AV-Comparatives - File Detection Test - March 2013

nice analogy silverfox99
i will keep using norton for the time being because i find it very comfortable.
i changed smart defenitions to full, and disabled the automatic firewall so i can decide about programs connections & behaviour too.

 

I like this analogy A LOT. I think I'm going to use it A LOT. The SilverFox Analogy.

 

Right Silverfox99 - You are very lucid.

Now is it by any chance possible that AV-C is just emphasising that this backdoor is open for reasons known only to themselves or for reasons that should not be discussed in an open forum. I may be wrong, but in my humble opinion AV-C have not acted in a decent or honorable manner by highlighting the apparent shortcomings of a security company who does not want to have any association with AV-C. You just don't shout about the good or bad sides of people who are strangers to you.

 

Ok. We all blindly trust Norton here, the File-Detection test is useless

Conclusion: Norton is right and AV-C is wrong. Norton for President!

 

Talk about making a mountain out of a molehill and blowing things way out of proportion!!!!

Do you exaggerate for the effect of hyperbole very often

That is NOT what everyone is saying. That's not what everyone is even hinting at or suggesting.

Most people believe Norton performed poorly because their product isn't designed to do well in that particular test. Most people also believe that AV-C didn't have the right to include the results of a test that Norton didn't agree to be included in, have knowledge of, or even consent to...without Norton's consent.

BUT.....you can make things up and draw your own imaginary conclusion if it makes you feel better.....

 

Facts are exposed from virtually everyone's single point of view in previous pages of this thread.

Let readers decide what they want to believe.

 

I prefer the Great Chain Analogy from Bioshock -

The chain is broken when even one link can no longer do the job.

Another analogy: A weak heart does not mean you can't work - it only means your chances of death are higher and you may die sooner.

Except, unlike, say, Webroot, Symantec doesn't seem to be interested in working with AV-C to devise methodologies to fix this apparent problem. In fact, Symantec doesn't even say "we think we could/should do better" (unlike some other vendors who have had not so good results in the past) - the official line is simply touting their "other advanced protection technologies" and telling users to look at AV-Test and others.

FYI Norton was included in several tests done by AV-C last year on magazines at their request. AV-C is just catering to a popular request here. At the same time, they have to consider the time and resources (=money) involved. For obvious purposes the FDT takes less time and resources to perform compared to the real-world test (which also involves several staff from e.g. the University of Innsbruck). In this case, they could afford it (also, I assume the magazines still request this and perhaps pay for it).

Many people here have made the issue out to be worse than it actually is.

Nobody needs to stop using Norton because of this test. At the same time, this is simply not a good result for Norton and they need to acknowledge they didn't do well in one test.

Understand clearly what I am saying here: There is no big politics; both companies have only done what is economically viable - Symantec has tried to focus on providing protection in a way that will be cost/resource effective for the company (less staff - see my previous posts) and still cover the user well in a number of scenarios; AV-C has tried to give users what they wanted (many requests for testing Norton) in whatever way was economically viable to them.

Anything different from this is very much smoke and mirrors and insinuating something that has never been said here. Like Macstorm said, there is enough information both ways for everyone to make their own decisions (including comments/clarifications by all organizations involved).

FYI: I am still using PC Tools; though I got the email about the products being discontinued today. Not sure if I will switch to Norton; between those two products I do prefer PC Tools.

 

We talked about you in this thread :https://www.wilderssecurity.com/showthread.php?t=345661

 

Fortunately, there are a lot of other choices out there, my friend

 

if you want a lightweight AV solution,
give Avira/Emsisoft a try

 

I changed my mind and bought Kaspersky AV 2013 for 3 PC. Upon installation, I disabled iswift/ichecker. KAV did not add tags to NTFS objet IDs any file any more. Good news. I think I will stick with KAV for a while now.

 

Are we talking about alternate data streams? They have not used them since 2006...

 

no, not istream, i am talking about its successor, iswift. iswift used to add its own tags to every file on NTFS system, causing a huge delay of chkdsk cmd. when uninstalling kav/kis, those object ids will stay.
It appears iswift stopped doing that after the 2009 version of KIS/KAV.

 

I wonder just how much help it will provide, since SONAR uses information from Norton Insight. I do not know if the information will be queried in this scenario.

 

The so called "USB flash threats" - the one coming from removable drives are very easy to fight - just block the autorun functions and delete the autorun.inf files that look suspicious and the threat is gone. I use and recommend Autorun Eater to each and every person I know.

 

Will it add tags if you enable iswift/ichecker? By the way what do those processes do?

 

I am not sure what will happen if the iwsft/ichecker is enabled since I never have them enabled before. However based on google search, the new versions (Kaspersky 2009-2013) won't add tags to object IDs. These two techniques are detailed here:
http://support.kaspersky.com/8824

 

Iwsft seems like it adds some tag or something based on the description.

 

only experiment will give you a sure answer

 

Spot on.

 

http://forumalt.av-comparatives.org/index.php?page=Thread&postID=3861#post3861

 

wow all these replies just for Norton?

ok here goes my opinion:
any AV that gets disabled by simple fake av's is worthless! so is Norton. forget the tests just turn on your VM's and test this your self's.
i have! it gets bypassed and disabled and gets spit on so fast...

 

Anyone checked with Kaspersky's user forum?

 

Yes I did. they said iswift/ichecker won't add tags to NTFS objectIDs. I believe them.