VB100 October

http://arstechnica.com/security/news/2009/10/antivir-10-others-fail-virus-bulletins-october-2009-test.ars

 

surprisingly Avira miss and MSE pass
world of wonders

 

From TFA:

The two most noticeable failures on this list are Sophos and Avira, though they both only missed one malware sample. "Avira couldn't detect only one of several thousand infected files, therefore the detection rate was not 100, but 99,99997 percent," an Avira spokesperson told Ars. "The rule for a VB100 is to have 100 percent, so Avira didn't get the VB100 award this time. The problem was already fixed by the time the VB magazine was published. All Avira products are able to detect 100 percent of the files since then."

 

Ikarus very disappointing 3759 wildlist misses

 

Avira > No FPs it seems

 

I don't typically opine on test results, but this appears horribly awry.

 

I don't believe that Ikarus failed to detect 3759 samples.

 

What's the point of focusing on Wildlist detection when the real problem lies elsewhere (eg. rootkits, scareware, etc.)? VB100 is all about marketing IMO.

 

Really? What's the point in focusing on rootkits, scareware, etc that infect 1 user when it's the WildList causing the main damage? Also, where does it say the WildList is viruses only?

 

1 user? When is the last time you've browsed a malware removal forum?

 

Not sure what you're getting at bud.

http://www.virusbtn.com/resources/glossary/wildlist.xml

If there is some bit of malware infecting many users on this malware removal forum you speak of, it's most likely in the WildList.

 

I am very well aware of what the Wildlist consist of. You may want to take a moment and read the entire blog post from Alex Eckelberry. While it is a bit dated it still holds merit.

http://sunbeltblog.blogspot.com/2008/06/wildlist-battles.html

Snippets

<< I am of the belief that the Wildlist is an outdated method of determining the efficacy of an antivirus product. Oddly, let me make it clear that it’s to my benefit to say just the opposite: to promote the Wildlist as effective, since it’s a fairly small list of malware to worry about. Once one is “certified” for the Wildlist, one could then be considered a “real” antivirus product. Nothing is further from the truth, and therein lies the problem: It’s an implicit (and unintentional) form of fraud. >>

<< Andreas Marx echoes a fair amount of this sentiment, in an email he circulated among some researchers last week:

…there is nothing wrong with the actual testing performed by Virus Bulletin, the problem is related to the samples from the WildList. Indeed, as Larry Seltzer pointed out, there is something seriously wrong with WildList-based testing and certification. >>

<< Another source of some contention on the Wildlist issue is the venerable Randy Abrams of ESET. In his words, "Agreement was virtually unanimous that the WildList is no longer useful as a metric of the ability of a product to protect users” >>

 

Thanks, but the point I was trying to make is people shouldn't be so quick to dismiss the "WildList". I don't see it as any different from AV-C's collection of malware.

 

And why shouldn't people be so quick to dismiss an outdated, woefully-limited sample set still constrained by rules from more than ten years ago?

The WildList is a joke, with little to zero relevance.

 

Well, all of the groups of "anti-malware experts" have always their own "favorite ones"

 

Not a joke. Too many fanboys here...

 

Believe it or not for once I can read some real facts about Avira! Although I'm not going to ditch it for one miss. I'm not surprised at all about MSE, I think it has a great future.

 

i have not used Avira for almost a year now due to the slowdown it caused to me when i had it. For now i am sticking to Zone Alarm IS and AVG on another comp but the 100% it always showed in test never really impressed me enough to ditch my current protection

 

Avira failed,what a pity.

What amazed me was Filseclab Twister(5655 wildlist misses, 1 false positive).What a large number.What did they do?Let me down.

 

Zone Alarm IS didn't cause the slowdown.I don't think ZAIS engross less resource than Avira.I only used ZA firewall,and it caused the slowdown.many friends have the same situation as mine.Maybe your computer is a super compiter .

 

Thing is there are some polymorphic viruses on the wildlist at the moment.

So missing 5k samples can result from missing only few 'variants', depending on the number of samples replicated for each variant of course.

The Avira fail for example was due to 1 missed polymorphic sample of the Virut fileinfector (not 1 variant, just one replicated file).

 

Variants,I hate them.Filseclab Twister,I remembered,had a feature as HIPS.It shouldn't make Filseclab Twister have such a large number of missing.

Avira's missing has been fixed.It is high speed and I am glad to see the vendor's hardworking .

 

FIlseclab have commented on this in the chinese forum, but even with google translation to english i was unable to understand anything. The only thing that i think i understood, is that overalll Twister scored 95%.

Anyway, the Wildlist can say everything she likes, for me all tests have primarily an advertising purpose.

I 've used Twister for almost 2 years and my opinion is that it's decent. As a matter of fact a few days ago it detected on demand a file from p2p, that Avast which i also had installed didn't. And it was not false positive (scanned it at Jotti's). Fact is, any scanner can encounter malware that it's not in its database. And oddly enough, in the VB test, all chinese antiviruses failed. This to me tells me something on the importance of the malware selection according to geographical distribution.

For the similar reasons, one would have to believe that Ikarus engine is crap. Oddly enough, with other tests (incl. AV-test org) this doesn't seem to be the case.

Logic says, that when in different tests something gives very different results, the problem is with the reliability of the test itself. You can't be at the same time, prime award winner in one test and missing thousand files in another. One of the 2 or both tests are flawed or promo oriented material.


Anyway, other possible explanations about Twister:

- They 're working on v8, so they 've neglected signature collection for v7, because they lack manpower.

Twister has behaviour blocker and registry protector. I wonder if they used them too or if they disabled them to use just the realtime scanner. I also wonder how do they consider a "pass" , if using the behaviour blocker. For example, if the registry protector alerts for a startup entry, is it a pass? If it flags as "suspicious" something is it a pass?

 

The elbow pain is very bad

 

Not really i i only have a 1 gig of ram and my laptop works fine. Well you probably tried the older version 8 of ZA the latest is a great difference. As maximum it will consume 30 mgb and a very fast browsing . I really like it