AV-Comparatives reports

Hmm...Pretty good results from NOD32, BitDefender, GDATA and AVIRA. However, the real stuff should be seen in the next retrospective test as AVIRA and BitDefender have made *major* upgrades to the heuristics engine since the 7th of August, 2006. BitDefender 10 improves heuristic detection by nature, and the latest updates are updating the heuristic engine 5-6 times a week....

 

It's never REAL, almost all engines are evolving all the time. The test situation will be the same, because those engines are even then at least 3 months old. The only way to measure todays heuristics is to FREEZE signatures 3 month backwards and use the latest versions of each av. I suspect that this isn't possible?

Best regards,
Firefighter!

 

Hmzz i always thought that that was the case

 

New heuristic / generic rules could be included in the signature file, so using the current program with old signatures will harm some vendors and benefit others.

How it's currently tested is the only fair way - use a 3 month old program and signatures.

 

Oh yes that's true. But that would probably mean that when Kaspersky introduce there new heuristics at the end of this year (or so) we have to wait a couple of mounths to test it

 

Yes. I thought Av-comparatives would test new releases: BD 10, AVG 7.5, NO32 2.7 .....

But we should wait to the next.

Best Regards.
Mike

 

an kav6.0 with its new heuristics engine.
lodore

 

I'm a bit puzzled because even though everyone seems to agree that KL's heuristics currently are not as good as they could be, I'd have thought the Proactive Defense module would have picked up on the missed samples in this test? Wasn't there a test earlier in the year that showed the PDM alone garnered very high results?

 

yes the PDM was tested earlier and came out very good.
but that test is only testing the heuristics which in kav aren't very good atm but are getting a new engine soon
lodore

 

PDM (and other behaviour blockers) does not apply to on-demand scans

 

Considering the top 2's 'Heuristics Detection' still missed almost 50% of the samples, do we need any further proof that at this point in time, Heuristics should be considered a 'Bonus', not something to 'Rely On'. And how bout 'Symantec', 15% Heuristic Detection bundled with slow signature updating. If i used 'Norton', i'd feel 'Real Protected'. Yeah!.

 

you cant say that, norton is good and yeah it got 15% but thats more than double the great kaspersky.

i do agree heuristics are over-rated and shouldnt even be a big factor for choosing an AV, as even the high score ones, were poor, i will continue to pay more attention to the on demand scans.

 

you can not say that e.g. 50% are poor, if you consider that 50% is the MINIMUM protection you get (as you keep your AV up-to-date, also the heuristic/generic detection gets updated and detection by it increases).

 

yes

 

IBK

I'm not disrespecting your efforts here nor saying that 53% Heuristics is 'Poor'. What i am saying is that if a user is a medium to high internet/email,etc user, Heuristics Detection rates are not strong enough yet to cover the gap for AV's that have slow/infrequent signature updating practices.

 

on the other hand even if an AV releases an update every 5 minutes, it can be too late, while the heuristic already detected and removed the malware...

 

I can because it's the truth!.

I've never said that the 'Norton' program itself is bad, it's detection rates are excellent. However, Symantec are one of the slowest to update their customers signature database and if no signature at point of contact, little chance of detection right.

Look at Kaspersky and it's 'Lousy Heuristics'. How the hell then can they offer such outstanding protection. I'll tell you why, because at this stage of the game, they understand the game and that is 'Killer Sigs' and 'Fast/Frequent Updating'!.

 

53% of the time.

And one would have to think that chances of infection are much lower with updates 1-2 hours than 8-12 hours.

 

Certainly a 'Bonus' indeed. You definitely would not want to rely on heuristics alone, that's for sure. But it is a worthwhile 'Bonus' to have just in case. You never know when it might be needed, but having it is good. These should also improve over the next few years.

 

I think heuristics is a technology that can't be separated with any security software that we have. BUT we can't really depend on it and it can't even fill the gap for an unupdated program. We can benefit from heuristics when it comes to virus variants as well as malwares that may have the same workarounds with other existing malwares but this is for a limited time only...

When the "Can't update avira problem (the august expiration thing)" arised from Avira users, I was forced to instruct my classmate to just turn the heuristics into high level just to save her PC. The default virus database in that old installer is a May database. It was already october when we ran it in her PC with high heuristics. The result? We catch most of the culprit and it was flagged as HEUR/Malware. BUT despite of that success, it still didnt get rid of the PSguard annoyances that hijacks homepages if IE.

Anyways, what I want to say is that heuristics is a must bonus for security programs...

 

How can anyone discuss such a subjective statement? I have used Symantec products for years {currently using NIS 2007} and never come close to being infected, but my feelings one way or another don't matter. If you "feel" more protected using some other product, so be it, then it's a free market and you can use what you like. Why can't we be psychologically sane and tolerant of the choices people make in a free market? Take Care, Warmly, Ran

 

100% agreed, tobacco. A young technology like heuristics is being over-emphasized today. I think heuristic testing is merely an interesting academic exercise. I tend to agree with some who say that a combination of signatures, PAD and/or sandboxing may be the better way to go. Just my $0.02.

Edit: Spelling

 

Q. Who needs retrospective tests?

A. PPL who don't bother to update their av software = PPL who shouldn't be sitting in front of a PC connected to internet.

 

This is a multiple answer question.

Answer: The Public Relations and Marketing teams of the various AV vendors.
Answer: People curious to know how good their AV protects against new and upcoming threats without signature updates.

 

lol! Remember Randy, Norton is a piece of software without human feelings to take into consideration.

Just pointing out that taking into consideration Norton's Heuristics detection and Heuristics detection in general, Norton users are at greater risk of infection because of Symantec's signature updating policies than say a KAV user. Again, i will repeat, Norton - excellent detection rates - slow/infrequent updating. I'm certainly not saying you cannot use Norton without becoming infected. But for high internet usage/ risky usage, the risk is greater. Just my opinion and seems pretty logical to me!


I just checked your update section and see that Norton updates were 24 hours apart. Were there any updates inbetween that were not posted?.