's not a bogus test. It is just one Norton did not do favorably in.
2. If you publicly sell a security product, you forfeit the right to exclude yourself from ANY test that anyone chooses to do.
3. Unless this test was deliberately faked to make any particular vendor look bad, then there is nothing to get worked up about.

I am not currently running Norton, but this is not the reason.I do hold a license and find it to be a light and stable product. My biggest gripe is their lack of 64 bit support. But this is just one test, and really isn't that big of a deal. Nobody needs to condemn or make any excuses for either side. If you like Norton run it without feeling the need to defend your choice. If not, then it didn't matter anyway.

 

Something must be rotting somewhere. Is it Symantec or is it AV-C? Or is it something else the forum members can't yet figure out?

 

Very reasonable.
My opinion is, if symantec wants to get things right, withdrawing from av-c is not the right thing to do. On the other hand, I hope av-c continues to test symantec in all other tests along with other vendors, for at least one complete cycle of all available tests, even symantec does not pay for it. This way, ppl can learn more about the full capability of symantec av. This is the best scenario for us members here.

 

Hi all,

Just a small, relatively unimportant matter of fact. The link you refer to above pointed not only to a sponsored test, but to a test sponsored by Symantec and run by AV Test! So it was nothing at all to do with Dennis Technology Labs

Andreas Marx and I requested that Symantec update the link and rename Dennis Labs to Dennis Technology Labs, which happened quite fast.

Simon

 

I prefer house/burglar analogy to car seat belt so this test is like AV-C saying - "Hey we tried the back door and found it unlocked! - A burglar could get in and nick all your stuff". Symantec are saying "ok, you found a back door unlocked, beacause our janitor isn't always punctual with his rounds in locking doors but look we have the following if a burglar tries to enter in that door: Motion detectors in all rooms linked to alarmed police response, 5 well trained Dobermann attack dogs roaming the house, panic room, 24hr monitored perimiter CCTV, living in armed guard etc etc etc".

Symantec are saying "ok you found a back door unlocked but if the burglar actually entered the house (ie executed file) that would activate response from another one of our protection modules therefore defeating the threat. But if the burglar never enters the house, the other defense modules cannot activate or be tested to see if they will respond." So to imply that Symantec has poor protection on the basis of an unlocked back door, does not give a fair representation of the overall security of the house or liklihood of a burglary attempt being successful or being defeated.

I get what Symantec are saying and i think reasonable enough.