av-comparatives news

well the thing is they are better behaved users or at least most of them are to begin with. As such they could probably almost get away with no av scanner. In such a case it's a no wonder they don't see anything wrong with whatever scanner they use.

In real life use however were you see systems with over 11,000 virii on one system. Well even norton didn't catch those and another scanner had to be called in to clean the system.

 

I can understand the well behaved part, as I consider myself a very safe surfer. So is my wife, but there are times I know in her quest to look up what ever. (Nothing nasty.LOL) She doesn't pay attention to the Site Advisor I installed in FireFox. However, we never had a Virus so that's why I too never paid much attention to any of the tests. That is until the retrospective on demand one in May. Although I said I liked AVG Free, those low detection scores bothered me because prevention is the key I believe. Also this time around the Polymorphic scores were 1 in 10. I'm not sure how important this detection is, but you never know.

 

Certainly the heuristic detection rate of AVG is poor, but the detection of know malware is not so bad, actually if you don't count the DOS viruses/malware, it was better than Dr. Web and F-PROT 3 and slightly worse than Avast.

Edit: fixed typo

 

AVG is much better than the real score in Av-Comparatives.org 08-2006 test. If you are looking more closely to the published data of Av-Comparatives tests, you will see that among single engined av:s (Vba excluded because of insufficient data) only Avira, Kaspersky, NOD32 and Norton were capable to detect more those nasties added AFTER the 02-2006 test. Of course those newest nasties are the most important ones. You can see how good some av:s are adding signatures against those nasties I've found after I switched my av to AntiVir 7 PE Classic.

Best regards,
Firefighter!

PS. DrWeb was in a different row in the right snapshot, so when it detected first, so it detected after as well.

 

i am currently beta-testing the avg 7.5 and lemme tell you its doing a damn good job!
ewido's addition will definetly improve detection rates of malware/trojan and co.

 

As for the Zlobs, you did not take into count the false positives that packer detection produces. I've seen about 4 AVs detecting various Zlob FPs due to this. I don't mean to bash nor offend, just wanted to say that nothing is that perfect as it may seem at the first glance, and there's also cost that you must pay for that kind of detection.

 

Some proactive FP:s are an issue, that I can live with. It's not so dangerous, just check your findings after these in VirusTotal and Jotti's plus send them to our av-vendor, that's it. I'm more curious to know what happened to this "Trojan-Downloader.Win32.Small.dnt" with NOD? Here is the first detecting by NOD, afterwards nothing.

Best regards,
Firefighter!

 

numerous posts were removed.

To all:

With respect to the posting of Jotti or VirusTotal individual snapshots in regards to time of detection, the site policy on this is clear, see here. As for this thread....let's Please confine our discussion as it relates to the av-comparatives report and not the timeliness of AV's to add items to their respective database.

Thanks,
Bubba

 

I was only deepening the Av-Comparatives 08-2006 test by telling some facts about the REAL ranking against those newly added samples and correcting the strong believe about AVG's poor detection, when it actually beated 4 "Advanced" single engined av:s against those newly added samples. Those snapshots were only like some examples to support this as a whole. If that's OT, my bad.

Best regards,
Firefighter!

 

Just how important does anyone think the Polymorphic results are? Also the Proactive (prevention of)have to mean something right? I guess how easily an AV can remove a Virus is a different story, and perhaps for a different thread.

 

Hey,

Sophos now integrates their new "Behavioral Genotype Protection" into all their AV products..: http://www.sophos.com/security/topic/behavioral-protection.html

Maybe, now IBK can give them a second chance, retest them and will include them into the first test in 2007..

In the proactive/retrospective test, maybe Sohpos will be better now..

best regards,

iNsuRRecTiON

 

I believe Sophos declined to partake in the tests themselves. IF I remember correctly.

 

Yes, you are right. Sophos declined to take part in the test after August 2005.

 

Yeah, but at $60 US . kinda steep no?

 

Where did you get that price?

 

Here: http://www.softpedia.com/get/Antivirus/Sophos-Antivirus.shtml

I looked all over before I found even that price, the 'sophos' site has no pricing that I could see anyhow...

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20061015 Minefield/3.0a1 Firefox ID:2006101504 [cairo]

 

The sophos AV screenshots at softpedia shows the old discontinued 'free' build version. When you try to buy the product they redirects you to the Sophos main site.

AFAIK, you cannot purchase individual licenses of the antivirus, being its market mainly directed to the enterprise & small business companies.
I found this 'lowest' price of the AV for small businesses (http://sophos.com/products/small-business/)
--------------------------------------------------------
MSRP for 5 users, for 1 year* $207
* Multi-year license discounts are available
--------------------------------------------------------

Also I think this AV's effectiveness is poor rated

 

Although Sophos AntiVirus may not be among the best AV like KAV, NOD32 or BitDefender, it is surely not a poor AV. Sophos AntiVirus has very good detection rate along with KAV and Dr Solomon's AntiVirus Toolkit some years ago. Graham Cluley, now Senior Technology Consultant at Sophos had been the developer of Dr Solomon's AntiVirus Toolkit, which had been eaten up by McAfee in Dec 1998. The engine now used by McAfee is actually the Dr Solomon's engine further developed and enhanced by McAfee.


Single user license for Sophos AntiVirus are available for purchase from here, although it is expensive:

http://www.a1eb.com/esecurity/solutions/anti-virus/sophos/single.htm

http://img128.imageshack.us/img128/9169/sophosantiviruspricinglw7.png


Screenshots for the 6.0.X version of Sophos AntiVirus, the latest version being 6.0.4.

http://img128.imageshack.us/img128/1745/savmainscreenlv8.png

http://img114.imageshack.us/img114/5422/savconfigsavhf1.png

http://img212.imageshack.us/img212/8574/savconfigsavauthorizedapplicationlistww1.png

http://img518.imageshack.us/img518/7805/savconfigsavadvancedscanningsettings1hr9.png

http://img526.imageshack.us/img526/7933/savconfigsavadvancedscanningsettings2dk5.png

http://img115.imageshack.us/img115/2711/savconfigsavadvancedscanningsettings3tw3.png

http://img76.imageshack.us/img76/5998/savconfigsavadvancedscanningsettings4zl4.png

 

Thanks Chubb, that's REALLY expensive!

I've been a happy Kaspersky AV user for 2 years.

I trialed Sophos av (small business & enterprise, in this order) months ago. I liked its nice GUI (the best, IMO. Love the blue shield icon), not heavy on system resources, fast and hourly updates, a real install & forget app, etc.
After trials finished, reinstalled Kaspersky and made a full system scan: it found 3 virus infections into the InternetTempFiles folders, those what Sophos missed (I guess it's because sophos lacks of a web scan module). Needless to say I found this worrying

Now I'm back to Kaspersky.

 

Yes, I agreed that KAV has better signatures than Sophos, and I am using KAV too. Sophos is mainly a coporate AV (though single user license is also available and expensive) and I think corporate AV may sometimes focus more on stability than detection. From my experience, Sophos has a better detection rate than Norton. Sophos found something that Norton don't find.

And customers service of Sophos has been quite good. I have a personal license of Sophos some years ago, and support had been great.

And Sophos is now adding application control to the 6.0 series, a step to add HIPS to Sophos AV.

 

In the past Ive used Dr Solomon's Toolkit. It was one of the most realiable AV. It's only problem was that it slowed down the computer too much.

Sophos also slowed down our very low end computers. This and pricing is one of the the reasons why we switched to another AV. Another reason was the akward update method were the program uninstalled and reinstalled itself after every signature update. This was very disturbing on our low end machines on slow WAN links.

I still think Sophos is an excelllent AV, which never missed a virus or worm. Nice to see the GUI has improved a lot. The latest version I've been using was version 4. Competition is good and I hope Sophos will adapt itself and remain competitive, but it's no longer attractive to me as there are lots of good products to choose from at very competitive prices.

 

The "Detection of potentially unwanted programs" report is available http://www.av-comparatives.org/

The AV products scored better than I expected.

 

Thanks for letting us know !

 

AVIRA AntiVir PE 7 Premium keeps going strong in this "potentially unwanted programs" sector too. With AntiVir Premium plus a good firewall and browser, does the PC need any more security applications at all?

Best regards,
Firefighter!