AV-Comparatives: File Detection Test March 2015

Discussion in 'other anti-virus software' started by anon, Apr 15, 2015.

  1. Mortal Raptor

    Mortal Raptor Banned

    Joined:
    Oct 6, 2014
    Posts:
    1,013
    But what Mayhana says makes sense. The synthetic benchmarks are only part of the big picture. I repair PCs as a hobby and most of the ones I come across come infected have Kaspersky installed. They are usually filled with PUPs and annoying popups. Part of that I think is due to the fact that Kaspersky doesn't block PUPs by default unless you change that in the settings which is very very bad IMHO since most PC n00bs just install an AV thinking that's all they need to do and go along doing their business.

    So I would take a user's opinion over synthetic benchmark organizations. Not saying they're bad, just doesn't show the full picture.
     
  2. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,614
    Location:
    Milan and Seoul
    Likewise for Mayahana: Who are you? What are your qualifications? Why should I trust you, an amateur repair man who can't make up his mind about choosing an antivirus...
     
  3. coolcfan

    coolcfan Registered Member

    Joined:
    Nov 1, 2008
    Posts:
    130
    Really good result, with the effort of a lot of engineers working overtime to tune and train their QVM.

    Regardless of my opinions towards Qihoo the company, I do respect their engineers, especially in tech.

    Maybe something like "I should be the baseline of all the tests, don't choose anything performs worse than me" and every test agency loves to accept it. :D

    Kaspersky has a good reputation of ignoring pups and adwares (e.g. something that tries to install another AV silently on your computer) in the chinese market. :p Maybe AV-C only tests real viruses against it?
     
    Last edited: Apr 16, 2015
  4. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,642
    Location:
    Sneffels volcano
    Avira & Kaspersky, as always :thumb:
     
  5. smallav

    smallav Registered Member

    Joined:
    Jun 2, 2006
    Posts:
    17
    Yes, QVM engine is very good to detect malware, but it will generate lots of false positives at the same time. It's true QVM got zero false positive in AV-Test's tests according to AV-Test's reports. I don't want to know AV-Test's test method of their False Positive testing, and don't want to know what Technology Qihoo used to avoid false positives, but why Qihoo disable QVM engine in AV-C's File Detection and False Positive Tests, try to avoid false positives that may leads to downgrade?
     
  6. StillBorn

    StillBorn Registered Member

    Joined:
    Nov 19, 2014
    Posts:
    297
    Well, color me purple... I'd still like to see AVc's chime in to this brewing stew.
     
  7. c2d

    c2d Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    572
    Location:
    Bosnia
    Kaspersky :thumb:

    Respect.
     
  8. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,886
    Location:
    Innsbruck (Austria)
    I do not remember seeing such a comment from you when TrendMicro managed to reach 100% for some month (WPDT; wrong thread). Also interesting that people do not comment like this when in other labs almost everyone always reaches 100% (while in our case it is relativly rare).

    Before we publish the report we give time to the vendors to check/verify the results. No cloud or product issue was reported by TM, the final misses got accepted.

    The WPDT factsheet even contains this note: "We would like to point out that while some products may sometimes be able to reach 100% protection rates in a test, it does not mean that these products will always protect against all threats on the web. It just means that they were able to block 100% of the widespread malicious samples used in a test."

    Likely that malware was not prevalent... (sarcasm).

    The FDT report also contains an explanation why results are usually high (btw, no one ever reached 100% there):
    "The overall standard of detection in this test is very high. This is partly due to the focus on prevalent malware samples, and partly due to the time required to find out what is prevalent and for sample verification. The results may indirectly show which products have a lower time-to-detect rate, i.e. are faster in detecting/reacting to new malware. Furthermore, several products in the test make use of third-party engines (see footnote on page 4), due to which they all score similarly highly."

    The reasons why Symantec etc. are currently not in the public main-tests is known. This does not mean that they do not participate anymore in any of our public tests, as you should know, Symantec, GDATA, etc. are regular participants of some of our other tests which are not part of the main test-series. Regarding the smaller vendors, we already include more vendors that we should (22 instead of max. 20, and we had to refuse some too), we can't test all existing apps.

    Yes, as stated in the reports, we only use malware and exclude PUA from the test-sets.


    About Qihoo: "Qihoo participated with their 360 Antivirus (English) (http://sd.360.cn/download_center.html) which uses the Bitdefender engine but no QVM engine." I can only suggest you guys to contact Qihoo and tell them that you are not interested in the results reached by the tested version which is officially published on their main site, but that you would prefer if they would actually participate publicly with their English TSE version, as the results reached by the other version are not applicable to their other product.
     
  9. StillBorn

    StillBorn Registered Member

    Joined:
    Nov 19, 2014
    Posts:
    297
    Okay... I wanna know where you got you're crystal ball from and exactly what the market value is for calling a spade a spade.
     
    Last edited: Apr 16, 2015
  10. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    I see constant attempt to discredit Kaspersky ability to protect from malware. The reality is that Kaspersky is one of the few products on the market performing extremely well over several years against malware. This is also my experience on the ground installing KAV and KAV SDK engine since version 5. Yes, they are more relaxed on toolbars and some adware but with just few tuning up of settings this can be largely avoided. Of course, I say "largely" since no software can protect uneducated users. I hope that denigration of KAV and other few products in wilders can stop soon. This misinformation does not serve well a large community of readers with the less critical review of users posts.
     
  11. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    862
    Strange, I've only ever seen Kaspersky once in a heavily infected machine, and in that case I believe the user disabled the auto-quarantine feature. It would continually warn about malware, but didn't automatically remove anything. Similarly I've only ever seen a single ESET machine infected, and IMO it was because it was a pirated copy from the Middle East.

    The only criticisms I have of Kaspersky is the load on the system, and the update bug: where on some machines it can take anywhere from 45 minutes to an hour and a half to complete a simple definitions update.

    Generally the usual suspects I've seen over the years: AVG, McAfee, MSE, Avast, Norton. These also reflect the most common AVs the common user would have, either free or supplied with their system. All this reasonably means is that an uneducated user will likely get infected no matter what AV they use.
     
  12. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    Actually, it didn't do so badly if you ignore the heuristic detections. This brings it down to 7 false positives, and none of these were in the two red categories. Considering that heuristic detections, are only indications of a possible threat, I think the result is acceptable in terms of false positives, but the heuristics need to be less sensitive.
     
  13. malexous

    malexous Registered Member

    Joined:
    Jun 18, 2010
    Posts:
    830
    Location:
    Ireland
    Got some proof? All I can find is him explaining how to game a test and no mention of them having a dedicated team for such.
    http://eugene.kaspersky.com/2011/10/18/the-holy-grail-of-av-testing-and-why-it-will-never-be-found/
     
  14. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,614
    Location:
    Milan and Seoul
    Thank you Roger for clarifying this issue. Heuristics with Avira are always set to medium (default), which should not be too sensitive. I have always had it set to high and as I mentioned no FPs whatsoever in at least 5 years.
     
  15. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,982
    +1 (7Y)
     
  16. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    FYI/FWIW, in case you haven't read the false alarm PDF where one can see the detection name by all vendors on the file/package, and all but 6 of Aviras FPs are detected as HEUR/APC which is the cloud back-end right ? But is the APC really based on pure heuristics doesn't reputation etc etc play a role here too ? In any case I'm with Roger, I think once the cloud is fine tuned it will work great. :thumb:
     
    Last edited: Apr 16, 2015
  17. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Stand by while I do your job, and contact vendors for 'real' versions of their AV, not cooked up test versions... I'd place more stock in a test where you simply downloaded 'normal' versions of every product, without informing the vendors in advance, and take special care to mask your LAN/WAN scope so products can't detect your laboratory and make adjustments, or potentially allow remote connections to make adjustments. Since you don't address this, I am thinking you haven't considered these things? I'd wager you aren't sufficiently masking your lab from product telemetry - that's a problem.

    Finally, I think given the 'time to detect' delay, I'd say this test is more indicative about vendor response time to emerging threats. Kaspersky is very quick to deal with new threats, even irrelevant ones without any prevalence in the wild. So they would naturally score higher. But if the same test was conducted later, the results would be drastically different. So Kaspersky is effective if you care about a threat that 1,000 machines in the world have exposure to, while the rest kick in when the prevalence reaches a more realistic threshold.
     
  18. ProTruckDriver

    ProTruckDriver Registered Member

    Joined:
    Sep 18, 2008
    Posts:
    1,444
    Location:
    "An Apple a Day, Keeps Microsoft Away"
    Yep, it's time for the users to switch to another AV. (like I change my socks) :rolleyes:
    I trust my wife's test (the happy clicker). She would click onto anything, and hasn't been infected since we bought our first computer in the late 90's. I don't believe in any kind of Security Software Tests. If it passes my wife's test then it good enough for me. :D
     
  19. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,102
    Location:
    on my zx10-r
    not sure who you are reff to but i almost never change av's. i do run a number of them at one time but do not normally change them out... so...... i trust real world use from my clients. they are almost all "happy clickers" so if it works for me in the field then i feel i can trust it.
     
  20. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Wife test is great. Sounds like my Father-in-law and daughter test.. Install it, walk away - did it work? Both of them have destroyed Webroot, Kaspersky, and sadly - Forticlient so far.. Those are real tests to me. :thumb:
     
  21. ProTruckDriver

    ProTruckDriver Registered Member

    Joined:
    Sep 18, 2008
    Posts:
    1,444
    Location:
    "An Apple a Day, Keeps Microsoft Away"
    I wasn't referring to you @zfactor I just took your quote for the people that change AV on every test result. :)
     
  22. Mortal Raptor

    Mortal Raptor Banned

    Joined:
    Oct 6, 2014
    Posts:
    1,013
    Haha! Good one dawg and agreed, a wife is the best test :D
     
  23. c2d

    c2d Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    572
    Location:
    Bosnia
    Totally agree with you. Not fair at all. And, the best defense is still common sense of course.
     
  24. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,935
    Location:
    UK
    Couple of off-topics removed.

    Mentioning the same inflammatory rhetoric over and over again.
     
  25. Eggnog

    Eggnog Registered Member

    Joined:
    Nov 17, 2012
    Posts:
    129
    Location:
    United States
    I've noticed this as well. I wish it would stop. There are a few posters who seem to try very hard to discredit any solution that doesn't fit their paradigm or that could be seen as competitive with their favorite(s), or perhaps excelling in some areas. Unfortunately, they seem to be quick to shout down any disagreement. The strength of the forum should be intelligent discourse and the exchange of ideas so people can make informed decisions. Of course, that's just my opinion.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.