AV-comparative February2005

Well Norton was a sure surprise. But did any body read the graph in the report?
NOD32 detection has shoot up a lot as well.

I wonder if this is because of better AH or signatures...

P.S. where can i find more about Symantec cooperate 10?

 

I believe that someone mentioned somewhere that NOD recently added a huge bunch of Trojan signatures to their program, since that was the one weakness in NOD perhaps those additions helped to boost it up.

Acadia

 

No eye-openers. Per Norton and McAfee, they both contain great engines. It's the vehicles that contain them that need streamlining. Trim that fat!

 

I wish Trend Micro did better, I liked their trial of TMIS2005

 

IBK,

Im a little confused that you say nod,kav,norton.

Why would you say nod or anything else over kav for total virus protection?

 

http://illusivesecurity.il.funpic.de/viewtopic.php?t=56

Might be a very good reason. I was just wondering about this very thing. I recently had a system in my shop for cleaning and it had some very nasty stuff on it that were how shall i say resistant to kav. Besides kav; nod found another 100 virii on the system. I also scanned with a about 7 or 8 others all of which found another 20 or so virii but none of them found more than 4 - 6 apiece.

So this is the first time this has happened but to tell the truth I was not looking on other systems. I took it for granted that kav was doing what it should.

Lets just say it's things like this that really shake my faith in any one product to be as good as everybody thinks it is.

EDIT_________________

one more thing. I would have not even noticed this if it was not for the fact that I'm very exact in my cleaning. I just happened to notice some spyware that was not being removed properly which was what prompted me to do the extra scanning. This is when I found all the extra virii.

 

While this type of scenario is often posted (AV 1 vs AV 2), it reinforces my belief that 2 are better than one.
I have ArcaVir 2005 as my real time monitor (it just runs so light on my box with no conflicts and great heuristics) and a KAV engine AV as my back up. I run scheduled scans with the KAV, mainly because I run these scans in the wee hours of the morning while logged off. To run a scheduled scan with ArcaVir, you have to be logged on, but I still run scans with ArcaVir also.
Both are very good AV's that give me confidence that there is no Virus residing on my box.
Hopefully I won't need NOD 32 to install and clean up after them.

edit: But you never know these days for sure.

 

I believe that he was talking about "impact" on a system's resources or slowing down of a system, not the effectiveness of those programs to kill viruses.

Acadia

 

I wouldn't lose any sleep over it.

 

interesting link; i wonder how well Norton or Mcafee do in these test.

 

After looking at all the 5 tests, I came to this conclusion for myself:

Best Free AV:
Avast! (yes AntiVir is some better sometimes, but their update system sucks )

Best "Newbie" AV:
McAfee

Best "Power user" AV:
Kaspersky / (F-Secure)

 

I wouldn't either mcaffee is a much better product than norton. In my shop I always see systems with norton on then that are so infested they are unusable. These are regular every day people but security minded people like you find here who pay attention to what theyare doing.

 

I cant say from previous testing I would guess mcafee to do about as well as dr web or so. Maybe better. Norton I have no idea but my gut felling is that it would do about like kav did.

 

I wouldn't say kav read this again.

http://illusivesecurity.il.funpic.de/viewtopic.php?t=56

 

The info contained on that link is not correct.

https://www.wilderssecurity.com/showthread.php?t=68590

 

it was and kasperski still is very vulnerable to code mutation of any virus/worm/trojan. Nothing can fix this unless kav rewrites their scanning engine to account for such things and changes all their virus definitions.

You should have properly stated that kav has now added definitions to cover the ones listed at that link.

This does not change the fact that this same thing could be done to any other virus/worm/trojan out there and kav would not catch it. Read the analysis at the bottom of the page to get the full effect of what is being said.

 

Cool down guys! This test neither proves that KAV is down from first place and neither does it prove that they are slipping up!

KAV IS very vulnerable to code mutation. Nothing can change that no matter how much I or you defend it. I would not like to speak bad of KAV as I myself use a KAV-based scanner.

The main reason to this is that KAV's signatures are not very flexible, and this causes it to let through some malware. Of course, KAV team is always on guard and tries to compensate if possible through signatures.

I have a feeling this is going to be fixed in the KAV 6.0 when it is released as they still have time to make an entirely new engine.

But KAV still provides solid all-around detection.

So no arguing guys. Other AVs have different vulnerabilities.

Regards,
Firecat

 

That was more or less my point. I have been using escan as my primary engine to clean systems with after infection and then I put nod on then to keep them clean. But I was very interested in the fact that I'm seeing systems that have virii on them that escan/kav seem to be missing now.

That is the only reason I found the above thread interesting. and why I would point out that using the layered approach will always be the best as no one product seems to do everything well.

If and when kav 6 comes out if it offers advanced hueristics as good as nod then I very much think I will seriously consider it the only thing I need but until then many engines are needed to keep things clean.

 

Realistic: I think for complete cleaning multiple scanners will ALLWAYS be needed. Malware development goes very fast and covers a broader range of methods. I don't think any one program will ever be 100% effective.

 

I have run NAV 2000, 2002 and 2003. I never had any problems with any of those Norton products. For some reason I decided to test the AV waters. In the last year and a half, I think I tried just about every AV out there. I found the majority, if not all, to be good AVs, but I just never felt comfortable with any of them. That's just my personal feelings. Last month I decided it was time to go back to NAV. I purchased (upgraded to), NAV 2005, and I'm very impressed with it. It doesn't bogg down my computer at bootup, and it doesn't cause any slowdowns in connection speeds. And now I read about it scoring well in the AV-Comparitives test.

I guess my whole point to this post is, that I'm happy to see NAV score well on the new AV-Comparitives test. I could have made this post a little shorter, but I thought a little history was in order.

 

nav does well for on demand scanning not for on access were it really matters. nav misses stuff on access and then those virii shut nav down which makes it worthless for any on demand scanning it may have been any good at.

 

Based on which test performed by which tester did it come to this conclusion? (I am just curious and want to know)

 

good point . Are there ANY test that show the AV programs detection rate in REAL time ? To me , that is extremely important yet , most tests only show the on demand scanner results

 

based on what I see in my shop on real world systems. No testing. I see most of them running nav and quite a few either

1) have a few virii caught by nav but still have tons of it running around on their systems

or

2) nav has been shut off and the virii population is even worse.

I dont really care about the tests as I can see for myself what happens in the real world. The test may be ok for a general guideline but if you are cleaning this stuff for a living you get to see some very interesting things to say the least.


For instance one system had a bunch of java based virii on from viewing porn sites. I had never seen anything like it before but the virii were simply embedded in the web pages that they were going to.

 

Well if most pcs brought into your shop are running NAV, which makes sense since NAV is the most popular AV by far on this planet, then of course all the pcs that you see with problems will be pcs with NAV.

Acadia