AV-Comparatives (February 2009)

Last time I tried KAV I was a little dissapointed, I might try it again. Any suggestions?

 

Mcafee seems to have done wonders this month it looks like they had some kind of magic wand!

 

Well this is what they all should score in order to say there are small differences, and one is as good as the other. The truth of the matter is that there are huge differences: Avira and GDATA have 0,1 % difference (1,587 samples), fair enough. With the others without mentioning any names we are in the order of 2% differences (25,931 samples), now if you want to stick to a company out of loyalty fine, if you have a 2 years license it's also fine, but if your license is about to expire I certainly would choose the highest detection as my criterion. Advanced, advanced + what does it exactly mean? Besides they ALL had FPs, if you consider 24 FPs in 1,3 Million samples a lot for Avira, then even Eset and Kaspersky with 13 and 14 FPs have an awful lot of them.

Results should be displayed as they are, without giving labels as best or second best. Let people make up their mind.

 

Not only McAfee, Avast and Norton have done quite well too and its quite refreshing to see that.

 

They have a good rep, id say go for it

 

lol agreed i was very shocked by the results

 

Yes, McAfee has done well as long as you are connected to the internet. Without the connection the detection drops almost 4%. It is true that most of the time one is connected, but 90% of my computer's detections were of malware from USB flashdrives, while disconnected from the internet. Nonetheless a real improvement. Their magic wand is the "in-the-cloud" Artemis technology.

 

Well, considering Artemis is online system, once something gets past it, it can simply block the address for queries, making it completelly useless.

 

That's exactly what I initially thought as well. However, even with the 4% drop that leaves them at around 94-95% detection - Still putting them near the top. I'm still a little skeptical about "in the cloud" technologies, but if they are there as an additional layer rather than a replacement for existing protection (and provide benefit like theirs did), then well done.

 

Wouldn't that apply to almost anything though? Once something gets through and has enough access to do that, it can pretty much do what it wants on your machine. Game over.

 

So how many clean files are used in the test?

 

The report doesn't say. We'll have to wait for IBK for an answer.

 

Thank you, i couldn't find that. Kind of important

 

The one thing in this test I really question (based on daily use) is the FP rate of Sophos. This AV is a virtual FP machine, yet it is second lowest in the set- supposedly better than Symantec, which is an absurdity.

 

You should actually try reading the report first. It clearly states that Sophos requested that their product be tested/awarded with its default settings.

If it was tested with its most paranoid settings, it would have gotten 68 FP's.

 

Try quoting where I said that.

I think they said without Artemis it was about 95% so it's quite clearly a successful technology, so far..

 

This applies to ALL services that need a internet connection (e.g virusscan update system), not only to Artemis

 

I'm curious why Sophos performed so poorly. Is it just a bad product, or does it have something to do with it being an enterprise product ??

 

They reduced the heuristics in this test, this is also why the Fps are lower than usual.

 

I want to hear your opinion of the product that should test and the product that should not test.Ithink...
should:VBA32 Agnitum F-plot
should not:Kingsoft eScan

 

F-Prot withdrew from testing a while ago. Also I'm sure VBA 32 has been tested.

 

It's still bad, why would anyone want to use this AV ?

 

Like stated before, Sophos is mainly for businesses.

 

tbh i dont know how sophos stay in business. they have been a company for a long time so you think they would know how to devolop decent heristics that has low fp's

surely fp's would be worse in a business?

as stated by Bas in the past where he works the school uses sophos. he said a few times it has detected quicktime as malware so they had to exclude it.

if a antivirus company keeps having fp's on a known safe product their customers have no hope in having fp's of lesser known fp's fixed.

if it didnt have such a big problem with fp's it would be a good product.

its the only uk based av company as far as i know.

 

Maybe business computers use less 'out of the ordinary' software and utilities and stick with well known, mainstream brands which causes less problems on the false positive front.
Also, we have no idea what their technical back up is like. They might have good technicians who will help sort any malware problems for corporate users.