AV-comparatives proactive test predictions

but isn't the fp test based on scanner detection only? MD

 

Looks like the scanner detects some html using heuristics... there were a few FPs by AntiVir named HEUR/Exploit.HTML.. AntiVir probably scans it using this heuristics while the page is being downloaded or when its on the PC (temp folder)

 

Thanks for the answer. I really "like" your tests. Good to see someone putting all the effort in there to try to make a good test. I was wondering that if you had time you would be able to do a comparison of the free versions some vendors offer. Namely BD free, Antivir PE classic, Avast! free and AVG free. I think it would be interesting how they perform and also how they compare to the different paid version.

 

http://www.av-comparatives.org/forum/index.php?page=Thread&threadID=749

 

where is everone seeing this i cant find it anywhere?? thanks

 

LWM explains:

 

i found it yeah sorry i read most of the thread earlier and didnt see that post. thanks.. looking at it now

 

Congrats to the folks at Kaspersky Lab!

 

kaspersky has such a good signature detection rate though, i wonder what the percentage were heuristic detections

 

don't underestimate them mate, they have been working hard on heuristic detection lately. Also, have you ever heard of a little thing called 'proactive defense' module?

 

i know all that MAC,

but i wont be convinced, as kaspersky as a high signature detection.

i just think it would be nice to see how much were heuristic detections, maybe it will show this in the reports?

---
nod would be a different story, as their software is based soooo much around their heuristics, so its a little more genuine.

understand what i mean?

i just think it would be nice to see signature detections removed from ALL, then show percentages

 

yeah i know what you mean Chris

Let's wait 'til saturday, we all expect a very detailed report.

 

KAV without the new heuristic would have scored like eScan, which got Standard. what escan detected is mainly due generic signature detections.

 

k ibk, you posting them already yet?

 

C.S.J. the easiest way to see how good the KAV heuristic is, is to look at the results of the May "Retrospective/ProActive Test". In that one KAV v.6 was tested. It recieved 9%. Version 6 didn't contain any "real" heuristics engine so these 9% were basically all signature detection.

Now Kaspersky released shortly before the test their new Version 7, which contains the same AV engine as Version 6 + a new heuristics engine. So IBK did a single product "Retrospective/ProActive Test" of KAV 7 shortly after the May test. It used to same testset as the May test and is according to IBKs report comparaible to the May one. So in this test KAV scored 35%.

So you can see their new heuristics is quite good. And back then it had just been released. Looking at the results from the November test it seems that Kaspersky has used the time since then to further improve their heuristics.

 

very nice results from kaspersky, i knew nod would be at the top..

 

...Or the same heuristics performs better with the samples collected for this comparative
Either way, KAV's done well to achieve advanced+ and implement such a powerful emulator and its paid off (v6 compared to v7) and NOD's done well to retain its level for so long

Other AVs need work done... although, they may be attempting to improve their behavior blockers (checking files upon execution) rather than heuristics (checking files upon scanning)... they're both very effective methods and both have their advantages and disadvantages

 

thank you, but i know this already

i was merely asking why signature detections are included in this particular test

its not really checking the unknown-malware technology, if there is a known signature for it.

just asking, thats all

 

its not a heuristic test - generic signatures etc. also provide proactive detection.

 

yep your right, but you know people judge this test on heuristics, which can (could be...) misleading.

are there plans to do a heuristic test in the future?

 

whats the sense of that?

 

you dont see any sense in testing the heuristics?

 

Neither do I see a point in testing solely heuristics... the test should be to see effectiveness of detection of 0-day malware... and when there is a 0-day on your computer, you're equipped with the strength of the signatures+heuristics, not only heuristics.
Having only heuristic detection is unrealistic because nobody sets their AV to this.
Heuristics+signatures = realistic because thats the setup for all AVs and the protection it provides

(you're also often equipped with behavior blockers, but thats another test in itself... very time-consuming!)

 

ok, i see your point.

i was just asking