Dr.Web have many fp-s!

If I'm looking at this, I'm not so convinced at all about what you just said.

Best regards,
Firefighter!

 

Why doesn't Dr.WEB make more of an effort to add the ones they missed on each test? It would seem to be the prudent thing to do for their customers.

 

There are ones that are eager to make-up and ones that don't. To add alot of defs just before a test, don't add the everyday protection at all.

Best regards,
Firefighter!

 

I have commented on this same point, both here and on their forums. Particularly compared to other vendors they do not seem to add many of the missed samples.

Apparently it's due to an insufficient number of analysts and they are also concentrating on ITW detection.

 

To not be "eager" to add the ones they missed also doesn't help with everyday protection.

It would seem that Dr.WEB would like to add the ones they missed?

 

If you noticed, I myself was unsure about that statement (note the emoticon in that post). And after some discussion and thinking on the subject, I've come to the conclusion that it isn't true that Dr.Web is adding lots of samples just before AV-comparatives tests.

 

They do make some effort to add the missed samples, but just that they don't put as much as some of the other vendors. I suppose its because they have limited staff and need to use that time for adding more current definitions.

 

Those missed samples are not a real threat to the public (if they were,they'd add them).

But yeah...

I'd like to see them to add all missed sample as well. Just for the sake of marketing hype.


tD

 

i agree technodrome, if they added all the missed samples from the last test (play the marketing game) im sure their detection would be 'up-there with the best', but i think they will only add sigs for malware that can be executed and malware that will only be a real threat to users, i prefer this than all the marketing stuff.

some companys will use these tests to their advantage for sales and marketing, whereas i think dr.web carry on with their own stragedy and continue to be tested their own way

but just for ONCE, i too would like to see them add all the missed samples from the last test *lol*

 

just looking at the drweb site does not tell you anything as
a) you do not know if the 1000 additions are samples added from last test or other samples
b) you do not know how many samples are detected by one (generic) signature

 

Are you certain that all of those missed samples are not a real threat and that adding them would be just hype and provide zero benefit to the customers?

 

Yes that’s what I believe and that’s my opinion. Can I prove it? No.

Me think back…. When ESET was against such tests. In the eyes of average Joe these tests are the Bible or Quran. They swear by it. NOD32 always had outstanding product. But missing part was Marketing Hype. An average Joe’s understanding. Fortunately, after many rounds Eset finally realized that scoring high at these tests would only help them to place they product a bit higher.

That’s why we need tests such as av-comparatives or av-test.org…. On the second thought that’s why THEY need such tests.

Maybe DrWeb’s team should learn from Eset.



tD

 

i can prove that the missed samples are real threats.
afaik eset was never such tests in general (or av-comparatives), they just had some problem in past with av-test.org as they did some error in testing nod32 and therefore gave them wrong results. ESET and other vendors are still against other tests which include jokes, harmless files, generated samples etc. which lead to wrong test results.

 

I belive you IBK. You woudn't test antiviruses on malware that aren't real threats

 

maybe, but why do you slag off drweb all the time IBK, do you know something we dont?

is it really that bad?

im not a safe surfer and assure you it works a treat and keeps me clean, with super support and regular signature updates, all at a price that isnt CRAZY.

all AV's miss samples, but i believe on the majority as i think technodrome does, drweb trys to add samples for real threats, to keep the database down.

 

sorry, i was not refering to drweb, i was talking in general. afaik drweb is not the only product included in av-comparatives. but if someone says av-comparatives, it refers to av-comparatives only.
i for sure never said that drweb is bad.

 

ok IBK, no problem

seen as this is a dr.web thread, what you think? im sure you test things some people dont even think about, whats your 2cents on the matter?

 

in august 2006 drweb still produced according to our set of clean files more false positives than most other tested products. now that soon another test will come out and drweb is improving also to reduce their false positives I would suggest to wait for the new results and to see if drweb will be able to reduce their number of false positives at a niveau like the other products which rely much on heuristics like drweb does.
if you encounter a false positive with your AV (whatever AV it is) send the file to your av vendor. also av-comparatives sends in after each false positive test all false positives to drweb (and the other vendors) in order that they can fix them.

 

yeah i know, i read your reports.

but 80% of the false positives were detection heuristically which they are trying to work on, thats for sure.

still .. their vb 100% record is sweet! and also they have ICSA, so really it cant be 'that bad'

as far as i personally know, ive only had 3 FP's since using dr.web, and all were simple drivers.

 

It isn't 'that bad' - but VB100% as well as ICSA are merely marketing ploys - and all AV companies do know so. So please don't rely on the both of them.

 

i dont think VB is as 'marketing' as you think.......

but on IBK's notes, i dont even know how to find the tests done by av-test.org

 

the clean sets used by virusbulletin and icsa are easy to guess what they contain (= mainly only microsoft stuff which any av vendor has in his own clean files set). the biggest set of clean files used for testing is (currently) av-test.org - I wish they would make their findings public online.

 

In my mind, when you add about 1...2 months worth of defs just about a week before a test, you only add protection to the test moment, before this you actually have the real protection level.

Best regards,
Firefighter!

 

But not to even bother to add the missed samples from the prior tests before a new test seems to me a worse case.

It looks to me like it is a bit disingenuous to fault AVs that try to add the missed samples before a new test while at the same time another AV is not making the effort to add them.

 

I am not saying they are not real threats as in valid or malicious files or malware. Are they spread wide enough to posses a real threat to the end user? I know they are out there somewhere, but where?

No offense but thats BS. I am long enough here to know what I am talking about. Search ESET forum and see references to ZOO viruses.


tD