AV-Comparatives Business Security Test March - April 2020

Discussion in 'other anti-virus software' started by Thankful, May 21, 2020.

  1. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    5,350
    Location:
    New York City
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,685
    Location:
    The Netherlands
    Interesting stuff. So Cybereason, CrowdStrike and FireEye ended up in the bottom when it comes to the Real-World Protection Test. Surprising since they are all highly respected companies. I would like to know more details about this, why would they fail to spot malware on this test, when they did quite well on the Malware Protection Test. It shouldn't matter how malware is delivered normally speaking.
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,920
    Location:
    U.S.A.
    It obviously does. In the Malware Protection test, the samples were already present on the disk. In the Real-World test, assume most of the malware was downloaded via a browser. Or the malware was assisted in execution by the browser. Starting to get the picture?
     
  4. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    5,547
    Location:
    USA
    I'm going to agree with both of you. It "shouldn't" matter, but it obviously does as you stated. A product should be more suspicious of something downloaded from a browser, but it also shouldn't miss it because it wasn't.
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,685
    Location:
    The Netherlands
    So what are you guys saying, that they are pretty crap?
     
  6. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    5,547
    Location:
    USA
    I think most products are but more to the point here was that it would appear (to me anyway) that most products these days are willing to call something malware just because it was downloaded by a browser and tagged as such until it is proven otherwise. What if in a real world situation you were already infected and installed a product to deal with said infection and it just ignores it because it was "already there"? It just seems lazy and ineffective to me.
     
  7. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,920
    Location:
    U.S.A.
    The Next Gen products you referred to are weak on network protection. These products are installed in commercial environments where it is assumed that the network perimeter is being secured by a dedicated network appliance.

    Another possible factor is Next Gen products are weak against script based malware; especially those deployed using legit Win "living of the land" techniques.
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,685
    Location:
    The Netherlands
    Yes, that's what I'm afraid of, and it would be pretty painful since they always brag about how good they are at detecting this stuff.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.