New Virus Test by GEGA IT-Solutions (av-test.org)

To Techodrome from Firefighter!

Even I can make mistakes, but I admit that. My weakness is that I believe on figures too easy. But as a finn, I don't believe anything before I have seen those things with my own eyes.

At first I have to say that MKS Vir 2.0 and Ikarus have too large figures in the false positive test and that you can see without more detailed study.

When I made the Histogram analysis with the rest of the av:s, the statistics showed like this below.

Histogram Mar-1-2003; av-test.org AV-test 3-2003

Total number of inspected clean files 20 000

General Statistics: (Ungrouped sample data)
Pts Plotted = 28 Offscale Pts = 0
Mean = 17.10714 Std Dev (Sample) = 18.34109
Kurtosis = 3.45559 Skewness = 1.39535
3 Sigma Limits: -37.91612 TO 72.13041

Process Capability Indices: (based on +/- 3 sigma)
Process Capability = 110.04652
LSL = 0.
CPL = 0.31091
Z (LSL) = -0.93272
17.55% will be under the LSL value of 0.
Based on standard normal distribution (derived from sample values).

It seems to be so that the results of the statistics were almost ideal. But that's not the whole truth. We have to see the Histogram pattern also.

When we are now looking at the shape of the bars, it seems to be so that there are two different samples.

This kind of pattern, according to Histogram analysis, is quite common for two different processes. In this case that means there are two kind of products, albeit we call them all antiviruses, but the purpose is different.

That study does not mean that the results are wrong, but it is now possible!


"The truth is out there, but it hurts!"

Best Regards,
Firefighter!

 

this nod32 thing remind me of something..
when i first posted something against nod32..all the members came pounding at me.."you traitor..how dare you say anything against nod32"

i still believe and say that nod32 is nothing but an over hyped(just here) product..its not so good.

 

To Technodrome from Firefighter!

You said that you haven't had any false alarms with NOD32 during last 2 years. So what, be happy that you are so lucky.

Karl on 26:th February 2003 in his article "Help with NOD false positives" or Zouave on 4:th March 2003 in his/her article "Another false alarm" were not so lucky as you. Those two articles you can see on the front page in the Official NOD32 Forum here in the Wilder's Forum.

So it happened repeatedly even on the front page. I haven't been on the other AV's Official Forums very often, but for example on McAfee's official Forum, there were none happenings like this. I don't say that McAfee is a good model example, because everybody knows what kind of mammoth it is, but still in this case.

I believe it will help us all, despite of our favourites, to recognize honestly the weak points of all av-programs!

"The truth is out there, but it hurts!"

Best Regards,
Firefighter!

 

FF;

There are many reports of false positive from McAfee, Norton, Kaspersky etc. Do google thing and see for yourself.




Technodrome

 

Yo, Ff - What exactly are you trying to accomplish here?

All AV's suffer from false positives (and you're never going to be able to properly quantify the counts because the various AV manufacturers sure aren't going to provide you with the info!).

All AV's miss this, that or the other when you start throwing in variables like ITW/zoo, testing based on this or that OS only for a particular test-set, whether trojans/worms/spyware get detected or not, etc.

I'm rapidly reaching the conclusion (based specifically on what you've been posting) that all the tests (including your statistical analysis') are basically meaningless (given all the variables involved).


Not to mention the fact that some of the programs that (by looking at your charts) one would consider to be "superior" (McAfee in particular, Norton, too) are generally well-known resource hogs, huge in comparison to the others, don't un-install well and in some cases don't work right on people's systems regardless of what they do to try and make them work!

I suppose you'll be trying to factor those conditions into your next chart? (Hint: Give it up.)

You can play with the numbers all you want - but you'll never reach a meaningful, universally-applicable guideline for which AV product everyone should use because you'll never have all the information available you need to make that kind of a recommendation!.

Tell you what - I'll just let you know when NOD misses something, okay? THAT'S the only kind of thing that would make someone question whether or not they're running the "right' anti-virus for them - whichever anti-virus program it may be. Pete

 

To Spy1 from Firefighter!

You wrote that I have given all the variables involved. It's only because I counted manually those figures from several different tests and it was so faster for me.

But again to the meaning of all variables within. That's the universal way to make statistical calculations and graphics, because in a real world everything affects to the final outcome. We can never count all the causes in that issue, why the outcome is that what it is.

When we are making statistical calculations and graphics, only then when the outcome isn't somewhat the same as normal distribution or a bit skewed normal distribution, we can say that there is a certain, main "cause" to this kind of behaviour! These rules are universal and av-programs are one part of this universe.

If you have studied all my posts, you know my opinion about Norton or McAfee. Still I never had said that those programs are very poor in detecting viruses. If you want to know my top 3 favourites, they are KAV, RAV, DrWeb. But they are still only av-programs, and that's hopefully not the whole life for me.

Sometimes there are situations when you can't use some programs. For example now my resident is McAfee VS 7.0 Pro. But so what, it's only one program among others. I'm here only for "learning english".

I don't dislike anybody here, but sometimes it feels so that although this is "Other AntiViruses Forum", here is still some kind of "NOD secret police" watching you (I'm joking). Hopefully we can stand opinions different from us. No hard feelings!


"The truth is out there, but it hurts!"

Best Regards,
Firefighter!

 

Many forums have a reputation for being biased towards one particular product or another, whislt here you will find many Nod32 users there are also users of many different products.
The implication that Wilders.org staff and regulars are blinkered is an unfounded accusation and frankly not true, if you head over to DSLR forums you'll believe they are the 'Norton av secret police' which obviously isnt true.

I'm happy using my particular product and whilst its good to read about various tests the data can always be misinterpreted to highlight any view you or anyone else wishes to see.

If another product suits me better then I shall consider using that but I and most others here are certainly not narrow minded when it comes to such matters.


Kev

 

To Tinribs from Firefighter!

I know that I am here often alone with my opinions, but that doesn't matter. I know also that here are many who are thinking somewhat like me. So what?

I really like to be at first opposite to everyone. It's sure more evolving than that you say always: "Yes, Yes, I like that, you are thinking just like me!"

"The truth is out there, but it hurts!"

Best regards,
Firefighter!

 

Theres nothing wrong with having your own opinions FF, in fact your posts are quite refreshing (if often confusing) I fear you maybe are getting too involved, I would like to know the last time you recieved a real virus either via email or via download??

No program is going to be 100% perfect, all programs have good points and bad, that may be false positives,resource impact,less than stella detection etc, but if someone is happy using it then thats all that matters and its the individuals choice.

Its no secret I choose Nod32 as my main av, I'm more than happy with its speed,its very lite system impact and its detection ability. I have used many other programs in my time and each had ups and downs, but for me and my pc Nod32 suits me fine, others mileage may vary but whatever they choose its there decision and good luck to them, but no matter how many graphs you posts or tests you analyse for skewness and whatever it will not find you a perfect antivirus program.



Kev

 

I have tried to remain open-minded as I have watched this AV test thread grow & grow & grow, but now I feel it is time for me to speak my mind as well.

What started out as a simple reporting of AV test results by Technodrome has evolved in to various personal attacks, AV products likes & dislikes, and IMHO various graphs & statistics that, while interesting, do little to prove and/or disprove which AV product tested by GEGA is "best" & "worst" . Gentlemen, let's try to get back to the basics here.

The important thing about all of this is that one should choose reliable/tested AV products that you like & trust and that work and look like you want & need. One size does not fit all....

KDCDQ, Security Freak

 

Interesting thread indeed, I use McAfee 7.02.6000 I have used McAfee a long time, but Back when I first got XP, my version of McAfee wouldn't work right.

So I got McAfee 6, it was just horrible, to much bloat locked up my XP often, I exchanged e-mails with support for about 1 month, no satisfaction.

So I decided to test different AVP's KAV was my first choice, but I found it locked up my PC worse than McAfee. I tested many AVP's finally settled on NAV 2002, it work perfectly with my setup.

I was very happy with NAV for a while, until, I started testing packed viruses, and Trojans, my fondness soon faded, So my search began again.

Again I tried KAV, still locked up my XP, I tried other AVP's none sooted me, then I tried F-Secure, It seemed to work great, until I did an update, then all Hell broke out, My XP was running slower than a Snell, Mouse freezing, XP lock ups they would last between 10 to 20 seconds. Slow reboot, Slow Startup, The PC just dragged.

I got a e-mail from McAfee support, asking me to Demo Version 7, I declined, but they wrote me again and assured me, this version was completely XP compatible, So I reluctant tested it. Version 7 worked great, and still does.

So finally I am back with the AVP, I started with, and truly enjoy McAfee, For me it's the best AVP out there, and if you notice a lot of tests lately also have noticed the power of McAfee, it's right up there in the top 5 as it should be.

 

No time to read the whole thread ! But one thing I know about KAV is that they have extremely good generic detection of some common trojan families. For the type of trojan in question you cant beat it, and considering ITW is what matters, the chances of KAV catching for example a new SDBot someone has set up with P2P spreading is better than most

I mean detections like

Backdoor.SDBot.gen
Backdoor.mIRC-Based
Backdoor.ServU-Based
Backdoor.VNC-Based

This is just one of the reasons I like their scanner SDBot is open source, as are mIRC based trojans (GT Bot). Anything that uses their engine I assume also gets these, so those are powerful scanners..

 

To everyone from Firefighter!

Some of us are trying to say that those calculations and graphics don't prove anything about that which av-program is really the best one. I absolutely agree that, but have I said otherwise in my posts?

The whole thing in my calculations and graphics was that the other av-tests except VirusBulletin were far away from that they were biased to some certain product. That doesn't mean that Virus-Bulletin is then biased to one certain product and that's why I studied VB tests quite few times now.

It is extremely exceptional, that those test results were evaluated with Histogram analysis before they were published. But when those results were approved by Histogram analysis, it proves only that under those circumtances, the final result was just like the one published, nothing else and that's it. The rules were the same for all of those av-producers and we have to accept that.

Like Technodrome very often says, there is no av-program, which is best in all situations and that applies to NOD32 too! So what? I, for instance, have used (too) many av-programs lately and all of them were so good against viruses that over 90 % of the average users should be satisfied to that.

We all have our favourites and that's very good, otherwise the world should be extremely boring. I know that certain programs are very good in many fields of infections, but still it might be so that for me some program doesn't fit. So what? I can always choose an other one.


"The truth is out there, but it hurts!"

Best Regards,
Firefighter!

 

My first visit here, and probably my last.

Most contributors are sensible, but you argue for the sake of arguing.

<No need for insults, thank you>

If you wish to contradict methods used providing the correct ones and/or reasons why the used methods don´t live up to your standards would be the way to go.Pieter

 

You could always ignore this kind of posts!



Technodrome

 

Sometimes these kind of posts ARE USEFUL because
after all this arguing many sides of the truth are revealed... (I hope not as in the story
"The Blind men and the Elephant")

 

You're welcome, your contribution is in any case not very significant.

 

Something about a black kettle comes to mind here, Smokey.

 

Quote: My first visit here, and probably my last.

Funny I thought a forum was a place for open debate or as a place to increase our knowledge including problem solving.
As individuals we all have a point of view, sometimes this can be wrong or misguided but through valid arguments & discussion many issues are resolved or a kind of consensus is formed from which a judgement (by the reader) can be made.
Agreed personal comments do not add to objective argument but it takes all types, fortunately on this forum it rarely, if ever, gets out of hand.

 

To everyone from Firefighter!

Now I maybe understood why the BitDefender 6.5 was the "winner" in this av-test.org test!

BitDefender was the only program that was able to scan all archives (-1), compressed program files, Embedded MS Office OLE objects and password protected files plus it has quite good in the Wild detection too.

Correct me if I read the results wrong!

The only minus with the scanning capabilities was that, it couldn't warn on password-protected archives?

"The truth is out there, but it hurts!

Best Regards,
Firefighter!

 

From bitdefender.com :

In competition with Norton Antivirus, Kaspersky, Panda Antivirus Platinum, F-Protect, Norman Virus Control, RAV and eTrust Antivirus, BitDefender brought two home PC protection solutions: BitDefender Professional and BitDefender Home Edition, the first revealing as an extra an Application Firewall and a superior network fortification.

Both products have excelled in intuitive behavior and stunning effectiveness, but most of the votes were earned by BitDefender Home Edition, which had the gain of a lower price.

The evaluation criteria were:
- user-friendly interface
- detection of main virus categories
- operating systems supported
- price list
- virus definitions number (over 72 000)
- archives’ scanning
- detection of viruses associated with Office documents
- false alarm minimizing
- best behavior under Windows 9x and Windows XP

"


Technodrome

 

Amen to what Pilli said.

IMHO, FF is a great benefit to these forums. Also Mr Blaze.

With no Tabasco, scrambled eggs are boring.

Regards......bellgamin
~~~~~~~~
Stop winking at me, you're making me nervous.

 

To everyone from Firefighter!

I am embarrassed to this flattering, I can only humbly thank you for the support. And for those who are not so intererested in my writings, I'll try only to keep the issues arguing, sometimes even quarrelling, never the human beings.

No hard feelings to all of us!


"The truth is out there, but it hurts"

Best Regards,
Firefighter!

 

To everyone from Firefighter!

Here is a list (not all) of some of those programs that were tested by av-test.org 2003.

When the "winner" was BitDefender and it's capability was to scan almost what so ever, here are some other programs too ranked by the ability to scan those file extensions mentioned in the test.

This is also an answer to Notageek, when he asked why McAfee couldn't scan some files.

It seems to be so that all the best in this ranking are very good in small company's office -use?!!!

Archives    Compressed   MS Office Embedded MS Office Password AV-Program   
Scan    Program files    OLE obj.  Protected OLE obj. Name
[24]    [13]          [51]          [8]


23       13           51         8    BitDefender 6.5

23       04          51           8    Panda AV Platinum 7.03

24 13 39 8 AntiVirenKit (AVK) 12

18 05 51 8 PC-cillin 2002 9.03

11       09          51         8    eTrust AV (ca) 6.0

24       13           33           8    Kaspersky AV 4.0

18 13 38 8 F-Secure 5.41

22       07           33         8    McAfee VirusScan 7.0.1

18       04          38           8     Command AV 4.74

16       09           32         8    DrWeb 4.29b

17       10           27          7     RAV 8.6

17       05          30            8    Sophos AV 3.65

16       02           33          7     Norton AV 2003 9.05

09       01           07          8   NOD32

14       03           00          7     Avast 4 Home

Now it's quite clear why BitDefender Pro 6.5, and not for example RAV 8.6, was the winner of those Awards below!

I

The European IT Oscar goes to BitDefender

Bucharest, Romania - September 23, 2002 - BitDefender, a European technological leader in antivirus security software and services, today announces its nomination as a Winner to the greatest European competition for IT excellence and innovation: The European Information Society Technologies Prize. The contest proved technical superiority of BitDefender Professional, a recently launched brand in the computer antivirus industry, placing it in the European privileged group of technological leaders.

II

BitDefender is the first winner from Eastern-Europe

4-6 November 2002, Copenhagen, Denmark: SOFTWIN's technologies proved to be the best antidote against new computer malware. BitDefender Professional was nominated as the first East-European Winner at The European IST Awards ceremony, among the best High-Tech products of Europe.





"The truth is out there, but it hurts!"

Best Regards,
Firefighter!