AV-Test Windows XP Test Results

because.... (some little explanations may be useful)

 

I have several reservations about AV-Test results:

1) Their methodology is not well explained. Compare this to AV-Comparatives or Dennis Technology Labs, where testing procedures are outlined in considerable detail. For example, AV-C keeps the OS and vulnerable 3rd party programs (Java, Adobe Reader, Flash, etc) patched during the test period, while Dennis does not. This leads to a considerable difference in blocking rates reported by these 2 sites for recent and zero-day threats. I suspect that AV-Test does not keep everything patched during the tests, but who knows?

2) AV-test does not explain how scores (points) are calculated. For example, MSE scores 0 points in protection. The average reader looking at only the summary page might conclude that MSE provides no protection at all, which is nonsense. In fact it blocked 74-81% of zero-day threats, and 92-95% of "prevalent and widespread malware".

3) Certification standards remain at low levels (only 10 of 18 points needed). Virtually guaranties that almost all products get certified. AV-Test only awards one level of certification, while AV-C and Dennis stratify their awards.

In short, AV-Test could use a little more transparency in their test reports.

 

Did you expect comments on this?

 

Yes... at least reasons for saying just a plain "its wrong". I thought you had insights, but apparently not.

 

AFAIK Kaspersky's technologies are modular and the SDK offers only a core engine, so to speak. The rest, either you develop yourself or pay extra for licensing. That's probably a big reason why so many vendors dropped Kaspersky in the last few years.

 

Not really, the scalable approach of the SDK is manly built into three main modules: desktops, gateways/mail server and then a separate anti-spam module. The single modules have little customization possible as they tend to be a sort of "black box", however they do include all main features. The black box nature of the SDK is the reason why KAV has attracted limited size of potential customers.

The lack of in the wild detection since several months points to some issue in the SDK engine 8.3 as previous SDK builds worked fine.

 

The big improvements for Avira came with AV13 Update 20 (APC realtime scanning) and the 2 new cloud detection modules that were enabled in the last week.

Avira URL cloud integration, new VDF format, AI realtime retraining are next.

 

yes, but the difference interval passed the credible threshold remember Computer Hardware takes into account too
I dont imagine how Kaspersky would perform in a 512 MB RAM - 1 GHZ CPU computer on pair to ESET
AVC have more precision and the methodology is visible to users

PC Mark is a more complete benchmarking test and I can understand why AVC would include such test

 

^ It's not the licensor's fault their licensees aren't/weren't smart enough to make the most out of what they licence(d) or complement it with their own tech.

 

Good to know you guys are working hard.

 

Stefan:

Would it be fair to say that Avira Free is not yet performing at the same level as the new Avira Pro / Avira IS?

Indeed....would it be closer to the mark to say that Avira Free is currently performing at about the same level, or no better than, the mid year version of Avira IS 2013?

Is there , then, any news as to when Avira Free will be upgraded?

There are many who would like to return to their "old love".

- cheers,
feandur

 

Good to know that Avira trying to improve their whole protection level with Cloud Technology
But I have a bit question
Q1.
Avira URL Cloud<this one has been release a preview of ABs(Avira Browser Security)
However How about the current Search free toolbar widgets(Website Safety Advisor),
Does it using Avira Own URL-Cloud technology(Avira toolbar v7) which was same as ABS??
or It still keeps on using the CallingID Database but rebrand as Avira Url-Cloud?

Q2.
What is the AI realtime retraining?
Does it means like QVM(QiHoo Virtual Machine)engine?which has is own AI for recognize any new sample automatically in the cloud server? or it was the replacement with the ProActiv behavior Detection technology(New Behavior Detection Technology)?

 

I'm not Stefan or anything but I still see an obscene number of infection posts or threads by Avira Free users on the net, far more than the ones posted by, say, A***t users. The paid version is fine now, but the free one still isn't AFAIU.

 

For sure Avira Free has currently a lower detection as it is lacking the Avira Protection Cloud feature.

But one of the company goals for Q1/2014 is to get the cloud into the Free version.

ABS is using the Avira URL cloud, but also the normal paid versions with enabled APC feature will use the URL cloud soon.

AI "realtime" retraining means if we recieve a sample and classify it as malware but the AI did not detect it, the AI data sources will be updated to detect the malware. The current AI updating process is not always fast enough to catch up with those ultra-fast-updating malware families, so we are working on improving that training time alot. After trained into the system as malware, variants of that malware will be also detected.

 

Not to beat a dead horse (much), but if Avira would consider partnering with someone other than Ask, like Google or Yahoo, the adoption rate might go up.
As I understand it, Ask pays more per install than other toolbar providers, but their ties through their parent company make them a no-go for me and my clients. I wonder if Avira would attract enough additional customers by changing search partners to offset the "loss" of Ask? The Ask partnership remains the "deal-breaker" for me.

Thanks for all the hard work improving Avira, especially the Free edition.

 

It's my understanding that Kaspersky has gotten really hardcore into whitelisting, which may explain their recent incredible performance improvements. If the test machines are running common software on them only, there could be almost no perf impact.

Feel free to jump in and correct me.

Even so, I've been extremely impressed by the perf of the 2014 product. I demo'd 2013 and could feel it sucking the life out of me but no such issues on 2014.

 

I have KIS 2014 and am uninstalling it and possibly going back to the 2013 version. Maybe I am missing some setting somewhere but when I see a pop to allow or block there is very minimal information given. I cannot find where more info can be added to the pop up. How do I know something just by the PID? I do not want to trust everything that has a digital signature, so I'm not going that route. But the pop up warning/message should have some minimal information included, otherwise it is useless. The KIS 2014 version so far has been a major PITA and nothing less. Total garbage for me. And BTW - the performance impact of web surfing is higher for me than the 2013 version.

 

Running KIS 2014 with application control in "trusted mode" on a test machine and its working very well with no slow down whatsoever. I found it an improvement as compared to KIS2013 especially the application control restrictions.

 

Avast as taken a dip this time

I just hope they can come back up rather than spending time on stupid tools

EDIT: why avast 8 and not v9 which has deepscreen!